| GerryInOZ 2006-03-05, 8:48 pm |
| Hi folks!
I am having no end of problems trying to get what should be a simple VPN
setup going. The basic setup is as follows:
Office Network:
---------------
ADSL 256/1500 service (/29 network statically assigned by ISP,
205.10.13.176 - 205.10.13.183)
|
+- Dlink DSL-504T (NAT Disabled, Firewall Disabled, G/W @
205.10.13.177)
|
+- Dlink DI-804HV VPN Router (Assigned
205.10.13.178) (LAN 192.168.10.1)
|
+- Dlink DI-704UP Router (Assigned 205.10.13.179)
(LAN 192.168.20.1)
|
+- Dlink DI-704UP Router (Assigned 205.10.13.180)
(LAN 192.168.30.1)
Notes: The DSL-504T Modem is setup to use a dynamicly assigned IP address
during authentication
The LAN has been assigned 205.10.13.177
DHCP in the DSL-504T has been disabled and all LAN addresses are
statically assigned to
the various routers.
Each of the routers performs well at it's assigned subnet address
with all computers on
each subnet being able to access the net.
The problem I am experiencing is trying to get VPN tunnels going with other
DI-804HV's at remote
sites. I have set up one tunnel for now and can 'sometimes' get it to work,
but only if I initiate
the connection request from the Office 804HV router.
Attempting to establish from the client site NEVER works. All I get is the
following messages
in the log:
----------------------------------------------------------------------------------------------
WAN Type: Static IP Address (V1.42)
Display time: Monday March 06, 2006 11:44:37
Monday March 06, 2006 11:43:41 Send IKE M1(INIT) : 211.47.129.10 -->
205.10.13.178
Monday March 06, 2006 11:43:47 IKED re-TX : INIT to 205.10.13.178
Monday March 06, 2006 11:43:47 Receive IKE INFO : 205.10.13.178 -->
211.47.129.10
Monday March 06, 2006 11:43:52 IKED re-TX : INIT to 205.10.13.178
Monday March 06, 2006 11:43:57 Receive IKE INFO : 205.10.13.178 -->
211.47.129.10
Monday March 06, 2006 11:44:02 IKED re-TX : INIT to 205.10.13.178
Monday March 06, 2006 11:44:07 Receive IKE INFO : 205.10.13.178 -->
211.47.129.10
Monday March 06, 2006 11:44:12 IKED re-TX : INIT to 205.10.13.178
Monday March 06, 2006 11:44:17 Receive IKE INFO : 205.10.13.178 -->
211.47.129.10
Monday March 06, 2006 11:44:32 IKED re-TX : INIT to 205.10.13.178
Monday March 06, 2006 11:44:33 Send IKE (INFO) : delete 211.47.129.10 ->
205.10.13.178 phase 1
Monday March 06, 2006 11:44:33 IKE phase1 (ISAKMP SA) remove : 211.47.129.10
<-> 205.10.13.178
----------------------------------------------------------------------------------------------
The remote site, 211.47.129.10 uses a cable modem which is connected to the
DI-804HV at the client
end. This address can to all intents and purposes be considered static even
though it is DHCP
assigned. It has not changed for almost 2 years.
I have in the past used Smoothwall boxes to connect to remote sites but find
that I now need more
VPN tunnels than they can handle, plus I need to downsize the equipment to
fit into a server rack.
Having spent the last week wrestling with this problem has been very
frustrating. I keep reading
reviews on the web saying how easy it is to get VPN's working with these
Dlink boxes. I just wish
I could share this enthusiasm.
Any assistance you can offer would be greatly appreciated.
Regards,
Gerry
Pleae remove the 'killspam' from the email address if replying directly.
|