SOURCE: Nortel Extranet VPN using ESP IPSec
Step 1 Go into the web-based configuration on the router (enter 192.168.0.1 in your web brower). Enter username (admin) and password (blank). Step 2 Click on Advanced at the top and then click on Applications on the left side. Step 3 Check Enable Step 4 Enter a name (i.e. Nortel). Step 5 Enter 500 for Trigger Port (500 - 500). Step 6 Select Both for Trigger Type. Step 7 Enter 500 for Public Port. Step 8 Select Both for Public Type. Step 9 Click Apply and then click on Continue when prompted.
SOURCE: Configuring the DI-804HV/DI-808HV
Step 1: Log into the web based configuration of the router by typing in the IP address of the router (default: 192.168.0.1) in your web browser. By default the username is admin and there is no password. Step 2: Click the VPN button on the left column, select the checkbox to Enable the VPN, and then in the box next to Max. number of tunnels, enter the maximum numbers of VPN tunnels that you would like to have connected. Step 3: In the space provided, enter the Tunnel Name for ID number 1, select IKE, and then click More. Step 4: In the Local Subnet and Local Netmask fields enter the network identifier for DI-804HV´s LAN and the corresponding subnet mask. Step 5: In the Remote Subnet and Remote Netmask fields enter the network identifier for the DI-804V´s LAN and the corresponding subnet mask. Step 6: In the Remote Gateway field enter the WAN IP address of the remote DI-804V and in the Preshared Key field, enter a key which must be exactly the same as the Preshared Key that is configured on the DI-804V. Step 7: Click Apply and then click on Select IKE Proposal... Step 8: Enter a name for proposal ID number 1 and select Group 2 from the DH Group drop-down menu. Step 9: Select 3DES as the Encryption Algorithm and SHA-1 as the Authentication Algorithm. Step 10: Enter a Lifetime value of 28800 and then select Sec. as the unit for the lifetime value. Step 11: Select 1 out of the Proposal ID drop-down menu and click Add To, which will add the proposal that was just configured to the IKE Proposal Index. Click Apply and then click Back. Step 12: Click on Select IPSec Proposal... Step 13: Enter a name for proposal ID number 1 and select None from the DH Group drop-down menu. Step 14: Select ESP as the Encapsulation Protocol. Step 15: Select 3DES as the Encryption Algorithm and MD5 as the Authentication Algorithm. Step 16: Enter a Lifetime value of 3600 and then select Sec. as the unit for the lifetime value. Step 17: Select 1 out of the Proposal ID dropdown menu and click Add To, which will add the proposal that was just configured to the IPSec Proposal Index. Click Apply and then click Restart. Configuring the DI-804V: Step 1: Access the router?s web configuration by entering the router?s IP address in your web browser. The default IP address is 192.168.0.1. Login using your password. The default username is admin and the password is blank. Help Accessing Web Management Step 2: Click on Basic Setup and then select Device IP Settings on the left. Step 3: Change the LAN IP address so that it is on a different subnet than the LAN of the DI-804HV (ie 192.168.1.1). Step 4: Click Next until you reach the Save & Restart screen. Click Save & Restart and then click Basic Setup once the unit has rebooted. Step 3: Click on VPN Settings. Step 4: Name your VPN connection and click ADD. Step 5: In Remote IP Network and Remote IP Netmask fields enter the network identifier and corresponding subnet mask of the DI-804HV´s LAN. Step 6: In the Remote Gateway IP field enter the WAN IP address of the DI-804HV and make sure that the Network Interface is set to WAN Ethernet. Step 7: Verify that Secure Association is set to IKE and that Perfect Forward Secure is Disabled. Step 8: Verify the Encryption Protocol is set to 3DES and enter in your Preshared Key. The Preshared Key needs to be identical to the one configured on the DI-804HV Step 9: Leave the Key Life and IKE Life Time values at their default levels and click SAVE. Step 10: Click Next and then click on Save & Restart Establishing a connection: Step 1: Open a command prompt (Start > Run and type CMD) and from a computer on the internal LAN of the DI-804HV, ping the IP address of a computer that is on the internal LAN of the DI-804V, or vice versa. Step 2: Once you begin to receive replies, the VPN connection has been established. Step 3: To view the Status of the VPN on the DI-804V, click on Device Status. Step 4: From the Device Status screen click on VPN Status. Step 5: When the VPN has been established, the Status will be Active.
