cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16942
Views
0
Helpful
12
Replies

Problem connecting with VPN client to RV110W

AquarianGirl
Level 1
Level 1

Hi guys:  I have just installed an RV110W router at my small business, and am trying to connect to it via VPN client from home.  I have been unable to do so, no matter what I try.  Pertinent information:

1.  I can connect to the router via Remote Management just fine, so I know the router is accessible from the Net.

2.  Internal address of the router:  10.81.208.1

3.  PPTP enabled.  IP Address for PPTP server:  10.0.0.1

4.  IP addresses for PPTP clients:  10.0.0.10-14

5.  Two VPN clients added - one with PPTP protocol, one with QuickVPN protocol.  Both are enabled (and yes, I've triple-checked the passwords)

6.  MPPE Encryption and Netbios enabled.

7.  IPSec, PPTP and L2TP pass-throughs all enabled.

8.  VPN client:  1.4.1.2

9.  Home computer:  laptop running Windows 7 Home (64-bit), with Windows Firewall enabled.

10.  Home network:  192.168.2.196

This is causing to tear my hair out.  What am I missing?

Shannon

1 Accepted Solution

Accepted Solutions

Hi Shannon,

I'm happy to see that you are making progress.

Shannon Rotz wrote:

I changed the RM port to 443.  Unfortunately, now I can't connect to the router via browser, either by remote management or from the local network - I get the usual "page cannot be displayed".  How do I get back into the router configuration GUI?

You should be able to reach the GUI by typing https://192.168.1.1(Assuming you have not changed the default IP) Normally after you change from http (port 80) to https (port 443) the internal web server in the router will automatically redirect you to the https page if you type http. Open your command prompt and try to ping the IP address of the router to make sure that it is still responding at that address

With regards to the VPN client:   Up until I changed the port, the same error message kept coming up, i.e. "Unable to establish connection" (or something like that), with a list of possible reasons why it couldn't connect. Now the message has changed - I'm getting "Server's certificate doesn't exist on your local computer".  If I continue trying to connect, then it says "Activating Policy", followed by "Verifying Network", then "The remote gateway is not responding.  Do you want to wait?"  This is definitely progress, since I never got this far before.

You are a quarter inch away from getting connected. If you look at the log.txt in C:\Program Files\Cisco Small Business\QuickVPN Client I think that you will see "Failed to ping remote VPN Router!" This means that your PC is blocking the ping response from the router. Usually if you look at the VPN Client status in the router at this point (Need remote management first) you will see that your user status is "Connected". So the router thinks that the connection is established but the PC does not. You might want to try a different PC at this point to verify that it is in fact an issue with your PC. This problem is usually caused by 3rd party antivirus/firewall software blocking the ping response. Microsoft Security Essentials can do this as well, so turn it off if you have it. If you do not have another PC to test from, call Cisco Small Business Support and ask an engineer to try to connect from the lab. You can find the number to call here

On an impulse, I tried setting up a Windows VPN connection, i.e. created a new VPN connection in Network and Sharing Center, using a PPTP client ID that I had created.  That connection actually worked, except for one problem:  I can't see the remote network.  If I could solve that problem, I'll just tell the other clients to use a Windows connection rather than QuickVPN.


Good thinking. If you can't see the remote devices, make sure that they are not blocking connections from the VPN. (Windows or third party firewall, antivirus, antispyware) With a PPTP or QuickVPN connection you should be able to go to Run, type the IP Address of the device you want to connect to (i.e. \\192.168.1.101 ) and see a list of shared folders. After establishing the PPTP connection, try to ping the LAN IP address of the router. If that is successful, try to ping a LAN device such as a network printer or PC. Again, PCs may block ping requests if they have a firewall running so watch for that.

Please reply if you have any questions.

View solution in original post

12 Replies 12

riroe
Level 3
Level 3

On the RV120W Series it is mandatory to enable remote management for QuickVPN to work. Also for the RV120W make sure you disable the block fragmented packets feature under the Firewall-Basic Settings or QuickVPN may not work.

THANKS

Hi, thanks for replying.

I have remote management enabled on the default port 8080, and have been managing it remotely in order to change the settings, etc., so I know that's OK.  Interestingly, I took a look at the Firewall-Basic Settings, and I have no setting for "Block fragmented packets", so my assumption (which may be dangerous) is that it doesn't block them by default.

I got to wondering if it's a Certificate problem, since I'm having warnings from IE regarding that.  If so, how do I sort it out?  I've tried generating a new certificate, with no success.

Shannon

jasbryan
Level 6
Level 6

Shannon,

We are getting a public address on the WAN side of RV110W correct, this needs to be public and not a private address.

Everything else looks fine.

Of course make sure you're running latest firmware

http://www.cisco.com/cisco/software/release.html?mdfid=283879340&softwareid=282487380&release=1.0.1.6&relind=AVAILABLE&rellifecycle=&reltype=latest

thanks,

Jasbryan

Yes, I am trying to connect to the public address of the router.  I know it's accessible because regular Remote Management is working fine.

I'll check the firmware version, but in the mean time, I was wondering if it's a Certificate issue.  IE is giving me the usual "invalid certificate" errors.  I tried generating a new certificate via Remote Management, but that didn't work.  ??

Shannon

I just took a look at my firmware version and you're correct - it's not anywhere near the latest version.  I'll try updating that and see what happens.

Shannon

Shannon,

While you're upgrading, there is also a new version of QuickVPN available. VPN client: 1.4.2.1 You can download it from the same page as the firmware.

Do not worry about the certificate error, that should not affect VPN connectivity. When you try to connect using QuickVPN you should see a message stating that the router's certificate doesn't exist on your PC. That will not affect the connection either, but there is a way to get rid of the message. Download the certificate using "Export for Client" in the router GUI. Copy or move that file (It should have a .pem extension) to the C:\Program Files\Cisco Small Business\QuickVPN Client folder. You should not see the certificate message again when you attempt to connect.

Change the Remote Management port to 443. (https) This is required for QuickVPN connectivity.

In Windows 7, make sure that you do not have any third party firewall or antivirus running. Disable or uninstall that type of software. Don't worry, after you get the VPN connections working you can set up that software to play nice with QuickVPN. Better to get it out of the way for now.

What error message do you see when you try to connect? This will help us determine where the issue is occurring.

I changed the RM port to 443.  Unfortunately, now I can't connect to the router via browser, either by remote management or from the local network - I get the usual "page cannot be displayed".  How do I get back into the router configuration GUI?

With regards to the VPN client:   Up until I changed the port, the same error message kept coming up, i.e. "Unable to establish connection" (or something like that), with a list of possible reasons why it couldn't connect. Now the message has changed - I'm getting "Server's certificate doesn't exist on your local computer".  If I continue trying to connect, then it says "Activating Policy", followed by "Verifying Network", then "The remote gateway is not responding.  Do you want to wait?"  This is definitely progress, since I never got this far before.

On an impulse, I tried setting up a Windows VPN connection, i.e. created a new VPN connection in Network and Sharing Center, using a PPTP client ID that I had created.  That connection actually worked, except for one problem:  I can't see the remote network.  If I could solve that problem, I'll just tell the other clients to use a Windows connection rather than QuickVPN.

Thanks for the help so far ... hopefully I'm close to solving this!

Shannon

Hi Shannon,

I'm happy to see that you are making progress.

Shannon Rotz wrote:

I changed the RM port to 443.  Unfortunately, now I can't connect to the router via browser, either by remote management or from the local network - I get the usual "page cannot be displayed".  How do I get back into the router configuration GUI?

You should be able to reach the GUI by typing https://192.168.1.1(Assuming you have not changed the default IP) Normally after you change from http (port 80) to https (port 443) the internal web server in the router will automatically redirect you to the https page if you type http. Open your command prompt and try to ping the IP address of the router to make sure that it is still responding at that address

With regards to the VPN client:   Up until I changed the port, the same error message kept coming up, i.e. "Unable to establish connection" (or something like that), with a list of possible reasons why it couldn't connect. Now the message has changed - I'm getting "Server's certificate doesn't exist on your local computer".  If I continue trying to connect, then it says "Activating Policy", followed by "Verifying Network", then "The remote gateway is not responding.  Do you want to wait?"  This is definitely progress, since I never got this far before.

You are a quarter inch away from getting connected. If you look at the log.txt in C:\Program Files\Cisco Small Business\QuickVPN Client I think that you will see "Failed to ping remote VPN Router!" This means that your PC is blocking the ping response from the router. Usually if you look at the VPN Client status in the router at this point (Need remote management first) you will see that your user status is "Connected". So the router thinks that the connection is established but the PC does not. You might want to try a different PC at this point to verify that it is in fact an issue with your PC. This problem is usually caused by 3rd party antivirus/firewall software blocking the ping response. Microsoft Security Essentials can do this as well, so turn it off if you have it. If you do not have another PC to test from, call Cisco Small Business Support and ask an engineer to try to connect from the lab. You can find the number to call here

On an impulse, I tried setting up a Windows VPN connection, i.e. created a new VPN connection in Network and Sharing Center, using a PPTP client ID that I had created.  That connection actually worked, except for one problem:  I can't see the remote network.  If I could solve that problem, I'll just tell the other clients to use a Windows connection rather than QuickVPN.


Good thinking. If you can't see the remote devices, make sure that they are not blocking connections from the VPN. (Windows or third party firewall, antivirus, antispyware) With a PPTP or QuickVPN connection you should be able to go to Run, type the IP Address of the device you want to connect to (i.e. \\192.168.1.101 ) and see a list of shared folders. After establishing the PPTP connection, try to ping the LAN IP address of the router. If that is successful, try to ping a LAN device such as a network printer or PC. Again, PCs may block ping requests if they have a firewall running so watch for that.

Please reply if you have any questions.

Hi mpyhala:  I accidentally marked the answer as correct - sorry!  I still have problems.

I have made some progress, since the remote computer can now see resources on the internal computer, which was my main concern.  The remote computer seems to be connecting fine via PPTP.

However, following problems remain:

1.  The remote computer can ping the internal LAN PC, but not the other way around, in spite of the fact that I have enabled ICMP on the remote machine and disabled the antivirus program.  The error message is "Destination host unreachable".  (This may not be a big deal, since the internal PC may not need to access the remote one all that often).

2.  I can't get into the GUI on the router, either from the internal LAN or via Remote Management on the external address.  This problem started when I re-configured Remote Management to port 443.

Pertinent data:

1.  Internal address of the router:  10.81.208.1

2.  Address of internal PC:  10.81.208.100

3.  Address of remote PC:  10.81.208.10

4.  Address of PPTP server:  10.81.208.100 (this may have been a mistake - I changed it from 10.0.0.1)

5.  Both PCs can ping the router's internal address.

What now?  My real worry at this point is how to get back into the router's GUI.

Hi Shannon,

Problem 1: Are you trying to reach the remote PC by its LAN or WAN address? When you have a VPN tunnel established you should connect to the remote PC using LAN addresses.

Problem 2: Are you typing HTTPS://10.81.208.1 or HTTP://10.81.208.1 ? You should be able to reach the router using HTTPS.

I'm trying to reach it by both.  I can't connect from either the internal LAN or the WAN.  I've tried both http and https, but no luck.

Shannon

Shannon,

This is starting to sound like a browser issue. In IE8 or 9 you can try Compatibility Mode. If that fails, try Firefox and/or Chrome as an alternative. I can't think of another reason that you wouldn't be able to reach the web GUI. It is not possible to disable it, so it has to be listening for connections. Maybe a reboot would help?