I am using three BEFVP41 routers for site-to-site LAN connections over VPN. Two routers connect remote sites with dynamic IP addresses to a main site with a static IP address. The connections are initiated by traffic originating at the remote sites. With one site connected, the tunnel comes up (and stays up) automatically. But the second site does not connect. The main router's tunnels are configured to accept connections from ANY Remote Security Gateway. When main router's tunnels are changed to only accept connections from a specific domainname or a specific IP address, the VPN connections come right up. But since these remote sites are on dynamic IP addresses, that is not a permanent solution. My guess is that since the only difference between the two tunnels is the subnet, that once a connection is made, the main router does not know how match the second connection request to a tunnel definition. Any ideas on how to change this configuration to solve this problem? Details are below. Thanks in advance, Claeton
Name, IP Address, Location
-------------------------------------------------- R1, static, main site R2, dynamic, remote site R3, dynamic, remote site
R1 SETTINGS
----------- VPN Tunnel: Enabled Tunnel Name: VP1 Local Secure Group: (Subnet) IP: 192.168.200.0 Mask: 255.255.255.0 Remote Secure Group: Subnet IP: 192.168.100.0 Mask: 255.255.255.0 Remote Security Gateway: Any Encryption: 3DES Authentication: MD5 Key Management: Auto. (IKE) PFS: Enabled Pre-shared Key: abcdef Key Lifetime: 30000000 seconds ADVANCED SETTINGS: Phase 1: Operation mode : Main mode Username: Proposal: Encryption: 3DES Authentication :MD5 Group: 768-bit Key Lifetime: 30000000 seconds Phase 2: Proposal : Encryption: 3DES Authentication: MD5 PFS: ON Group: 768-bit Key Lifetime: 30000000 seconds The second tunnel is the same as the first except for the remote subnet: Tunnel Name: VP2 Remote Secure Group: Subnet IP: 192.168.101.0 Mask: 255.255.255.0
R2's and R3's VPN setting are *exactly* the same, except that they have different Local Secure Group subnets.
R2 SETTINGS
----------- VPN Tunnel: Enabled Tunnel Name: VP1 Local Secure Group: (Subnet) IP: 192.168.100.0 Mask: 255.255.255.0 Remote Secure Group: IP Addr IP: 192.168.200.0 Mask: 255.255.255.0 Remote Security Gateway: FQDN mydomain.net Encryption: 3DES Authentication: MD5 Key Management: Auto. (IKE) PFS: Enabled Pre-shared Key: abcdef Key Lifetime: 30000000 seconds ADVANCED SETTINGS: Phase 1: Operation mode : Main mode Username: Proposal: Encryption: 3DES Authentication :MD5 Group: 768-bit Key Lifetime: 30000000 seconds Phase 2: Proposal : Encryption: 3DES Authentication: MD5 PFS: ON Group: 768-bit Key Lifetime: 30000000 seconds Other Settings: Keep-Alive:
R3 SETTINGS are the same as R2 EXCEPT for the subnet:
--------------------- Tunnel Name: VP2 Local Secure Group: (Subnet) IP: 192.168.101.0 Mask: 255.255.255.0