ok now that I can ping the BEFSX41 how to setup VPN connection?

[fanfish]

I have a BEFSX41 gateway at each end.

Both have computers on lan that can access the ionternet throught them.

I can ping the WAN IP of each gateway from the other ends.

What I want to do is set it up so that all the computers on both ends can talk to each other.

here are the settings I tried
tunnel 1
local secure group SUBNET 192.168.1.0 mask 255.255.255.0
remote secure group SUBNET 192.168.1.0 mask 255.255.255.0

Remote secure gateway (others wan ip)

3DES
SHA
Auto IKE
perfect forward secrecy (ticked)
Pre-shared key (a word that at each end is the same)
3600


Status Disconnected



The IPs of the LAN computers on one end is
192.168.1.5 - 192.168.1.25
mask 255.255.255.0
and on the other end is
192.168.1.205 - 192.168.1.225
mask 255.255.255.0


What do I need to do to get the VPN connected and have all the computers able to talk to each other.

oh and should I have IPSEC bridging enabled? any filter settings I need to change?

Block LAN request • Disable
Multicast Pass Through • Enable
IPSec Pass Through • Enable
PPTP Pass Through • Enable
Remote Management • Disable
Remote Upgrade • Disable
MTU • Auto

How important is the latest firmware update - does this router work woithout it? If I need to check which version is on it please tell me how to.

 

[fanfish]

oops that was
-Block WAN request • Disabled
not -Block LAN request • Disabled

 

[fanfish]

found my firmware version is 1.44.3 Dec 24 2002

 

[fanfish]

been thinking should IPSec passthrough be on or off?

 

[bcastner]

I can tell you it will never work as both routers are given the same network segment, 192.168.1.x, with a Class C subnet mask.

Beyound that it should be relatively easy. You really should ask in the Virtual Private Networking Forum, and prior to that use the "Keyword Search" feature in that forum on BEFSX41, as I think your likely questions have already been answered there by Markuu.

 

[fanfish]

Thanks for your help

I got it working! woohoo!

Not enough info on how to do this anywher so I'll post this to help someone else so they don't take 3 days like I did. If this helps please post a thanks here.

For anyone else who tries to do this after me - please enable logging function first! A message with sucessful VPN will come up in the log which you can view on the admin page even though it says it is broadcasting to .255

says it uses port 500

THE STUPID THING IS THAT THE VPN admin page does not change to showing CONNECTED straight away. It only happens after you ping a computer on the other side first.

Another issue is that the subnets must be different for each LAN behind the router.

I would like to check some of my filter settings please.
Have I got these right?

Block WAN request •Disable
Multicast passthrough •Disable
IPSec passthrough •Disable
PPTP passthrough •Disable
Remote Management •Disable
Remote Upgrade •Disable
MTU •Auto

I only just enabled logging so I didn't test any of them.

Was it necessary to disable all these passthroughs for the VPN to work. Does the IPSec use PPTP?

 

[markku]

Congratulations,

If you want to finetune your settings see:

http://www.dslreports.com/forum/remark,7672101~root=equip,16~mode=flat

Filter settings do not matter for VPN, but they are OK.

 

[bcastner]

hey Markku,

I mis-spelled your name above.

sorry.

Bill Castner
bcastner on DSLR and here.