Re: Having problems keeping VPN going over DI-604.

dr.gonzo · ‎08-20-2002

We have several D-Link DI-604 routers and are having problems connecting to our PIX. I can open the IPSEC Dialer and connect with no problems... I can can get as far as opening my corporate email in outlook (about 1 min or less) and then it hangs. When I check the dialer properties I see that while data is going out, none is coming back in anymore. Anyone have any ideas??? I've tried setting the machine as DMZ and still the same problem.

Gonz

awaheed · ‎08-20-2002

Hi,

This seems to be an MTU, try lowering it using Dr. TCP. Also try using the latest VPN client v3.6 which has a lower Default MTU which sometimes takes away the need to having to set it manually.

Hope that helps,

Regards,

Aamir

-=-

dr.gonzo · ‎08-21-2002

Interesting thing... D-Link wanted me to set up a virtual server with UDP 500 open to a machine setup with a static IP on my intranet. This seems to work, but also seems like a clunky solution. It also doesn't explain how you're supposed to be able to have multiple IPSEC connections when you can only setup a virtual server for 500 to one machine. :( I'm going to try to get the 3.6 client and see if it makes any difference (thanks for the suggestion). Very strange stuff though.

Thanks,

Gonz

kmerolla · ‎08-22-2002

We are having a similar problem, except that in our case ... the Client connects to the PIX, and then nothing! I mean nothing. Cannot access anything locally or remotely.

Even tried a laptop that works behind a different brand of router, still nothing.

Any thoughts?

dr.gonzo · ‎08-23-2002

I'm still going to be working with D-Link, but at this point the Virtual Server thing seems to be the only work-around. I setup a static IP on 192.168.0.x and then created a virtual server on UDP port 500 for that IP. That machine now has no problem connecting and transmitting data. Unfortunately, this won't work for us in the long term. The router advertises Multiple Simultaneous IPSEC connections so we'll have to see what happens.

Gonz

kmerolla · ‎08-23-2002

I would really appreciate it if you could post your findings up here. Thanks!

-Kevin

dr.gonzo · ‎08-23-2002

I spoke with D-Link's tech support and they agree that the router should work without setting up a virtual server. They are escalating it and will contact me in a few days. Perhaps a new bios version will come of it. I'll post the results.

Gonz

dr.gonzo · ‎08-29-2002

Problem solved!!! or so it would seem... For almost 2 weeks I've gotten nothing but useless information from D-Link on this problem. I checked on thier webpage lastnight and a new bios (2.03) is out. I updated my Router and the problem apears to be solved. Just wish they would have told me earlier that a new bios was on the way so I could have saved several hours on hold. :( Ironically, I'm still getting email from their tech support people having me try different things. I guess they didn't notice that their own web page has the new BIOS on it.

http://support.dlink.com/products/view.asp?productid=DI-604

Gonz

lr.moore · ‎08-30-2002

Had similar issues with clients timing out. TAC suggested two things:

1. Increase peer response timeout (General tab dialer properties) double the default 90 to 180

2. Change .pfc :

ForceKeepAlives=1