Hi Tom

I have forwarded ports 500 for IPSec and 1723 for PPTP is there any other ports I need to forward?  I did this on both modem/Routers at both sites. Please let me know what else I need to do. Coz nothing yet is working.  One more thing is I can't ping any internet site by name or ip from the RV042 but any Intranet IP is fine.  I Setup WAN as optain automatically from the modem/router.  Maybe this can also shed some light?

Thank you Very Much for your speedy response.

Etienne, you will need udp 4500 and type esp value 50. The modem/routers should also support an ipsec pass through to make life easier.

-Tom
Please mark answered for helpful posts

Tom I've done as you said but still cant connect... Thanks for your help thus far hope we can resolve this...

Etienne, try to telnet the WAN ip address of each side as example

telnet 500

telnet 4500

If the modem is passing the port 500 the telnet session should go through (usually a black screen) if it doesn't do anything, it will give an error after a few moments.

You may also want to try to forward ALL ports 0~65535 to the RV042 routers just incase there is some other dependencies being blocked. Good for testing.

-Tom
Please mark answered for helpful posts

Hi Tom

Sorry for the delay in response...

Both the routers are Netgear and i've read they all support IPsec Pass Through...

I tried to telnet both IPs but all failed...

Ports are open at both Netgear routers and I disabled the firewall on both RV042?

Any other ideas?

Thanks for your Help man.

Hi Etienne, so there lies the problem. If you're not able to telnet the  WAN IP address on port 500 or 4500, it means it is not making it to the  VPN server (RV042). It means your upstream routers are blocking the connection. So... you will need to get that figured out or remove those routers. You may try to port forward ALL ports or try to set up a DMZ on the upstream routers.

A simple test you can try is setting the remote management on the RV042 to any port number you want then make a forwarding rule for that port number to the RV042 WAN IP address. If your upstream routers work correctly, you would be able to log in to the RV042 on whatever port you want.

An example is-

RV042 remote management is port 44333

RV042 WAN IP is whatever you have specified

Port forward rule on Netgear for port 44333 to RV042 WAN IP address

Dyndns address with port affixed on the end

https://dyndns.org:44333

With this, if your upstream router is configured correctly you can log in to the RV042 over the internet.

Additionally, by default, the RV042 WAN does not respond to ping. So if you're able to ping your dyndns it is because your upstream is replying, not because the RV042 replies.

-Tom
Please mark answered for helpful posts

Thanks Tom

I tried that with the one site and couldn't even get remote management to work.  opened port 443 on the netgear and all ports on the RV042 tried to log on with the http://name.dyndns.org:433 nothing...  Sucks because to replace both Netgear routers will be expensive.  Its really weird I went on to check this sites Netgear router and can confirm that IPsec pass through is supported... Is there nothing else we can try?

Hi Etienne, you may try to set the RV042 back to gateway mode then make the RV042 LAN subnet entirely different than the Netgear subnet.

-Tom
Please mark answered for helpful posts

Hi Etienne, from the Netgear, you would forward to the WAN IP address of the RV042. So if the RV042 WAN IP is 192.168.137.254, you would make the VPN port forward rules pointing to that IP address.

-Tom
Please mark answered for helpful posts

Thanks Tom

In my Case the LAN IP is .254 and the WAN IP is .153 so I will forward the .153 IP on the Netgear, Still waiting for my ISP at the remote site to unblock VPN but they did say it could take up to 48 hours.  But once this is done I wil post back. Thanks for your help Tom! You are a Legend!

Hi Tom,

My ISP gave me the Unristricted APN for the one site I tried setting up it as we spoke about IP + Domain Authentication for both local and Remote but still receiving "

ERROR: asynchronous network error report on eth1 for message to  105.237.16.xxx port 500, complainant 192.168.137.153: No route to host  [errno 148, origin ICMP type 3 code 1 (not authenticated)]  This is at the site with the 3G and at the other Site (dsl) the same

ERROR: asynchronous network error report on eth1 for message to 41.112.17.38 port 500, complainant 192.168.138.101: No route to host  [errno 148, origin ICMP type 3 code 1 (not authenticated)] 

I really don't know what else to do,  any more suggestions?

Regards,

Try to set the remote management of your rv042's to port 500 and then 4500. Then try to test using the IP address

https://wanipdress:500

https://wanipdress:4500

If you can't hit the RV042 with the proper port forwarding in place, it's still the upstream router.

-Tom
Please mark answered for helpful posts