Trevatwork
IS-IT--Management
- Nov 30, 2006
- 309
We are trying to configure a VPN connection between a Contivity 1750 router at our main office and a BSR222 in another office. We have set them up in a lab environment to test the settings before hand and nothing we have tried so far has worked.
Right now it looks like this:
End User --- Contivity --- D-Link --- BSR --- End User
We're using the D-Link just to seperate the two networks because it's all we have.
When I run the test from the Profiles>Branch Office page it comes back failed a few of the events that to me look like the reasons are:
Session: IPSEC[192.168.17.1] attempting login
Session: IPSEC[192.168.17.1] has no active session
Session: IPSEC[192.168.17.1] BSR222 has no active accounts
...
No response from client - logging out
Failed Login Attempt: Username=192.168.17.1
17.1 is the external IP of the BSR, the test is being run from the Contivity side. We're using Perr to Peer IPSec with a key which I have made certain matches on both ends.
On the Contivity configuration pages I have the Endpoints set up as the respective external IPs. Tunnel MTU is enabled at 1788 (defaults).
Under IP Configuration I have the internal management IP on the Contivity as the local network and the remote network has been set up as the network address and mask for the internal network of the BSR.
The BSR is set to connection type Branch Office and has the same name as the contivity connection. It uses IKE key management, tunnel encapsulation and Main negotiation management.
The IP Profile is set for One-to-One with the Private starting IP as the BSR internal address and the Virtual starting IP as the BSR external address.
The Local address is greyed out but is set for Single Address with the starting and ending addresses both set to the BSR external IP.
The Remote Address is again Single and set to the external IP of the contivity.
My IP address is set as the internal IP of the BSR and the Secure Gateway Address is the external Contivity address.
Encryption is set to ESP DES SHA1 on the BSR and all methods except AH only are accepted by the Contivity.
Can anyone help out?
Right now it looks like this:
End User --- Contivity --- D-Link --- BSR --- End User
We're using the D-Link just to seperate the two networks because it's all we have.
When I run the test from the Profiles>Branch Office page it comes back failed a few of the events that to me look like the reasons are:
Session: IPSEC[192.168.17.1] attempting login
Session: IPSEC[192.168.17.1] has no active session
Session: IPSEC[192.168.17.1] BSR222 has no active accounts
...
No response from client - logging out
Failed Login Attempt: Username=192.168.17.1
17.1 is the external IP of the BSR, the test is being run from the Contivity side. We're using Perr to Peer IPSec with a key which I have made certain matches on both ends.
On the Contivity configuration pages I have the Endpoints set up as the respective external IPs. Tunnel MTU is enabled at 1788 (defaults).
Under IP Configuration I have the internal management IP on the Contivity as the local network and the remote network has been set up as the network address and mask for the internal network of the BSR.
The BSR is set to connection type Branch Office and has the same name as the contivity connection. It uses IKE key management, tunnel encapsulation and Main negotiation management.
The IP Profile is set for One-to-One with the Private starting IP as the BSR internal address and the Virtual starting IP as the BSR external address.
The Local address is greyed out but is set for Single Address with the starting and ending addresses both set to the BSR external IP.
The Remote Address is again Single and set to the external IP of the contivity.
My IP address is set as the internal IP of the BSR and the Secure Gateway Address is the external Contivity address.
Encryption is set to ESP DES SHA1 on the BSR and all methods except AH only are accepted by the Contivity.
Can anyone help out?
