Vpn Linksys router??

[spivy66]

ok people this is my problem ...

I have a vpn connection setup up from 1 location to another workign great..the way i have this setup up is the following...
lan 1. linksys 4 port ethernet Vpn router and there two local machines both windows 2000 pro,and you all know the router acks as a a vpn sever i created a tunnel with lan 2.

lan 2. A linksys 8 port ethernet router ( not a vpn router) and two machine behind this router . 1 machine is windows 2000 pro and the other is windows 2000 advance server.as u know i dont have a vpn router so what i did was ( and it was a pain in the ass to get working ) i setup ipsec on my windows 2000 pro..works great..prob is when i create the same policy on my windows 2000 adv sever i cant ping the vpn router side UNLESSS I unasign the policy of the windows 2000 pro...i went ahead a created yet anther tunnel on my vpn router side ip to ip instead of subnet to subnet and it connected but same problem ,any 1 have any ideas.The only other thing i can think of is that the non vpn router cannot handel the two policys threw pptp and the same time, i dont know,any ideas who be greatfull.thanks

 

[BigDaddyB]

I have a similar situation. I'm setting up a vpn to a customer's site, where they have a Novell Bordermanager firewall, and their workstation DMZ'd.

I have a BEFVP41 router (I've set up many VP41-VP41 tunnels before). I entered all of the tunnel settings on the router and they entered them on the workstation. We get to the point of connecting the tunnel, it does the usual "Tx >>.... Rx >> ....." then it fails with the message (on the VP41) "INVALID-ID-INFORMATION" then "check your local/remote group settings"

I set up a test lab to try this out and I get the same result when my workstation is DMZ'd behind a router or has ports 47, 500 and 1723 forwarded to it. I know the VPN settings are right, as I can connect the tunnel when the workstation is not running behind a router with all of the same settings (change the workstation's IP to the same as the router, then disconnect the router).

What did you do to make this work?

 

[BigDaddyB]

Also, when I called Linksys support, they didn't seem to know much more about this than I do.

 

[spivy66]

Linksys support is such a waste of time,The first time i call them they told me what i wanted to do was not possible( vpn befvp41 to non vpn linksys router) so i took in to my own hands and got it to work..But anyways your setup ..now both your lans have the befvp41 router? cause iam a little confussed with your setup ,cause i have one befvp41 and 1 standard linksys router but using windows 2000 ipsec policy to create the other side of the tunnel, i didnt have much time to play with it this weekend,but i will play with it more this week,but from what i saw on your setup ..I would'nt have the machine dmz'd, just have the ports forwarded to the right lan ip.to much of a security risk.also do you have dhcp running?

 

[BigDaddyB]

For my test setup, both lan's do have VP41's, but the one with the windows client behind it has no tunnels set up, just the IPSEC pass through and PPTP pass through enabled.

I tested it with just ports 47, 500, and 1723 forwarded to it, after turning DMZ off. Same result.

DHCP is off.

I read in a few places that there is issues with IPSEC through NAT routers, and these seem to be similar to what I'm getting.

I'll go bang my head to see if there's anything else obvious I'm missing.

 

[spivy66]

Well i found out why my i cant run two ipsec policy at the same time. the router i have can only handel 1 policy at a time which means iam going to have to buy a second vpn router,o well.