Wendell,

I looked over the last message and I didn't see yours until now.

Well, I haven't tried that yet, but sounds like a good reason.

And now that you mention it, yes, I downloaded ShrewSoft's VPN client and THAT may be bothering me so bad.

I'll try removing it and start over again.

Thanks!

Regards.

Javier Sanchez wrote:
I disabled the Windows firewall. Nothing!
 I disabled the "Block WAN request" parameter.  Nothing!  Please it is simply unacceptable that you people, THE provider cannot have an effective solution to this.  Tell me something, with all due respect, don't you feel shameful?

YOU PEOPLE?  do you feel shamefull? I am not an employee of Cisco.

These forums are for users to ask for help from anyone who views these threads, they are open to the public. if a Cisco Support engineer post here he will most likely ask you to raise a ticket with Cisco.

We - the public, are trying to suggect methods/fixes that "may" resolve you issue.  if they dont then please dont rant about it. we are merely trying to help, if you dont want our help then please say so in your initial post.

- rant over.....

IPSec on Windows Vista/Win7 needs the Windows Firewall enabled by default or any IPSec program just wont work.

if the firewall is on, to allow the ICMP packet to return the ping reply, you need to make sure your Windows Firewall has a rule to allow "ICMP reply"

QuickVPN also needs to run as administrator.

Router needs:

HTTPS enabled  (443 or 60443 - thats the only ports QuickVPN uses)

Possibly - disable Block WAN requests.

you could also try a couple of other QVPN variants.

http://www.linksysinfo.org/index.php?threads/qvpnplus-gui-lifeline-vpn-client.26789/

http://www.linksysinfo.org/index.php?threads/quickvpnplus.21124/

Regards Simon

http://www.linksysinfo.org

Please accept an apology.  For some reason I thought you were a Cisco employee, and I was not trying to hurt feelings.

Thanks for the tips though.

Roger and out.

One contribution to the analysis could be this.  I downloaded Wireshark.  I wanted to inspect the traffic between my PC and the RV082.  I found out that when the "Verifying network..." message pops up, the actual packets it is sending to the router are NOT ICMP ones.  They are ESP packets.  For these, is that the router doesn't respond.

I understand ESP packets are payload or user content packets ciphered and already traveling through the tunnel.  So the "Block WAN requests" set to "Yes" may not be the problem.  Neither is (or would not be) setting an incoming rule at the Windows firewall, as this actually doesn't even exist for ICMP or at least I couldn't find it.  The list of protocols there doesn't show ICMP explicitly.

I guess it is something about a final negotiation that doesn't get through. I would mention here again that when I look at  the other side, in the router, the log reveals that I actually get connected  I can see there the message "tunnel established", and that is the last log message I see just when the "Verifying network..." sits on the screen.

On another PC, QuickVPN goes up to the "Connected" screen, but when I go to the command line and enter IPCONFIG, I can't see the remote subnet assigned to any adapter.

If I run the Windows' VPN client, I do get connected and the remote subnet is successfully assigned.  But this method gives you only 5 concurent clients connected.  This is not the solution that we want, is it?

I will keep digging deeper.

Thanks to all.

Regards.

>...inspect the traffic between my PC and the RV082.  I found out that when  the "Verifying network..." message pops up, the actual packets it is  sending to the router are NOT ICMP ones.  They are ESP packets.  For  these, is that the router doesn't respond.

The ESP packets came from QuickVPN client trying to ping the LAN IP of the remote QuickVPN router over the tunnel.

If the client receives a reply, it declares the tunnel is connected. Otherwise the client will keep trying and thus the status showing "...verifying network."

Hi Javier,

you want a real test? why dont you provide create a test account and then let me QuickVPN to your RV, we start from there.. see whether the conflict is on your PC network or on your ROuter network..

thanks

Hi Wendell,

Yes, I'm interested.  It's just that I can do these tests only after business hours, my time zone is GMT-6, so we could set a day and time to try.  I would send you your test user account.  What time zone are you at?

Thanks.

Tekliu,

Sounds pretty reasonable.  So the ESP packets do contain ICMP encapsulated messages?  Mmmm...

If so, I can say that if the router would respond to them, its firewall rules have already set that all traffic from the LAN to the WAN would flow freely.  On the opposite direction it wouldn't, so I added one rule to allow all traffic from the WAN to the LAN, and this didn't work either.  But this is a very good tip so I'll keep trying, and will provide more results to comment.

Thanks.

Wendell, where are you? Is that Australia or Japan?

Let me do something Saturday 23rd at the retailer first.  I'd try to get a replacement of the router first.

I'll let you know.

Regards.

Yes, that's something I read in this thread, I don't remember whether from you actually.

Suppose this is fine, so I PING the router while I don't reply QuickVPN to either Wait or No Wait when it gives up, and thus I see I'm still connected, then the PINGs would'nt be replied to.  I already did that.

But again, how are you supposed to know that your tunnel is ready?  How would your traffic to the known IP addresses on the other side reach the hosts there?

Hello Wendell, or whoever:

Actually, what is the right configuration for QuickVPN at the router?

I mean, does it have to be a single tunnel per user, or just a whole Group VPN?

I suspect that if a single tunnel is configured for one user, there one can assign the single IP address the client will get.  Am I right?

On another PC, QuickVPN does get connected.  But what I don't understand is what to do next.  How is the other end of the subnet viewed by the PC?