SOURCE: Configuring IPSec between a Microsoft Windows 2000 or XP PC and a Linksys VPN Router
Windows XP or Windows 2000 IP Address: 140.111.1.2 ? User ISP provide IP Address, this is only a sample Subnet Mask: 255.255.255.0 BEFVP41 WAN IP Address: 140.111.1.1 ? User ISP provide IP Address, this is only a sample Subnet Mask: 255.255.255.0 LAN IP Address: 192.168.1.1 Subnet Mask: 255.255.255.0 Step-by-Step [Windows 2000/XP] Create IPSec Policy 1. Click the Start button, select Run, and type secpol.msc. in the open field. 2. Right-click IP Security Policies on Local Computer and click Create IP Security Policy. 3. Click the Next button, and then type a name for your policy (for example, ?to_befvp41?). Then, click Next. 4. Deselect the Activate the default response rule check box and then click the Next button. 5. Click the Finish button, making sure the Edit check box is checked. Build 2 Filter Lists: ?WinXP? BEFVP41? and ?BEFVP41? WinXP?. Note: The references in this section to ?WinXP? can easily be exchanged for ?Win2000?, if running Windows 2000. Filter List 1: WinXP? BEFVP41 1. In the new policy properties, deselect the Use Add Wizard check box and then click the Add button to create a new rule. 2. From the IP Filter List tab, click the Add button. 3. Type an appropriate name ?WinXP? BEFVP41? for the filter list, deselect the Use Add Wizard check box, and click the Add button. 4. In the Source address field, select My IP Address. 5. In the Destination address field, select A specific IP Subnet, and fill in the IP Address 192.168.1.0 and Subnet mask 255.255.255.0. 6. If you want to type a description for your filter, click the Description tab. 7. Click the OK button. Then click the OK (for WinXP) or Close (for WIN2000) button on the IP Filter List window. Filter List 2: BEFVP41? WinXP 8. On the IP Filter List tab, click the Add button. 9. Type an appropriate name ?BEFVP41? WinXP? for the filter list, deselect the Use Add Wizard check box, and click the Add button. 10. In the Source address field, select A specific IP Subnet, and fill in the IP Address 192.168.1.0 and Subnet mask 255.255.255.0. 11. In the Destination address field, select My IP Address. 12. If you want to type a description for your filter, click the Description tab. 13. Click the OK button and click the OK (for WinXP) or Close (for Win2000) button on IP Filter List window. Configure Individual Rule of 2 Tunnels Tunnel 1: WinXP? BEFVP41 1. From the IP Filter List tab, click the filter list WinXP? BEFVP41. 2. From the Filter Action tab, click the filter action ?Require Security?, and click the Edit button. 3. verify that the Negotiate security option is enabled, and deselect the Accept unsecured communication, but always respond using IPSec check box. 4. Select the Session key perfect forward secrecy (PFS) and remember to check the PFS option on the BEFVP41, and click the OK button. 5. From the Authentication Methods tab, click the Edit button. 6. Change the authentication method to Use this string (preshared key), enter the string ?XYZ12345?, and click the OK button. This new Preshared key will be displayed. Click the OK button to continue. 7. From the Tunnel Setting tab, click The tunnel endpoint is specified by this IP Address radio button and type the WAN IP Address 140.111.1.1 of the BEFVP41. 8. From the Connection Type tab, Select All network connections and click the OK button to finish this rule. Tunnel 2: BEFVP41? WinXP 9. In the new policy properties, deselect the Use Add Wizard check box and click the Add button to create the second IP Filter. 10. From the IP Filter List tab, click the filter list BEFVP41? WinXP. 11. From the Filter Action tab, select the filter action Require Security. 12. From the Authentication Methods tab, click the Edit button. 13. Change the authentication method to Use this string (preshared key), enter the string ?XYZ12345?, and then click the OK button. This new Preshared key will be displayed. Click the OK button to continue. 14. From the Tunnel Setting tab, click the radio button for The tunnel endpoint is specified by this IP Address and type the Windows 2000/XP IP Address 140.111.1.2. 15. From the Connection Type tab, select All network connections. Then, click the OK (for WInXP) or Close (for Win2000) button to finish . 16. From the Rules tab, click the OK button to go back to the secpol screen. Assign New IPSec Policy 1. In the IP Security Policies on Local Computer MMC snap-in, right-click the policy named to_befvp41, and click Assign. A green arrow appears in the folder icon. [BEFVP41] Setup Screen 1. Open your web browser and enter 192.168.1.1 in the Address field and press the Enter key. 2. When the User name and Password field appears, skip the user name and enter the default password admin and press the
SOURCE: DLink DI-624s - can't get Cisco VPN Client to connect.
The "Virtual Server" setting is designed to give the general public access to a network resrouce (web/ftp/media server) on your internal network. If your the VPN concentrator is external to your network (meaning you'll have to use the internet to connect to it), then you won't need to define a virtual server on the DI-624.
You'll just need to enable the IPSEC and PPTP VPN Passthrough which it sounds like you've already done this. I've run into some ISP's that block VPN connections out of their network. If you have the ability, try to directly connect your laptop into your cable/DSL modem in place of your router and see if you can make a VPN connection, if not contact your ISP, if you can then verify you enabled the VPN passthroughs because your router is blocking them.
GIve it a shot and let us know your results.
SOURCE: DIR 625 IPSec cisco vpn solution
go to "advanced", firewall settings, in ALG configuration uncheck "VPN". It will work and that's the easiest way to fix this issue.
26 views
Usually answered in minutes!
×