VPN access through Linksys BEFW11S4 2

[CRMTom]

I was able to successfully get my little home network setup and connected to the internet, but I can't reach my VPN through the Linksys Wireless Access Point Router. I can connect to the VPN just fine if I bypass the router though.

Not sure what configuration setting in the router I'm missing.

Thanks in advance.

 

[Tbarney]

What kind of VPN appliance are you connecting to on the other side? We just had to upgrade our Checkpoint firewall so that this is now possible. Get with your IT guy and find out.

 

[TheOldMan346]

CRMTom,

When you bypass the router, how do you connect to the internet/VPN? What VPN Client is used? If it is dialup, check the TCP/IP settings of the dial-up networking entry used for the connection. Note if there is a specific IP address or range assigned. Also note if there are specific DNS and WINS servers specified.

You may need to configure your VPN client to work with the network adapter as opposed to some other networking adapter.
You may also need to configure your network adapter with specific DNS or WINS server addresses similar to what you used when bypassing the router.

Hope that helps.
The Old Man

 

[Balagan123]

I had a similar problem with Linksys router and Cisco VPN using 802.11b. Set the "IPSec Pass Through" to "Disabled" and it should. I know this is counter to all logic - but try it.

 

[Alshrim]

One of the VPN/IPSec clients that is heralded to work with the Linksys VPN router is the SSH Sentinal VPN/IPSec client.

I've tried to make it work . but thus-far have been unsuccessful. Alshrim
System Administrator
MCSE, MCP+Internet

 

[Guest_imported]

Balagan123 is right. I was having similar problem and when I disabled the IPSec Pass Through to disabled then it started working. It is weird. Thanks Balagan123 for your intputs.

 

[VPNme]

Here is a mode detailed description of a similar problem:

I'm trying to get into my office VPN. It doesn't work. Main technologies used – Linksys, Checkpoint FW1 and Secure Client, ADSL connection. Obviously it works when Itake the Linksys router out of the picture.
I have a very simple configuration a reasonable need and a problem no one managed to solve in the past few days (linksys techs, and other similar postings)

Problem and equipment details:
I've just purchased a new linksys wireless access point (BEFW11S4 V.2). To make life simple (didn’t help :-( )I connected just one laptop to it via the wireless PC card. I'm connected to the Internet using ADSL (PPTP).
I've the latest VPN client (Secure Client NG SP2 build 52097) running on Win2K. At my office we use Checkpoint FW 1 ver 4.1 SP 6.
The most I managed to get to is that I can ping successfully to our office internal web server, but I can’t browse to it. It resolves the site name, “starts” loading the web page and stops in a stage manner.
Using the new Secure Client self-diagnostic one can see that the full handshaking with server is ok, and that the two key exchange phases worked fine …

What I tried to do and played with:
Change my address space hoping it will not collide with any addressed we use at our office, enable (and disable) the linksys filters. Use the two advanced IKE features (force UDP encapsulation and IKE over TCP). Change MTU to a small number (say 1000). Do port forwarding and triggering (first to port 500, then to almost all), later I just moved the entire computer to the DMZ.

Ad I said, nothing worked, I can ping into my office network, but not surf, download, synchronize or anything helpful. When I take out Linksys, it all works fine.

Please help! It should be one of the most obvious uses of such a product; I do not understand why our life is made that difficult.
Thanks.
VPN-me

 

[winnt2k]

Check point VPN doesn't work for the private IP. Therefore, you take out the Router it works well. Contact checkpoint to ask them for any updates on it.

Or setup microsoft VPN and create policy to pass only PPTP to the server. Microsoft VPN supports private ip address..

Winnt2k

 

[PJEL]

Like a few people in this and other threads, I have been unable to get a Sonicwall VPN to work with the Linksys BEFW11S4 V2. I saw the suggestion to DISABLE IPSEC passthrough on the router and thought 'What the Heck... I have tried everything else on this and other forums...'

It WORKED!

Good work to whoever figured that perverse one out.

What's going on Linksys??

Patrick.

 

[DanoNYC]

I'm using Win98, Verizon DSL, Cisco VPN Client 3.6 - and I connect fine to my VPN via PPPoE / WinPoet.

When I use another machine w/o WinPoet - and use the Linksys BEFW11S4 v2 - (I'm going wired though) - I get on the net fine - but can't connect to VPN !

I've tried all firmware available w/ same results.
On the VPN Client, we normally use IPSec/TCP port 10500 w/ transparent tunneling. We also use a certificate.

I've tried enable/disable IPSec.
I've added x.x.x.100 (only machine on router) to DMZ
No dice. In all attempts, the VPN Client log shows:
12:14:28.200 11/17/02 Sev=Warning/3 DIALER/0xE3300008
GI VPNStart callback failed "CM_IKE_ESTABLISH_FAIL" (3h).

If I clear the router - and start from scratch, does anyone know how to get this working ?
I'm not familiar w/ the whole port forwarding/filtering/dmz thing - so I'm not sure if something has to be done regarding port 500 and 10500 (as 10500 is specified in my companies vpn client profile)

Thanks in advance -

 

[BNC]

I've been struggling with this for a couple of days -- all the problems the rest of you have described, but none of the suggestions worked. My setup is the BEFW11SU with a Netgear MA401 wireless PCI card. I'm trying to tunnel into the company network with the Cisco VPN client software supplied by the company. Everything has worked from the start except VPN. Finally, I just happened to notice that the Cisco software has a "Set MTU" utility (look in the menu folder). First I tried setting it to 1500 to match the Linksys default -- that didn't work. Then I tried 1300 (Cisco setting -- I left the Linksys at its default) because I thought there might be some overhead trafic, and to my surprise, IT WORKED. I hope this helps you guys.

 

[Rohitsri]

I am having the exact same configuration:
Windows XP service pack 2 and aLinksys Cable/DSL switch.
I cannot use the Cisco VPN client to connect to my corporate network.
Have tried everything as other posts suggested:
1. Turned off Ipsec tunnel through in Linksys
2. Used Set MTU utility to lower the MTU to 1300.

NOTHING works
My other box - Linux is able to get to the VPN fine.
Suggestions please.

 

[DelGT4]

I have a similar problem. BEFW11S4 (firmware 1.44.2z, Dec 13 2002) and WUSB11 network adaptors. Trying to create a VPN using CISCO VPN client version 3.6. If I use the wired ports on the router then VPN connects every time. When I use the wireless connection it fails every time with a log message 'GI VPNStart callback failed "CM_CTCP_FAIL" (1Dh).'

Linksys suggested turning of the IPsec enabled option but this has not helped.

Anyone got any other ideas

 

[frank312]

Finally.. I have a Linksys BEFW11S4 (ver2) router with win2k laptops that are using a netgear pcmcia 802.11b cards and was never , ever able to vpn to work wirelessly (it worked if I plugged it into the router) until I went to »

http://www.linksys.com/download/firmware.asp?..

and downloaded the firmware upgrade labeled "1.44.2" -It has IPSec fixes etc that make it all happen! Now I don't have to be thethered to the router with a cable to vpn to work.. hope this helps others who have tried everything else!

 

[ctto]

I can endorse Balagan123's suggestion to disable ipsec pass-through. Running Cisco VPN client 3.6.3 through the BEFW11S4, couldn't negotiate a connection with ipsec pass-through enabled. Disabled it and connected right up. Thanks, Balagan123!

 

[andylant]

In short, I can't make a VPN tunnel work using the
LINKSYS BEFW11S4 Wireless Access Point Router to work.
-----------------------------------
Facts: Westell A90 DSL modem
(BellSouth.net - Internet provider).
Modem can be a Router or a Bridge.
I placed it into Bridge Mode, using PPPoE
Disabled DHCP on the westell Modem/Router - Works Great.

NOTE: VPN works great if my westell modem is directly
connected to my PC using it in Bridge Mode and
using WindowsXP's built in PPPoE (userID and
Password) connecting through the Netscreen 8.0.0
(built 14) 10 license VPN client.

I'm trying to connect to my company and see my network
there from my home office. As I said before, the VPN
tunnel works great if I do NOT use the LinkSys
wireless router.

HERE IS THE PROBLEM:
As soon as I attach the Westell A90 modem to the
LinkSys BEFW11S4 wireless router, no matter what we
do, VPN tunneling won't work. I can no longer see the
network, or can't even ping the workstations at my
company.

HISTORY of events:
Originally I purchased my first LinkSys BEFW11S4 with
the previous firmware less then a month ago.
Everything was working, except VPN would not work.
I talked to several representatives and then I was
asked to upgrade the firmware to the latest version.
The firmware upgrade somehow corrupted the system
and the LinkSys BEFW11S4 (my previous one) completely
died. Reset would not work, DHCP would not work,
could not be pinged, etc. So I was asked to return it
to the store and perhaps purchase the latest faster
LinkSys Wireless-G router.

I went out and bought two Wireless-G routers to see if
that would work with VPN. No luck. After hours of
work and many tech support reps, I was advised to
return the LinkSys Wireless G routers and get the
previous version of the router BEFW11S4.

Now I went and bought the BEFW11S4 (AGAIN) this time
the one out of the box had a later version of the firmware, which is: firmware: 1.44.2, Dec 13 2002.
Just recently I upgraded the firmware to the LATEST so far, which is February of 2003.

