cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3099
Views
0
Helpful
9
Replies

WRVS4400N having trouble setting up VPN to access windows server

glsolomon
Level 1
Level 1

Hi,

I'm having trouble setting WRVS4400N to allow our remote users to access our Windows 2003 server shares using the latest version of Cisco's Quick VPN. I have created a user in the router's "VPN Client Account" section. I have also set up port forwarding of TCP port 1723 to the Windows Server's IP address (192.168.0.34 ).

When I connect using QuickVPN, the router reports that I have logged into the VPN OK, but the client reports that "The remote gateway is not responding. Do you want to wait?" do can answer yes -- but nothing more happens.

I have tried searching the web for answers. That's where I found about enabling TCP port 1723 on the router. But they also say that you need enable protocol ID 47 "GRE" and I can't see anywhere to enable this on the router.

Can anyone tell me what I am doing wrong?

P.S. I have tried disabling Symatec's Endpoint Software on the windows server, but it had no effect.

Thanks,

Graham

9 Replies 9

rocater
Level 3
Level 3

Hello Graham,

     When you are connected with the QuickVPN, you will not need to have any ports forwarded. It would be ok to remove those rules as they open the ports to the outside world and not just users you have approved.

For the error message 'The remote gateway is not responding' you will want to ensure that the client running the QuickVPN does not have a firewall or anti-virus that blocks icmp (ping) messages. During the 'Verifying Network' part of the connection, the client and router pass test messages to verify that the connection is completed. If these messages do not get out and back, you will encounter this message.

I hope this helps resolve your problem

Hi Robert,

Thanks for your reply.

I was running ZoneAlarm Extreme, (firewall - antivirus - anti malware ) which I turned off before trying to connect using QuickVPN. Still got the same message.

I then checked what services were still running and found that there was a ZoneAlarm service still running, which I could NOT turn off from the task manager. So Uninstalled Zonealarm completely.

Tried again. Alas, still get the same message "The remote gateway is not responding. Do you want to wait?"

Have you got any other clues?

Graham

Hi Robert again,

I've just installed Wireshark on the client and watched as QuickVPN tried to establish a connection.

You are correct in that it is pinging the router but the router end is not replying.

I'm not sure, but I think I read that there is a setting in the router which allows or disallows pinging.

And then there is the ADSL modem. Maybe there is a setting in that too which is stopping the ping.

Will check both of these out and let you know.

Thanks again,

Graham

Graham---Under the firewall on the WRVS4400N do yo have the "Block WAN Request"  Disabled?   This option will need to be Disabled. Are you running the latest firmware on the WRVS?  If not I would upgrade to the latest. I just had one case

that the Customer was not able to connect with QVPN  but after we upgraded him to the latest it resolved his problem.

THANKS

Rick Roe

Cisco Small Business Support Center

glsolomon
Level 1
Level 1

Hi Rick,

I haven't upgraded the firmware, but will do tomorrow.

As for the "Block WAN Request", I wouldn't know, but I'll check it out tomorrow ( your sleep time ) and will let you know

Thanks

Rick for the info.

Graham

Graham,

"The remote gateway is not responding. Do you want to wait?" is almost always caused by an antivirus or third party firewall software running on the client PC. Uninstalling Zone Alarm was a good idea. Do you have any other software running?

Check the log.txt in C:\Program Files\Cisco Small Business\QuickVPN Client and see if there is an error message: Failed to ping remote VPN Router! (Usually repeated 5 times if ping reply is blocked)

Try to connect from a different PC that you know does not have any security software other than the Windows Firewall. If you do not have access to another PC, call Cisco Small Business Support and ask them to test from their lab. You can find a contact number at www.cisco.com/go/sbsc

Hi Mpyhala,

Thanks for your reply.

I have been playing with the router (and My PC ) for about the last hour. So far no success.

The problem as you rightly have stated is issues with the Pinging.

I CAN ping the router wan IP Address ok, so I know I can ping it and get a response.

However, QuickVPN pings the internal IP address and that is where the problem seems to be.

The internal ip address of the router is 192.168.0.34 ( I've always believed that this address range was non routable )

So I tried changing the internal address 150.21.33.34. ( I just chose that IP address at random ).

Saved and rebooted the router.

Then tried again.

QuickVPN now tried to ping 150.21.33.34 but still no reply

Following Rick's advice, I've upgraded the firmware to the latest version that I could find on the web and diasabled the "Block Wan Request"

Neither of these have helped either.

I've then tried setting up a rule to allow PING from any interface to or from any IP address in the firewall's ACL section.

That didn't help either.

I've taken a few screen shots of the router which I thought that I could attach to this reply but alas the facility is not provided.

I've also have a wireshark IP trace file which clearly shows QuickVPN setting up the tunnel and then trying to ping the internal IP address of the router. Once again I'm unable to attach it. But it does clearly show me being able to ping the router's WAN IP address and QuickVPN's inability to ping the Router's internal (LAN) address after setting up the VPN

Sorry to be a pain in the butt, but have you got any other clues?

Graham

Hi Graham

I will explain further the step of the QuickVPN. When it first connects it checks the WAN IP of the router and sends the initiator for connecting. It next sends the authentication information. After you have been authenticated, the VPN connection is actually connected. In order to ensure that they connection is valid, your system sends a ping to the LAN interface. This ping going to a private address is ok since you are now connected to the VPN. The router then sends a response which confirms the VPN is connected correctly.

Unfortunately the QuickVPN does not have any way to verify that your system will be open to incoming messages from other networks and so it simply waits for a response, then try again.

If you would like, reboot your system into safe mode with networking enabled and only start core windows services. Ensure that the IPSec service (you can find IPSEC.exe in the installation folder to help) is running and try to connect again. If you can connect when doing this, then there is something else on your computer that is blocking the connection.

If after all of this, you still can not connect, then please try us here at the SBSC.

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

Hi Graham,

You do not need to make any changes in the router. You should be able to take a new WRVS4400N out of the box, change the LAN IP address to avoid conflict, plug it into your modem (Must have a WAN IP address), set up a QuickVPN user account and connect from a remote network. Firewall rules are not needed or recommended.

192.168.0.34 should be fine for the LAN IP, just make sure that the remote network that you connect from is NOT 192.168.0.x. I would probably use 192.168.34.1 instead on the WRVS4400N to avoid conflict.

I strongly recommend that you call Small Business Support or start a chat session so we can test from our lab. This will help to make certain that the router is functioning properly so you can focus your efforts in the right direction. You can find a number at the following link:

www.cisco.com/go/sbsc

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: