I am running a RV 120W wireless N router here in Japan on an ADSL circuit from Softbank BB. I have set the interal IP address range of the router away from default to be 192.168.11.0/24. Below are the VPn Deafult settings.
| PN Wizard Default Values for IKE: |
| | Gateway Policies | Client Policies |
| Exchange Mode: | Main | Aggressive |
| ID Type: | Local WAN IP | FQDN |
| Local WAN ID: | Local WAN IP | local.com |
| Remote WAN ID: | N/A | remote.com |
| Encryption Algorithm: | 3DES | 3DES |
| Authentication Algorithm: | SHA-1 | SHA-1 |
| Authentication Method: | Pre-Shared Key | Pre-Shared Key |
| Key-Group: | DH-Group 2 (1024 Bit) | DH-Group 2 (1024 Bit) |
| Lifetime: | 8 Hours | 8 Hours |
| VPN Wizard Default Values for VPN: |
| Encryption Algorithm: | 3DES | |
| Authentication Algorithm: | SHA-1 | |
| Lifetime: | 1 Hours | |
| PFS Key Group: | DH-Group 2 (1024 Bit) | |
| NETBIOS: | Enabled (Gateway Policies) | |
| Disabled (Client Policies) | |
IKE Policy
| General |
| Policy Name: | jmXXXXXXX | |
| Direction / Type | Both | |
| Exchange Mode: | Aggresive | |
| Enable XAUTH Client: | | |
| Local Identification |
| Identifier Type: | Local Wan IP | |
| Local Wan IP: | 221.41.36.18 | |
| Peer IKE Identification |
| Identifier Type: | FQDN | |
| Local Wan IP: | remote.com | |
| IKE SA Parameters |
| Encryption Algorithm: | 3DES | |
| Authentication Algorithm: | SHA-1 | |
| Authentication Method: | Pre-shared key | |
| Pre-Shared Key: | XXXXXXXXXXXXXXXXXXXXXXXXXXXX | |
| Diffie-Hellman (DH) Group: | 2 | |
| SA-Lifetime: | 28800 Seconds | |
System fireware = 1.0.0.12
I updated tp the latest firmware which is RV120W_FW_1.0.1.3 and that made things even worse as I could not ;longer PING the external IP address even with the Firewall's basic settings turned all to "off". Since I was unaable to remote into the router I reverted back to version 1.0.0.12.
When I remote inusing QuickVPN I am not on the same subnet as the router. I am able to connect, establish the vpn tunnel, and remote access the router; but I am unable to see any resource computer or otherwise.
Below is an exerpt from the IPsec VPN log
2010-11-15 14:55:09: INFO: Received unknown Vendor ID
2010-11-15 14:55:09: INFO: For 202.213.133.102[500], Selected NAT-T version: RFC 3947
2010-11-15 14:55:09: INFO: NAT-D payload matches for 221.41.36.18[500]
2010-11-15 14:55:09: INFO: NAT-D payload does not match for 202.213.133.xxx[500]
2010-11-15 14:55:09: INFO: NAT detected: PEER
2010-11-15 14:55:10: INFO: Floating ports for NAT-T with peer 202.213.133.xxx[4500]
2010-11-15 14:55:10: INFO: ISAKMP-SA established for 221.41.36.18[4500]-202.213.133.xxx[4500] with spi:33a0aa37181469aa:abab0fc0aa120f7a
2010-11-15 14:55:10: INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]
2010-11-15 14:55:10: INFO: Responding to new phase 2 negotiation: 221.41.36.18[0]<=>202.213.133.xxx[0]
2010-11-15 14:55:10: INFO: Using IPsec SA configuration: 192.168.11.0/24<->10.19.73.xxx/32
2010-11-15 14:55:10: INFO: Adjusting peer's encmode 3(3)->Tunnel(1)
2010-11-15 14:55:11: INFO: IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 202.213.133.xxx->221.41.36.18 with spi=127988341(0x7a0f275)
2010-11-15 14:55:11: INFO: IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 221.41.36.18->202.213.133.xxx with spi=4139774728(0xf6bff308)
I have created a Self Activatedcertificated and loaded it successfully into the trusted certificates table. I have loooked into issues with port 500 as a possible cause but I am unable to get the port fully open on any computer connected to or remoting into the RV 120W. This router will be relocated to my customers site who is using PPPoE authencation on a shared fiber line later this week. Any assistance to resolve or mitigate this issue would be appreciated.
Regards,
Scott
