cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1452
Views
0
Helpful
0
Replies

RV320 IPSEC (Shrew Soft) can't ping remote LAN

Hi,
 

Our company has recently acquired a RV320 and a CON-SBS-SVC2 support contract, since our supplier has yet to provide us with a license for the support we can't yet download the Cisco VPN Cliënt 5.0.

Since we can't yet deploy the Cisco VPN Cliënt, i've been playing around with the Shrew Soft VPN cliënt. I've used this video tutorial  to configure the router in order to create a Group VPN tunnel. After studying various manuals and tutorials i've managed to setup Shrew and create a VPN IPSEC tunnel between my laptop and the router.

The Problem(s):

Although both the Shrew Soft client and the RV320 router confirm the existence of the IPSEC tunnel (the sys-log also shows a connection is established from my home IP-adress) i cannot ping any cliënts or the router on the remote LAN. Also i can't ping the IPSEC cliënt from the RV320's diagnostic page.
Another thing is that there seems to be no traffic being transmitted through the IPSEC tunnel.

Furthermore:
In response to a question of mine cchamorr wrote that a IPSEC cliënt would be assigned a address from the virtual ip range but that doesn't seem to be happening.
The client is assigned the following IP-adress "192.168.0.0" which seems undesirable since that is the same as the subnet of our LAN and a SBS Server is assigned as the DHCP server for the 192.168.0.1/24 subnet NOT the RV320.

[EDIT]:
Just read the manual and learned that the virtual IP range is reserved for EasyVPN users or VPN Cliënts that connect to the router with the "Mode Configuration option.
[/EDIT]

When i change the subnet under "Local Group Setup" i'm unable to establish a IPSEC tunnel/connection at all.

When i perform a traceroute to the remote LAN the trace just stops at my home router.

The question(s):
Why can't i ping or traceroute to the remote LAN from the client and vice versa and why is the IPSEC cliënt assigned the 192.168.0.0 ip-adress, are those two problems related.

Am i able to change the ip-adress subnet or range that is assignable to IPSEC cliënts or do i either have to use the Easy VPN in conjunction with the Cisco VPN Client 5.0 or use a VPN Tunnel with mode setting enabled. And if so is there a tutorial to setup a Tunnel config in Shrew Soft i can use?

Furthermore is it even possible to use the Virtual IP Address function when using Shrew soft as the client?
 

And my final questions, is setting up a IPSEC connection via Easy VPN and The Cisco VPN cliënt 5.0 easier / less troublesome.

Thanks in advance.

I've added a copy of the Shrew Soft VPN config in plain text on Ubuntu pastebin here:
http://paste.ubuntu.com/10749831/

For clarity I've added a screenshot of the Group VPN configuration below:

0 Replies 0