02-17-2014 03:13 AM
Hello,
I'm trying to use the Windows 7 VPN client, to connect to my RV042G. Here are some Screenshots of my router's and Windows' configuration:
I tried different other configurations, too, but each time, I get a lot of errors on the router. The upper configuration results in the following:
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: received Vendor ID payload [RFC 3947]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: received Vendor ID payload [RFC 3947]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [FRAGMENTATION]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [FRAGMENTATION]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [fb1de3cdf341b7ea16b7e5be0855f120]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [fb1de3cdf341b7ea16b7e5be0855f120]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [e3a5966a76379fe707228231e5ce8652]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [e3a5966a76379fe707228231e5ce8652]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: responding to Main Mode from unknown peer 192.168.1.24
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: OAKLEY_AES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Feb 13 14:58:05 2014 Kernel last message repeated 5 times
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: OAKLEY_GROUP_MODP2048 is not enabled for this connection. Attribute OAKLEY_GROUP_DESCRIPTION
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: OAKLEY_GROUP_MODP2048 is not enabled for this connection. Attribute OAKLEY_GROUP_DESCRIPTION
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Peer ID is ID_IPV4_ADDR: '192.168.1.24'
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: sent MR3, ISAKMP SA established
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: cannot respond to IPsec SA request because no connection is known for 78.52.27.132:17/1701...192.168.1.24[vpn1@mitjastachowiak.de]:17/1701
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: sending encrypted notification INVALID_ID_INFORMATION to 192.168.1.24:500
Feb 13 14:58:07 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)
Feb 13 14:58:07 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)
Feb 13 14:58:07 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.24:500
Feb 13 14:58:10 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)
Feb 13 14:58:10 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)
Feb 13 14:58:10 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.24:500
Feb 13 14:58:14 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)
Feb 13 14:58:14 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)
Feb 13 14:58:14 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.24:500
Feb 13 14:58:22 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)
Feb 13 14:58:22 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)
Feb 13 14:58:22 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.24:500
Feb 13 14:58:38 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)
Feb 13 14:58:38 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)
Feb 13 14:58:38 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.24:500
Feb 13 14:58:52 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: received Delete SA payload: deleting ISAKMP State #89
Feb 13 14:58:52 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: received Delete SA payload: deleting ISAKMP State #89
Feb 13 14:58:52 2014 VPN Log (c2gips0)[2] 192.168.1.24: deleting connection (c2gips0) instance with peer 192.168.1.24 {isakmp=#0/ipsec=#0}
Does anyone know, how to configure the router and Windows 7, to get a working VPN tunnel?
Thanks.
02-17-2014 10:28 AM
Mitja,
I have never seen anyone successfully connect to a Cisco Small Business router using the Windows IPSec client. I have seen several people try. I don't think that it is possible at this point. If you do get it to work somehow, I'm sure many people would like to know how.
I would recommend a third party IPSec client such as Shrewsoft (free) or The Greenbow (paid) if QuickVPN doesn't suit your needs. IPSecuritas also works well for Mac.
- Marty
02-17-2014 11:31 AM
There are a lot of third party clients - most of them cost about 60€.
I thought, ShrewSoft is just shareware, but yes, the standard edition is free. Thank you for that tip, I will try this out, tomorrow.
The reason, why I focused on the Windows IPsec is, because I know some people, who are verry carefully with installing third party software...
But it should be possible, to use the Windows client - if you click add new group VPN on the router, there is the option "Windows XP/2000 VPN client" as remote client. Don't know, what this should mean, because IPsec is only supported since Windows 7, but it simply looks like it is possible...
02-17-2014 11:39 AM
Mitja,
You mentioned that the router has "Windows XP/2000 VPN client" setting and I rembered a document I stumbled across some time ago:
https://supportforums.cisco.com/docs/DOC-10273
This describes the configuration for the older version of the RV082 but it may help you as well. Please let me know if it works for you, this would be good to know for future reference.
- Marty
02-18-2014 03:13 AM
Hello,
with ShrewSoft, I get the error:
bringing up tunnel ...
adapter configuration failed
tunnel disabled
It looks like a problem on my PC...
Windows IPsec:
I tried the configuration, described in the PDF. But when I assign the policy in the last step, I loose the connection to the router. ping returns "timeout". There are no entries in the router's error log.
02-18-2014 06:24 AM
Ok, if I select "Use an existing Adapter and current adress" or uncheck "Obtain automatically" and set an IP Adress, ShrewSoft will connect successfully. But I can't access Computers on the other side of the VPN (ping fails).
The Quick VPN Client can't connect.
Is it possible, that the client cannot be in the same subnet as the RV042G and the Computers behind the RV042G?
02-18-2014 07:27 AM
Mitja,
The client should not be in the same subnet, the router will do NAT.
- Marty
03-12-2014 07:00 AM
Ok, I could find the time, to try this out. I followed this instruction: https://www.shrew.net/support/Howto_Linksys and it works.
There is at last one Problem: I can't access computers behind the remote router from the connected client. The client can see the remote router and computers behind the remote router can see the connected client using the IP-adress, I used for shrewsoft.
I tried to ping some remote PCs from the client, but I get timeout messages. Ping is enabled on all devices. There are no log errors on the router. I tried to add the remote router on the client as a standard gateway, and I decativated the router's firewall, but without success.
Does anyone know, why the communication just works in one direction?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide