Linksys BEFVP41 to Kentrox Q2300 possible?

[iconSYS1]

I recently called Linksys support and was told it is impossible to me to make a VPN tunnel to my corporate router ( Kentrox Q2300 ) from their BEFVP41. I asked them what the point of their VPN router was and they told me it is only for connecting two BEFVP41's.

I really don't want to use a consumer router in my corporate enviroment, nor do I want to use a $650.00 router and QOS device to simply make a VPN tunnel.

Could someone please tell me if this is possible? or am I wasting hours of my life?

 

[brianinms]

I have configured a vpn between a 41 and a pix before.

 

[iconSYS1]

See the log from the Kentrox below, if you read from the bottom up, you can see how far it gets. I have placed the log from the BEFP41 below that...

...it would seem the BEFP41 isn't recieving the message yet the 76.87.86.xxx is deffinately the correct IP address of the home user. Anyone know what exactly "INVALID_ID_INFORMATION (0X12)" means?



warning 2008/04/02 03:58:28 VPN IKE IKE WARNING:Sending Notification INVALID_ID_INFORMATION (0x12) to peer 76.87.86.xxx
warning 2008/04/02 03:58:28 VPN IKE IKE WARNING:INVALID_ID_INFORMATION (0x12) -- peer 76.87.86.247:500, cookies: A5B1B41027E5ABCA / 0000000000000000
inform 2008/04/02 03:58:28 VPN IKE IKE INFO: RemoteGateway ID in payload: IPV4_ADDR--76.87.86.247
inform 2008/04/02 03:58:28 VPN IKE IKE INFO: LifeDuration -- 3600
inform 2008/04/02 03:58:28 VPN IKE IKE INFO: LifeType -- SECONDS
inform 2008/04/02 03:58:28 VPN IKE IKE INFO: GroupDescription -- MODP_768
inform 2008/04/02 03:58:28 VPN IKE IKE INFO: Authentication -- PRESHARED_KEY
inform 2008/04/02 03:58:28 VPN IKE IKE INFO: Hash -- MD5_HASH
inform 2008/04/02 03:58:28 VPN IKE IKE INFO: Encryption -- DES_CBC
inform 2008/04/02 03:58:28 VPN IKE IKE INFO: Transform 2 -- KEY_IKE, index = 2
inform 2008/04/02 03:58:28 VPN IKE IKE INFO: LifeDuration -- 3600
inform 2008/04/02 03:58:28 VPN IKE IKE INFO: LifeType -- SECONDS
inform 2008/04/02 03:58:28 VPN IKE IKE INFO: GroupDescription -- MODP_768
inform 2008/04/02 03:58:28 VPN IKE IKE INFO: Authentication -- PRESHARED_KEY
inform 2008/04/02 03:58:28 VPN IKE IKE INFO: Hash -- SHA_HASH
inform 2008/04/02 03:58:28 VPN IKE IKE INFO: Encryption -- TRIPLEDES_CBC
inform 2008/04/02 03:58:28 VPN IKE IKE INFO: Transform 1 -- KEY_IKE, index = 1
inform 2008/04/02 03:58:28 VPN IKE IKE INFO: Proposal 1 -- protocol ISAKMP, with 2 transforms
inform 2008/04/02 03:58:28 VPN IKE IKE INFO: AggressiveMode -- responder received message1 from 76.87.86.xxx


log info from BEFVP41 :

2008-04-04 16:32:50
2008-04-04 16:32:50 IKE[1] Tx >> AG_I1 : 207.47.77.xxx SA, KE, Nonce, ID

settings on the beFVP41 :

This tunnel (x) enable

Local secure group (subnet) IP: 192.168.1.0 MASK: 255.255.255.0
Remote secure group (subnet) IP: 207.47.77.0 MASK: 255.255.255.240
remote security gateway : 207.47.77.xxx

Encryption : 3DES
Authentication : SHA
Key Management : Auto (IKE)
PFS - On
Preshare key : confirmed
keylifetime: 3600 seconds


Any ideas?

 

[brianinms]

Yeah turn Pfs off on the linksys

 

[iconSYS1]

Simply turning off Pfs didn't work. Finally called Kentrox and was told the BEFVP41 will not work along with the Q2300. They told me to get a Linksys RV042 and go to :

http://kb.kentrox.com

and search for "linksys" the RV042 is the first application note to come up.

Bought the router, followed the instructions precisely and it works brilliantly.

 

[brianinms]

Congrats, sounds more like an issue with the Kentrox.