cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2099
Views
0
Helpful
7
Replies

RV042G VPN - How to connect with Windows 7 IPsec client?

mitjastachowiak
Level 1
Level 1

Hello,

I'm trying to use the Windows 7 VPN client, to connect to my RV042G. Here are some Screenshots of my router's and Windows' configuration:http://mitjastachowiak.de/verschiedenes/Router/ConfigRouter.pnghttp://mitjastachowiak.de/verschiedenes/Router/ConfigWindows_Firewall.png

http://mitjastachowiak.de/verschiedenes/Router/ConfigWindows_Verbindung.png

I tried different other configurations, too, but each time, I get a lot of errors on the router. The upper configuration results in the following:

Feb 13 14:58:05 2014     VPN Log     packet from 192.168.1.24:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]

Feb 13 14:58:05 2014     VPN Log     packet from 192.168.1.24:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]

Feb 13 14:58:05 2014     VPN Log     packet from 192.168.1.24:500: received Vendor ID payload [RFC 3947]

Feb 13 14:58:05 2014     VPN Log     packet from 192.168.1.24:500: received Vendor ID payload [RFC 3947]

Feb 13 14:58:05 2014     VPN Log     packet from 192.168.1.24:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

Feb 13 14:58:05 2014     VPN Log     packet from 192.168.1.24:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

Feb 13 14:58:05 2014     VPN Log     packet from 192.168.1.24:500: ignoring Vendor ID payload [FRAGMENTATION]

Feb 13 14:58:05 2014     VPN Log     packet from 192.168.1.24:500: ignoring Vendor ID payload [FRAGMENTATION]

Feb 13 14:58:05 2014     VPN Log     packet from 192.168.1.24:500: ignoring Vendor ID payload [fb1de3cdf341b7ea16b7e5be0855f120]

Feb 13 14:58:05 2014     VPN Log     packet from 192.168.1.24:500: ignoring Vendor ID payload [fb1de3cdf341b7ea16b7e5be0855f120]

Feb 13 14:58:05 2014     VPN Log     packet from 192.168.1.24:500: ignoring Vendor ID payload [Vid-Initial-Contact]

Feb 13 14:58:05 2014     VPN Log     packet from 192.168.1.24:500: ignoring Vendor ID payload [Vid-Initial-Contact]

Feb 13 14:58:05 2014     VPN Log     packet from 192.168.1.24:500: ignoring Vendor ID payload [e3a5966a76379fe707228231e5ce8652]

Feb 13 14:58:05 2014     VPN Log     packet from 192.168.1.24:500: ignoring Vendor ID payload [e3a5966a76379fe707228231e5ce8652]

Feb 13 14:58:05 2014     VPN Log     packet from 192.168.1.24:500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet

Feb 13 14:58:05 2014     VPN Log     packet from 192.168.1.24:500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: responding to Main Mode from unknown peer 192.168.1.24

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: OAKLEY_AES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM

Feb 13 14:58:05 2014    Kernel     last message repeated 5 times

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: OAKLEY_GROUP_MODP2048 is not enabled for this connection. Attribute OAKLEY_GROUP_DESCRIPTION

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: OAKLEY_GROUP_MODP2048 is not enabled for this connection. Attribute OAKLEY_GROUP_DESCRIPTION

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: Peer ID is ID_IPV4_ADDR: '192.168.1.24'

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: sent MR3, ISAKMP SA established

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: cannot respond to IPsec SA request because no connection is known for 78.52.27.132:17/1701...192.168.1.24[vpn1@mitjastachowiak.de]:17/1701

Feb 13 14:58:05 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: sending encrypted notification INVALID_ID_INFORMATION to 192.168.1.24:500

Feb 13 14:58:07 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)

Feb 13 14:58:07 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)

Feb 13 14:58:07 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.24:500

Feb 13 14:58:10 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)

Feb 13 14:58:10 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)

Feb 13 14:58:10 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.24:500

Feb 13 14:58:14 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)

Feb 13 14:58:14 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)

Feb 13 14:58:14 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.24:500

Feb 13 14:58:22 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)

Feb 13 14:58:22 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)

Feb 13 14:58:22 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.24:500

Feb 13 14:58:38 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)

Feb 13 14:58:38 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)

Feb 13 14:58:38 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.24:500

Feb 13 14:58:52 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: received Delete SA payload: deleting ISAKMP State #89

Feb 13 14:58:52 2014     VPN Log     (c2gips0)[2] 192.168.1.24 #89: received Delete SA payload: deleting ISAKMP State #89

Feb 13 14:58:52 2014     VPN Log     (c2gips0)[2] 192.168.1.24: deleting connection (c2gips0) instance with peer 192.168.1.24 {isakmp=#0/ipsec=#0}

Does anyone know, how to configure the router and Windows 7, to get a working VPN tunnel?
Thanks.

7 Replies 7

mpyhala
Level 7
Level 7

Mitja,

I have never seen anyone successfully connect to a Cisco Small Business router using the Windows IPSec client. I have seen several people try. I don't think that it is possible at this point. If you do get it to work somehow, I'm sure many people would like to know how.

I would recommend a third party IPSec client such as Shrewsoft (free) or The Greenbow (paid) if QuickVPN doesn't suit your needs. IPSecuritas also works well for Mac.

- Marty

There are a lot of third party clients - most of them cost about 60€.
I thought, ShrewSoft is just shareware, but yes, the standard edition is free. Thank you for that tip, I will try this out, tomorrow.

The reason, why I focused on the Windows IPsec is, because I know some people, who are verry carefully with installing third party software...

But it should be possible, to use the Windows client - if you click add new group VPN on the router, there is the option "Windows XP/2000 VPN client" as remote client. Don't know, what this should mean, because IPsec is only supported since Windows 7, but it simply looks like it is possible...

Mitja,

You mentioned that the router has "Windows XP/2000 VPN client" setting and I rembered a document I stumbled across some time ago:

https://supportforums.cisco.com/docs/DOC-10273

This describes the configuration for the older version of the RV082 but it may help you as well. Please let me know if it works for you, this would be good to know for future reference.

- Marty

Hello,

with ShrewSoft, I get the error:

bringing up tunnel ...

adapter configuration failed

tunnel disabled

It looks like a problem on my PC...

Windows IPsec:

I tried the configuration, described in the PDF. But when I assign the policy in the last step, I loose the connection to the router. ping returns "timeout". There are no entries in the router's error log.

Ok, if I select "Use an existing Adapter and current adress" or uncheck "Obtain automatically" and set an IP Adress, ShrewSoft will connect successfully. But I can't access Computers on the other side of the VPN (ping fails).

The Quick VPN Client can't connect.

Is it possible, that the client cannot be in the same subnet as the RV042G and the Computers behind the RV042G?

Mitja,

The client should not be in the same subnet, the router will do NAT.

- Marty

Ok, I could find the time, to try this out. I followed this instruction: https://www.shrew.net/support/Howto_Linksys and it works.

There is at last one Problem: I can't access computers behind the remote router from the connected client. The client can see the remote router and computers behind the remote router can see the connected client using the IP-adress, I used for shrewsoft.

I tried to ping some remote PCs from the client, but I get timeout messages. Ping is enabled on all devices. There are no log errors on the router. I tried to add the remote router on the client as a standard gateway, and I decativated the router's firewall, but without success.

Does anyone know, why the communication just works in one direction?
 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: