ā07-28-2010 01:34 AM
Hi SupportCommunity
I hope that you can help with this hot potato.
Router is a version 1.1 running with sw version V1.1.13-ETSI
Quick VPN is sw version Ver 1.4.1.2
The issue is that I can't connect due to that i cant ping the internal IP, get this error message in the QVPN log [WARNING]Failed to ping remote VPN Router!
I have tried to do what is suggested in this thread http://homecommunity.cisco.com/t5/Wireless-Routers/User-based-VPN-access-using-a-WRVS4400N-and-QuickVPN-quot-remote/m-p/236334 and with this work arround QVPN can connect.
I have disablet the "Block WAN Request" and it is possible to ping the router on the external site.
So as I see it, the router blocks for ping on the internal IP via QVPN, what have I done wrong ?
ā07-29-2010 04:25 AM
Hi Comunity
Arent there anybody that can help me with the question ?
ā07-29-2010 06:08 AM
Does the normal traffic pass through the tunnel before you modifying the remotelanip in the vpnserver.conf file?
ā07-29-2010 08:09 AM
Hi Tekliu
I dont know if this is what you are asking for, if not please clarify
Output from the QVPN log file:
2010/07/29 17:06:00 [STATUS]OS Version: Windows XP
2010/07/29 17:06:00 [STATUS]Windows Firewall is ON
2010/07/29 17:06:00 [STATUS]One network interface detected with IP address 192.168.15.106
2010/07/29 17:06:00 [STATUS]Connecting...
2010/07/29 17:06:00 [DEBUG]Input VPN Server Address = 188.176.147.182
2010/07/29 17:06:00 [STATUS]Connecting to remote gateway with IP address: 188.176.147.182
2010/07/29 17:06:05 [STATUS]Remote gateway was reached by https ...
2010/07/29 17:06:05 [STATUS]Provisioning...
2010/07/29 17:06:11 [STATUS]Success to connect.
2010/07/29 17:06:11 [STATUS]Tunnel is configured. Ping test is about to start.
2010/07/29 17:06:11 [STATUS]Verifying Network...
2010/07/29 17:06:18 [WARNING]Failed to ping remote VPN Router!
2010/07/29 17:06:21 [WARNING]Failed to ping remote VPN Router!
2010/07/29 17:06:25 [WARNING]Failed to ping remote VPN Router!
2010/07/29 17:06:28 [WARNING]Failed to ping remote VPN Router!
2010/07/29 17:06:32 [WARNING]Failed to ping remote VPN Router!
2010/07/29 17:06:35 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.
I have also tried with the Windovs firewall turned off, no changes observed.
ā07-29-2010 08:23 AM
>2010/07/29 17:06:18 [WARNING]Failed to ping remote VPN Router!
The above showed that QuickVPN Client was not able to ping the remote router's LAN IP. What's the LAN IP of the WRVS4400N that you were trying to connect to? While the QuickVPN Client showing "Verifying Network...", could you test if you can ping the PC in the LAN of WRVS4400N?
ā07-29-2010 09:10 AM
The Lan IP of the router is 10.10.0.1
I cant from the external site ping a PC on the inside lan side of the router, it seems thats the problem and the reason for QVPN cant conect
The remote client PC IP is 192.168.1.6
ā07-29-2010 08:35 AM
What type of WAN/Internet connectivity you do you have on the QuickVPN Client side?
ā07-29-2010 09:13 AM
I have tried it from work, which is a big infrastructure, with no luck
Then I have tried it from the neibĆ³urgh, on a LinksysC230 connected to a DSL line, still with no luck
ā07-29-2010 09:27 AM
It might be a good idea to contact the Small Business Support Center so more toubleshooting can be done. Common issues include
Windows IPsec service not started, third party firewall blocking the ping, or firewall in front of the QuickVPN Client blocking the IKE, etc.
Here you can find a list of phone numbers to call.
http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
ā07-29-2010 10:20 AM
OK I will do that
But to answer your question, I have tried the following:
Windows IPsec service not started - Checked, service is running
Third party firewall blocking the ping - I can ping the WAN side of the router, how do I check if my ISP has blocked for ping ?
Firewall in front of the QuickVPN Client blocking the IKE - I have tried booth with windows firewall switched on and off
ā07-29-2010 11:01 AM
>Firewall in front of the QuickVPN Client blocking the IKE
Some companies block IKE/IPsec at work. At home, some ISP blocks IKE. This will require packet capture analysis to find the root cause.
ā01-20-2012 02:08 AM
Had the same problem and just wanted to post my solution.
Im using a firewall named Windows 7 Firewall Control, and for that reason I did disable and stop the Windows 7 naitve firewall, and that was what caused the problem.
Reading this thread, the second last posting by Barranquillero, helped me fix the problem:
Windows Firewall need to up and running, so make sure it is.
Then, click the Windows orb, in the "search programs and files" field type "firewall"
Click on "Windows firewall with Advanced Security"
Then click "Outbound Rules"
Enable
Remote Assistance WSD Out
and Network Discorvery WSD Out
I'm running Quick VPN Client version: 1.4.2.1, WRVS4400N firmware version: V2.0.2.1-ETSI, Win7 pro 64bit
Hope that some Cisco tech can explain why it is necessary to have the Windows 7 firewall running for this to work?
And would it be possible that you could update the installer for the Quick VPN client, so that it is not necessary
to click yes to the UAC alert every time the Quick VPN client is started.
ā02-20-2012 05:50 AM
Hello,
I got the same Problem. about 3 months ago when i bought 2 of these WRVS4400Nv2 Routers: site2site vpn and client2site vpn worked fine.
Now i can't connect to both of them any more via quick VPN Client. - I tried from the same machine it worked already 3 months ago. - Since some days i get the error at verifying Network - The remote Gateway isn't responding, and if i wanna wait....
I also updated now to the newest version on the router 2.0.2.1-ETSI - no change same error.
I'm running Quick VPN Client version: 1.4.2.1, WRVS4400N firmware version: V2.0.2.1-ETSI, Client: Win7 Enterprise 64bit
I've read that the Win7 Firewall is the problem..in my company the Win7 Firewall is deactivated in the Domain, but it worked already 3 months before....didn't change anything in the win7 Fw....the win7 firewall was already deactivated 3 months before (in the domain), thats a domain wide configuration of my company.
So i tried from outside my company (from home, same client), then the win7 firewall is enabled (private network, no domain) - still no change same error.
I also tried from a new different computer, Win7 Enterprise 64bit - this host is in no domain, still no luck. tried win7 FW on and off, no change.
To the 2 rules:
Remote Assistance WSD Out
and Network Discorvery WSD Out
I already enabled "Network Discorvery WSD Out" on the Win7 Firewall in the domain (even that the win7 fw is disabled i the domain) and for private networks. - no change same error.
-> on both pc's i can't find a rule "Remote Assistance WSD Out" - so what port(s) do i have to enable when i add this new rule?
And confusing is, it worked already 3 months before without doing anything else then configuring the Router and installing Quick VPN on the client, so why should i need to enable these 2 rules Jacob wrote, when it already worked without doin this 3 months ago?
What else can i do to get this Quick VPN Client working again with my 2 routers?
BR Adrian
client log output: 2012/02/20 14:20:18 [STATUS]Success to connect. 2012/02/20 14:20:18 [STATUS]Tunnel is configured. Ping test is about to start. 2012/02/20 14:20:18 [STATUS]Verifying Network... 2012/02/20 14:20:24 [WARNING]Failed to ping remote VPN Router! 2012/02/20 14:20:27 [WARNING]Failed to ping remote VPN Router! 2012/02/20 14:20:30 [WARNING]Failed to ping remote VPN Router! 2012/02/20 14:20:33 [WARNING]Failed to ping remote VPN Router! 2012/02/20 14:20:36 [WARNING]Failed to ping remote VPN Router! 2012/02/20 14:20:39 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect. 2012/02/20 14:20:40 [STATUS]Disconnecting... 2012/02/20 14:20:48 [STATUS]Success to disconnect.
UPDATE: I even tried an allow rule on the router which allows ping to the internal IP(192.168.0.1) from any....makes no change. So the only thing what really changed since 3 months where client VPN already worked is windows itself (trough updates). I only updated the router firmware cause this was not working, but it made no change if i use 2.0.1.3 or the new one 2.0.2.1. -> didnt change anything on the router neither on the quick vpn (same version). Really cofusing why its not working any more.
ā02-20-2012 07:25 AM
Hello everyone,
Some things to be aware of...
Router Requirements:
Microsoft XP SP3 (until 2014)
Windows Vista/ 7
The QuickVPN Utility is just a front end interface that allows for a user friendly interface on configuring the Microsoft IPSec service to connect to the router. (Thatās why it doesnt work on any operating system but Microsoft.)
First the client connects using SSL to the router and looks for a certificate.
If you are using a certificate it in needs to be installed or you can click no and bypass the certificate warning.
The next step authenticates the user name and password supplied to the router. Only one client per username can be logged in at one time. Once the user authenticates the IPSec tunnel will negotiate and establish. (Up until this point if anything fails you will get the 5 error message screen.)
At this point the client sends an ICMP Echo Request through the tunnel to the internal IP address of the router. (Yes, if you look the user is connected in the status of the routers interface for the tunnel.) The inside IP address determined during the authentication phase. The router sends an ICMP Echo Reply back through the tunnel to the client. (If this fails you will get the error Remote Gateway not responding.)
Out of the server thousand QVPN issues I have trouble shot it is 90%, or more the clientās windows firewall. The other 5% is third party software or firewall, 3% is customers using the same IP subnet on both sides of the tunnel, and the last 2% is configuration issues on the router. Once in a great while an ISP will be blocking ports but it is rare.
Software like Windows Defender and other Antivirus and software will modify the TCP/IP stack and the security of the operating system. Some of these softwareās will run in safe mode and others modify settings that even if removed from the computer will continue to prohibit the QuickVPN process. Domain systems use Group Policy to control firewalls of workstations in the domain. Network based antiviruses will create Domain policies to distribute those settings.
Since XP, Microsoft has continued to make their operating systems more secure. The more secure you make something the more user unfriendly, and more productivity prohibiting it becomes. We all want our environment secure, but everyoneās environment is different, and manually changes must be made to allow traffic that we want to work through this added security.
I would recommend if you are not able to connect from your machines you can call into the call center at 1-866-606-1866 and create a case. From there we can test from our lab which doesn't have any domain or antivirus rules to test. We use these computers to test everyday and can verify that the ISP is not blocking and that the router is properly working.
Cisco Small Business Support Center
Randy Manthey
CCNA, CCNA - Security
ā02-23-2012 02:38 AM
Hello again,
Thanks for the fast answer!
I solved the problem with switching back to an older System Recovery Point (2 weeks ago, i installed the Anyconnect client for a customer) - changed back before this install and QuickVPN login works again with both of my WRVS4400N.
So in my case it was not the win7 firewall i guess - it seems the VPN clients on my client disturbed each other (6 different VPN clients atm, the 7th was too much it seems, too many virtual adapters)
Thanks for all.
BR Adrian
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide