Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

BEFSX41 and 3com Officeconnect VPN Firewall

Status
Not open for further replies.
simon31

simon31

Technical User
Jun 20, 2004
7
GB
Hi all.

I have a Linksys BEFSX41 running Firmware Version: 1.51.00.
I am attempting to set up a VPN connection to a 3com Officeconnect VPN Firewall (using the most recent Firmware) using IPSEC.

I am having problems connecting in that when the Linksys tries to establish a link to the 3com, the Linksys reboots itself. When you refresh the Admin page in the browser. the status of the VPN is connected. Then when you try and ping the 3com 192.168 address, the Linksys reboots again.

I am successfully connecting to an older model 3Com Officeconnect firewall with no problem.

Any suggestions as to why I am having this problem ?

I have tried emailing Linksys support but get no response.

Many thanks

Simon
 
Sort by date Sort by votes
Update the firmware on the Linksys.

There was a revision two weeks ago: befsx41_v1.50.18_code.bin

ftp://ftp.linksys.com/pub/network/
 
Upvote 0 Downvote
I've already done that..

Dont make any difference.
 
Upvote 0 Downvote
I found the 1.51.00 release on another Techie site after already trying the version you already mention. Neither works !
 
Upvote 0 Downvote
Tried the new firmware but it still crashes on negotiation...

Linksys fail to respond after 4 days so it may be time for a new firewall me thinks !
 
Upvote 0 Downvote
Upvote 0 Downvote
I have looked at that forum before and have also tried MTU changes but to no avail.

The reboot only occurs when trying to negotiate with the 3com officeconnect VPN firewall. I can connect successfully to an older 3com Officeconnect DMZ firewall, so there is some incompatibility between the Linksys and the newer 3com.

I have even tried connecting the old 3com to the newer using a gateway to gateway connection but without success. However the older 3com doesn't do a linksys and start rebooting itself.

I am using a straight forward DES/MD5 config in Aggressive mode (if i use main mode the Linksys wont even attempt to establish the connection).

 
Upvote 0 Downvote
I am so sorry, but I am clueless at this point.

Hope someone else can pitch in and come up with a new idea.
 
Upvote 0 Downvote
I know the feeling !

Thanks for your help..
 
Upvote 0 Downvote
Simon,

What model is your older/newer 3Com firewall? I'm trying to get a Linksys BEFVP41 (static IP) and a 3Com OfficeConnect DMZ (dynamic IP) talking, but I'm not quite there. I've had success with the WRV54G and the BEFVP41 recently, though the former is not terribly robust, and I should have the BEFVP41 in hand in a couple of days, so I was wondering what your configuration looked like.

At present mine looks like this (keys changed, obviously):

BEFVP41 (66.180.121.182 WAN, 192.168.1.0 LAN):
--
tunnel: myHomeLan
local group: subnet 192.168.1.0/255.255.255.0
remote group: subnet 192.168.4.0/255.255.255.0
remote gateway: 66.141.179.145 (dynamic, manually updated for now)
encrypt/auth: DES/MD5
key: IKE, PFS enabled, simonSaysVpn, 28800
advanced: main mode, phase 1 DES/MD5/1024/28800, phase2 DES/MD5/1024/28800, NetBIOS broadcast, anti-replay, keep-alive

OfficeConnect DMZ (66.141.179.145 WAN, 192.168.4.0 LAN):
---
SA name: myHomeLan
keying: IKE with PFS
IPsec gateway: 66.180.121.182
NetBIOS broadcast: enabled
SA lifetime: 28800
encryption: ESP DES HMAC MD5
secret: simonSaysVpn
destination network: 192.168.1.0/255.255.255.0


In my case I think I'm lacking a bit in the policy section, although IKE and IPsec are allowed in both directions. In any case the Linksys is reporting some problems in the negotiation phase:

00:00:01 IKE[3] Tx >> MM_I1 : 66.141.179.145 SA
2004-06-29 06:30:45 IKE[3] Rx << MM_R1 : 66.141.179.145 SA
2004-06-29 06:30:45 IKE[3] ISAKMP SA CKI=[eb33f988 9dc20eec] CKR=[7cdcdeca d6c840c7]
2004-06-29 06:30:45 IKE[3] ISAKMP SA DES / MD5 / PreShared / MODP_1024 / 28800 sec (*28800 sec)
2004-06-29 06:30:45 IKE[3] Tx >> MM_I2 : 66.141.179.145 KE, NONCE
2004-06-29 06:30:45
2004-06-29 06:30:45 IKE[3] Tx >> MM_I1 : 66.141.179.145 SA
2004-06-29 06:31:15
2004-06-29 06:31:15 IKE[3] Tx >> MM_I1 : 66.141.179.145 SA
2004-06-29 06:31:17 IKE[53] Rx << MM_R2 : 66.141.179.145 KE, NONCE
2004-06-29 06:31:17 IKE[53] Tx >> MM_I3 : 66.141.179.145 ID, HASH

This repeats ad infinitum.

The 3Com 3C1677[01] seems to badly lack in the VPN functionality from a UI perspective (a number of hidden assumptions, no phase 1/phase 2, etc). I've temporarily taken the approach of setting the 3Com's public IP as the remote gateway for the Linksys, but it's a poor hack, broken as soon as the 3Com restarts and gets a new WAN IP at home. But using "any" on the Linksys side yields "invalid id" in the logs, another matter to track down.

Whaddya think, sirs?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

JennyJo25
  • Locked
  • Question
Linksys VPN Router connectivity to ISP modem/router issue
Replies
3
Views
213
Samthyr
Samthyr
tviman
  • Locked
  • Question
Do routers at each end of VPN tunnel need to be the same?
Replies
3
Views
146
tviman
tviman
cohoejoe
  • Locked
  • Question
Cannot reset BEFSX41 to factory setting
Replies
2
Views
90
SYQUEST
SYQUEST
ceil32
  • Locked
  • Question
Cant access a site through Linksys BEFSX41
Replies
5
Views
99
goombawaho
goombawaho
Rustend
  • Locked
  • Question
TM is missing time lines and showing 2 minutes past the hour
Replies
1
Views
92
jimbopalmer
jimbopalmer

Part and Inventory Search

Sponsor

Back
Top