That's my point - I see him connected, but there is zero access because he isn't given a local IP on my network which means his traffic isn't routable to my network. Just to be safe I had him try to ping my desktop (firewall is off) and he couldn't get a response from it or even the router itself. I need to figure out how to give someone who connects with QuickVPN an IP so they have access.

Uhh....I'm more confused now.  I connected to the VPN once more, and this time instead of pinging the remote host ending in .100, I tried .1, which I assumed was your WRVS4400N.  I get replies, and was even able to login to the router's web interface, but I still see no VPN adapter or additional entries in my routing table, so the QuickVPN client seems to be working from what I can tell.  You might want to double-check the network settings on the host you asked me to ping.  In the meantime, I am going to configure an IPSec profile to test with as well...hope you don't mind :-p

As you mentioned, dbrown, once connected you can access the remote side as though you were part of the network. One thing with the QuickVPN, however is that it uses the IP address of the computer you are connecting from. If your network has any restrictions on IP addresses from other subnets, it will cause a problem.

Derek and I both attempted this and can't seem to get it to work. Sometimes the QuickVPN option connects, but you can't do anything once it is connected. Other times it just hangs at "Verifying Network..."

Shouldn't we get an IP from the router when we get connected with QuickVPN on the local network of the router?

He and I are both running Win7 x64 and are using the latest QuickVPN client available (1.4.1.2).

With most VPN clients, a virtual network adapter is also installed.  Once connected to the VPN, that adapter is enabled, gets an IP address, and entries are added to the local routing table to send traffic for the remote network(s) through the VPN adapter.  I see none of this with the QuickVPN client, and even though my laptop (Windows 7 x64) says I cam connected, I am unable to ping any hosts on the remote network.  I've never used QuickVPN, so I don't know what to expect, but if I can't even ping a host on the remote network, what is the VPN supposed to be used for?

As for the IPSec configuration, Scott, you should be able to configure the local network as your home subnet and the remote network as 'any'.  This will allow IPSec client connections from any remote IP address, but just underneath this section you have to specify the IP or subnet to encrypt.  The first part (where you select any) is the NAT'd peer IP, but the second part is the IP address or subnet that will be used by the VPN client.  As an example, you could set the Remote Security Gateway Type to any and the Remote Security Group Type to Subnet, then use 192.168.1.0/24 as the subnet, and you would just need to configure your IPSec client to use a static address within the 192.168.1.0/24 subnet.  As you are the only one that will be using this configuration, you could use just a single IP instead of a subnet as well.

Quick VPN is not like most VPN Client software. It dosn't add a second network addapter it modifies the Windows IP Stack information for DNS and routing. When the QVPN Client connects it connects with its current IP address. That is why it is important that the Client IP subnet doesn't match the destination IP subnet.

Router Requirements:

• •1.       Depending on the device Remote Management needs to be on.
  
• •2.       Users need to be created and enabled.
  
• •3.       Only One Connection per User Account.
  
• •4.       Local Network Subnet must be different than Remote Network Subnet.
  
• •5.       If using Certificate the .pem file needs to be exported and placed under the “C:\Program Files\Cisco Small Business\QVPN Client” folder.
  

Microsoft XP SP3 (until 2014)

• •1.       Must be running Service Pack 3
  
• •2.       Must have the Windows Firewall Off (You can have the firewall on but we do not support Microsoft or any other 3^rd party Firewalls. ICMP Echo Requests are required inbound through the software Firewall for a connection to establish.)
  
• •3.       Must have IPSec Services Running
  

Windows Vista/ 7

• •1.       Must running Vista Service Pack 2 or run in Vista Service Pack 2 compatibility for Windows 7.
  
• •2.       Windows Firewall needs to be on. (3^rd party Firewalls will not be supported.)
  
• •3.       Must have IPSec Services Running.
  

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

I tried following your steps above for Windows 7 x64 and still no luck - it hangs at Verifying Network and just tells me it isn't responding. The only IPSec service I have installed is called the "IPSec Policy Agent" - is this the correct one? I've confirmed the firewall is running and setup the exe to run in Vista SP2 compatibility mode. The router has remote management configured, user account is enabled and I am testing from different subnets. It obviously connects because it can tell I don't have the certificate installed, however I don't have anything configured telling it the certificate is required. If it is do I install the PEM via MMC?

I have to admit, I'm a bit disappointed in how complex this is. Derek (posted on this thread a few times) is a CCNA currently studying for his CCNP and he couldn't make this work. How is a regular user supposed to have a remote chance? I assumed going with a Cisco SMB router was the best choice but after researching it pretty extensively post-purchase I have found I am not in a minority who can't get this working and eventually give up.

Scott,

Yes, some times the configuration of the Qvpn can be a bit harsh. 95% of the time is because of the added programs that are installed on the windows machines. Third party firewalls and anti-virus are the number one cause of error. That being said the Qvpn is really just an overlay to the Windows Ipsec client that comes on windows, it just configures the policy's for you instead of you having to manually configure. This is why the Qvpn is a free program (client app) . That being said if all the above requirement that randy posted is meet.Then there has to be some other program or registry error affecting IPsec services on the windows machine not allowing it to connect.

Also the certificate you don't have on the local computer to connect but after creating your user or modifying user you will need to generate a new certificate each time in the router.

Thanks,

Jasbryan

Cisco Support Engineer

.:|:.:|:.

As I mentioned before, I was able to connect via QuickVPN and ping the remote gateway's inside interface, but nothing else on the remote network.  To me this meant that the VPN client was creating a functional tunnel, but the remote gateway was failing to route the traffic to hosts at the other end.  So, I checked the firmware version on the router and what was available in Cisco.com's downloads section, and noticed that Scott was one version behind.  I checked the release notes and saw nothing about the router not routing QuickVPN traffic, but I figured whatever, why not have Scott upgrade anyway?  He did the firmware update and made no changes to the configuration, but now when I connect, I can ping hosts on the remote network.  As no configuration changes were made on either end and only the firmware was upgraded, this seems like an undisclosed bug to me, but it seems to be working now.

Scott was not able to test the connection from home last night, but hopefully he can confirm it works on his laptop from remote locations now as well.