Linksys BEFVP41 with concurrent tunnels
- From: "Claeton" <claeton.giordano@xxxxxxxxx>
- Date: 7 Jun 2006 11:03:41 -0700
I am using three BEFVP41 routers for site-to-site LAN connections over
VPN. Two routers connect remote sites with dynamic IP addresses to a
main site with a static IP address. The connections are initiated by
traffic originating at the remote sites. With one site connected, the
tunnel comes up (and stays up) automatically. But the second site does
not connect. The main router's tunnels are configured to accept
connections from ANY Remote Security Gateway. When main router's
tunnels are changed to only accept connections from a specific
domainname or a specific IP address, the VPN connections come right up.
But since these remote sites are on dynamic IP addresses, that is not
a permanent solution. My guess is that since the only difference
between the two tunnels is the subnet, that once a connection is made,
the main router does not know how match the second connection request
to a tunnel definition. Any ideas on how to change this configuration
to solve this problem? Details are below. Thanks in advance, Claeton
Name, IP Address, Location
--------------------------------------------------
R1, static, main site
R2, dynamic, remote site
R3, dynamic, remote site
R1 SETTINGS
-----------
VPN Tunnel: Enabled
Tunnel Name: VP1
Local Secure Group: (Subnet)
IP: 192.168.200.0
Mask: 255.255.255.0
Remote Secure Group: Subnet
IP: 192.168.100.0
Mask: 255.255.255.0
Remote Security Gateway: Any
Encryption: 3DES
Authentication: MD5
Key Management: Auto. (IKE)
PFS: Enabled
Pre-shared Key: abcdef
Key Lifetime: 30000000 seconds
ADVANCED SETTINGS:
Phase 1:
Operation mode : Main mode
Username: <blank>
Proposal:
Encryption: 3DES
Authentication :MD5
Group: 768-bit
Key Lifetime: 30000000 seconds
Phase 2:
Proposal :
Encryption: 3DES
Authentication: MD5
PFS: ON
Group: 768-bit
Key Lifetime: 30000000 seconds
The second tunnel is the same as the first except for the remote
subnet:
Tunnel Name: VP2
Remote Secure Group: Subnet
IP: 192.168.101.0
Mask: 255.255.255.0
R2's and R3's VPN setting are *exactly* the same, except that they have
different Local Secure Group subnets.
R2 SETTINGS
-----------
VPN Tunnel: Enabled
Tunnel Name: VP1
Local Secure Group: (Subnet)
IP: 192.168.100.0
Mask: 255.255.255.0
Remote Secure Group: IP Addr
IP: 192.168.200.0
Mask: 255.255.255.0
Remote Security Gateway: FQDN
mydomain.net
Encryption: 3DES
Authentication: MD5
Key Management: Auto. (IKE)
PFS: Enabled
Pre-shared Key: abcdef
Key Lifetime: 30000000 seconds
ADVANCED SETTINGS:
Phase 1:
Operation mode : Main mode
Username: <blank>
Proposal:
Encryption: 3DES
Authentication :MD5
Group: 768-bit
Key Lifetime: 30000000 seconds
Phase 2:
Proposal :
Encryption: 3DES
Authentication: MD5
PFS: ON
Group: 768-bit
Key Lifetime: 30000000 seconds
Other Settings:
Keep-Alive: <checked>
R3 SETTINGS are the same as R2 EXCEPT for the subnet:
---------------------
Tunnel Name: VP2
Local Secure Group: (Subnet)
IP: 192.168.101.0
Mask: 255.255.255.0
.
- Follow-Ups:
- Re: Linksys BEFVP41 with concurrent tunnels
- From: Simon
- Re: Linksys BEFVP41 with concurrent tunnels
- From: Claeton
- Re: Linksys BEFVP41 with concurrent tunnels
- Prev by Date: Re: Directory mapping without VPN
- Next by Date: Re: Linksys BEFVP41 with concurrent tunnels
- Previous by thread: Directory mapping without VPN
- Next by thread: Re: Linksys BEFVP41 with concurrent tunnels
- Index(es):
Relevant Pages
|