Now after hours and hours of different tech support
reps, some of which did not even know what the
difference was between a switch and a router, I was
finally advised that I download the previous version
of the firmware. THIS cannot be a correct advise,
since if you read this story carefully, I have already
used the previous firmware at the very begining on the
previous BEFW11S4 that died on my when I upgraded the
firmware. Oddly, at that point I was asked to upgrade
the firmware, now I'm being told to downgrade. (I suggest for everyone to just keep the latest firmware).

Honestly, the story is very frustrating. I asked LinkSys to have their engineers please TRY to test the product and make sure that it can pass through VPN.

Port Triggering: Range Incoming Port Range
1: 47 ~ 47 ~ 1723 - 1723
2: 50 ~ 50 ~ 500 ~ 500

Enabling DMZ made no difference either.
Block WAN Request: Disabled
Multicast Pass Through: Enable
IPSec Pass Through: Enable
(tried to disable IPSec) no result
PPTP Pass Through: Enable
Remote Management: Enable
Remote Upgrade: Enable
MTU: Enable Size: 1024
(we tried MTU 1499 and MTU 1400)

This is a note to some people who can PING their workstations, you guys should place an LMHOSTS file on your laptops, or remote PCs. However, my problem stays the same. No VPN using the LinkSys router.

Can anyone PLEASE PLEASE help?

Again: VPN Client: Netscreen 8.0 client works perfectly fine when my Westell A90 modem is attached directly to my PC.

(At my company the NetGear FVS318 VPN router/firewall
works perfectly fine with the netscreen remote clients
at my end or from other remote locations). ONLY when
this LinkSys router is between the modem and the PC
the VPN stops.

Thanks,
Andy

http://www.1find2.com

 

[redrocker]

I have run into the same problems as everyone else. I am running Check Point VPN-1 Secureclient NG feature pack 3. I this running on a laptop. I have called linksys and the had me change my settings on my BEFSR11 1 port router to:

Block WAN Request: Disabled
Multicast Pass Through: Enable
IPSec Pass Through: Enable
(tried to disable IPSec) no result
PPTP Pass Through: Enable
Remote Management: Disable
Remote Upgrade: Enable
MTU: Enable Size: 1492

then under the Forwarding tab the Port triggering the following settings:

Port Triggering: Range Incoming Port Range
1: 47 ~ 47 ~ 1723 - 1723
2: 50 ~ 50 ~ 500 ~ 500

during this time I had removed my linksys wireless wpc11 ver 3 card and plugged a wire into my laptop. once i did this the vpn worked. as soon as i power down remove the wire, reinsert the wpc11 card reboot the vpn client fails to work. linksys has had me install the latest firmware for the wap11 ver 2.6. it still fails to work.

 

[PJEL]

Hi Everyone. I don't have a silver bullet here, but I think this may help a subset of you. I have been happily using the Linksys BEFW11S4 V2 Linksys with the Sonicwall VPN client (V8.0.0 Build 10) on an XP Thinkpad using Compaq PC-card wifi for quite a while now - 'course it took weeks of reading threads like this to get it to work in the first place. Anyway, have just got my new Centrino Thinkpad and wanted to set the VPN up on it so I could work from home, and it was a right pig. I thought oh no - here we go again, back to the threads, lots of messing around... of course I had both laptops active, moving from one to the other...

Well, I have now established fairly confidently that if you have more than ONE VPN client PC behind the linky, you need to disconnect your first machine from the router (wired or wireless) and POWER-OFF/ON the linky router, before the 2nd VPN client will get a connection! I always suspected that the linky would only support a single active VPN tunnel (not sure if this is theoretically correct?) but I now know that it seems to 'remember something' about the previous IPSEC session and a new machine trying to establish an IPSEC session can't get an ACK from the other end until the router is powered off and on again.

Wierd.

As I've said before - what's going on Linksys?

I am coming to the opinion that the Linksys BEFW11S4 V2 is a bit of a toy and not suitable for commercial-grade VPN activities...

Patrick.

 

[TonioFromParis]

Take a look here.
I think you'll find the answer :

http://www.tek-tips.com/gviewthread.cfm/lev2/5/lev3/34/pid/463/qid/355909

Bye

 

[InnerSymbiance]

Strangely enough I updated to the latest firmware for my Linksys BEFSR11 (V1.45..) The network performance dropped significantly, and several programs stopped being able to access the internet. I set up forwarding, even tried DMZ the machines, and finally did the Disable IP stuff as mentioned throughout this thread. Finally, Dropped down a version of the Firmware, still problems..Went to Version 1.44(z) my system is back to normal, programs once again access the net., and online games now play once more.. In essence any firmware above 1.44 seems to be bugged, unstable or a big headache... stay with 1.44 it works, its solid stablility and it saves you setting up your own personal Firewall (i.e. personal as you can't get out!! but people can get in...!)