Hi folks!
I am having no end of problems trying to get what should be a simple VPN setup going. The basic setup is as follows:
Office Network:
---------------
ADSL 256/1500 service (/29 network statically assigned by ISP,
205.10.13.176 - 205.10.13.183) | +- Dlink DSL-504T (NAT Disabled, Firewall Disabled, G/W @ 205.10.13.177) | +- Dlink DI-804HV VPN Router (Assigned 205.10.13.178) (LAN 192.168.10.1) | +- Dlink DI-704UP Router (Assigned 205.10.13.179) (LAN 192.168.20.1) | +- Dlink DI-704UP Router (Assigned 205.10.13.180) (LAN 192.168.30.1)Notes: The DSL-504T Modem is setup to use a dynamicly assigned IP address during authentication
The LAN has been assigned 205.10.13.177
DHCP in the DSL-504T has been disabled and all LAN addresses are statically assigned to the various routers.
Each of the routers performs well at it's assigned subnet address with all computers on each subnet being able to access the net.
The problem I am experiencing is trying to get VPN tunnels going with other DI-804HV's at remote sites. I have set up one tunnel for now and can 'sometimes' get it to work, but only if I initiate the connection request from the Office 804HV router. Attempting to establish from the client site NEVER works. All I get is the following messages in the log:
---------------------------------------------------------------------------------------------- WAN Type: Static IP Address (V1.42) Display time: Monday March 06, 2006 11:44:37
Monday March 06, 2006 11:43:41 Send IKE M1(INIT) : 211.47.129.10 -->
205.10.13.178 Monday March 06, 2006 11:43:47 IKED re-TX : INIT to 205.10.13.178 Monday March 06, 2006 11:43:47 Receive IKE INFO : 205.10.13.178 --> 211.47.129.10 Monday March 06, 2006 11:43:52 IKED re-TX : INIT to 205.10.13.178 Monday March 06, 2006 11:43:57 Receive IKE INFO : 205.10.13.178 --> 211.47.129.10 Monday March 06, 2006 11:44:02 IKED re-TX : INIT to 205.10.13.178 Monday March 06, 2006 11:44:07 Receive IKE INFO : 205.10.13.178 --> 211.47.129.10 Monday March 06, 2006 11:44:12 IKED re-TX : INIT to 205.10.13.178 Monday March 06, 2006 11:44:17 Receive IKE INFO : 205.10.13.178 --> 211.47.129.10 Monday March 06, 2006 11:44:32 IKED re-TX : INIT to 205.10.13.178 Monday March 06, 2006 11:44:33 Send IKE (INFO) : delete 211.47.129.10 -> 205.10.13.178 phase 1 Monday March 06, 2006 11:44:33 IKE phase1 (ISAKMP SA) remove : 211.47.129.10 205.10.13.178----------------------------------------------------------------------------------------------
The remote site, 211.47.129.10 uses a cable modem which is connected to the DI-804HV at the client end. This address can to all intents and purposes be considered static even though it is DHCP assigned. It has not changed for almost 2 years.
I have in the past used Smoothwall boxes to connect to remote sites but find that I now need more VPN tunnels than they can handle, plus I need to downsize the equipment to fit into a server rack.
Having spent the last week wrestling with this problem has been very frustrating. I keep reading reviews on the web saying how easy it is to get VPN's working with these Dlink boxes. I just wish I could share this enthusiasm.
Any assistance you can offer would be greatly appreciated.
Regards,
Gerry
Pleae remove the 'killspam' from the email address if replying directly.