Cisco Routers :: RV220W PPTP Users Unable To Access Subnet Across Tunnel
Apr 21, 2012
I have two offices connected with an IPSEC VPN tunnel using RV220W routers. The Tunnel works fine for local users between the two sites(Site 1:10.0.0.x; site 2 is 10.0.2.x). I have also set up PPTP users for remote access. PPTP users that connect to site 1 cannot access site 2 and vice versa. The PPTP users have no trouble accessing the resources on the site that they connect to. I have tried activating RIP and adding various static routes with no success. If I PPTP connect to site 1 and I tracert to an IP address on site 2 the route goes to the site 1 router and then goes to the internet(connected to the site 1 router) where it stops.
I have a weird problem which I have already submitted a TAC ticket about. When users authenticate through AnyConnect into our HQ ASA 5510 they grab an address from 172.16.254.x. What we have been noticing intermittently is that when logged into our network through the client they are unable to access their resources at one of our remote offices which is connected over l2l to the HQ ASA. This problem just started randomly a week ago and we have been working with Cisco trying to create a solution.
My quick fix is logging into a device at the remote office which is trying to be accessed and pinging the gateway of the virtual subnet for AnyConnect users. When I ping 172.16.254.1 it goes through after a few dropped icmp packets and then the issue is resolved for about 8 hours or so.
I've encountered a problem when using PPTP VPN to access my network. I can connect in and able to ping the hosts connected to the RV110W. [code] On the local network, I am able to ping the hosts in 192.168.250.x from 192.168.251.x and vice versa.Static routes are configured to ensure that all networks are reachable.The problem comes when I tried to VPN (PPTP) in from a remote location using the Windows XP's built in default VPN dialer.When connected, I can ping all the hosts on 192.168.254.xxx segments, but when I tried to ping the hosts in 192.168.250.xxx and 192.168.251.xxx segments, I get a request timeout.
The routing table on the RV110W shows the gateway for 192.168.254.240 (the VPN IP address) as 0.0.0.0 and interface is WAN.What am I missing and how should I configure the RV110W so that I can access the other subnets through VPN?
I set up a PPTP VPN with an RV220W recently. It was working flawlessly until a recent power outage and now users are getting the 807 error when attempting to connect. I have PPTP passthrough enabled and TCP/UDP 1723 open. As far as I can tell GRE 47 is open as well. Why it was working and is not working after a power outage?
I recently installed a new 220W with the sole intention of setting up the PPTP server. I got the router installed and working but cannot get the PPTP server working. Also when i configure a block of IP address from my lan for the server it tells me i cannot use that subnet? i have set it up this way with other routers ( RV042 ) with no issues.
I have the RV220W and we are mainly using PPTP for VPN access. I can not add more than 9 PPTP VPN user acounts. When I go to add a tenth account the interface just hangs and stops responding. I can delete a user and then add another user and this works fine. I can also add other types of VPN users.
I've got trouble using PPTP connections with the RV220W small business router.When trying to connect to the router of a branch office with the Windows PPTP client (i.e. on Windows 7) from outside the companies network first everything seems to be in working order (user name and password are checked, the device is registered in the remote subnet) but then a window pops up saying there has been an error connecting.
Here is some information on my setup:RV220W with firmware 18.104.22.168It connects to the Internet using PPPoE dialindyndns account configured and workingAnother router working in "Act as a DSL modem" mode is used as a modem (AVM FRITZ!Box 7170)The RV220W is maintaining a IPSec tunnel to a main office, which is working finethere are 2 local VLANs (one with access to VPN tunnel, one without), each with a own subnet (192.168.201.0/24 and 192.168.202.0/24)PPTP users are on a seperate subnet (192.168.203.101 - 192.168.203.111) My first guess was, that the intermediate router acting as the modem could be a problem, but i verified all settings on that router and it should not filter anything. After all port forwardings, the IPSec tunnel and so on are working.
I currently have a RV220W connected over PPTP to the internet. I want to connect with an RV042 with a fixed IP Address.The connection is working, but I always have to add a static route to the remote IP-Adress that I can transmit data.Since my own IP Adress is a dynamic one that changes every day I have to enter every day in the static route as gateway adress the new WAN IP Address.
i'm having problems connecting to my RV220W using PPTP. The first time I set up PPTP on the box, everything worked just fine. Now, however, PPTP just won't work. No matter how I try to tweak various settings on the router, the connection fails. I have tried connecting with Windows 7, Android and OSX with no success.The router came with version 22.214.171.124, and I have tried downgrading to 126.96.36.199 and upgrading to 188.8.131.52, but alas, I can't seem to make PPTP work again.
I possess a RV220W (firmware 184.108.40.206) but I can't seem to work with the PPTP server on one VLAN only.
My default VLAN is in 192.168.1.1/24. I created a VLAN ID 10 in 192.168.50.1/24 inter-vlan routing : disabled and Device Management : disabled. (Menu Networking > LAN > VLAN Membership and Multiple VLAN Subnets).
Then I configured a PPTP server on the IP range 192.168.50.200 to 192.168.50.210.
To finish I created my user. (Menu VPN > IPSEC > VPN Users).
The PPTP tunnel is working, but on all my local network and not only the VLAN ID 10.
I'm trying to setup this router with my IP range 192.168.100.1 to 192.168.101.254 but if I try to enter a subnet mask other than 255.255.255.0 I get the error - Invalid subnet mask. It should be 255 for given class of IP address at 255.255.xxx.0.
Every other device on my network allows that subnet mask, why not this router, it's stopping access from my 192.168.101.x devices.
Can I configure a PIX (515), as PPTP client to establish a tunnel with non-Cisco PPTP server ? Can my PIX initiate this type of connection ?Today, I use a PC with PPTP client to establish this and I want replace this with a PIX and I don´t want depends of a PC.
Question 1. I have no idea how to route IPv6. My provider has provided me with a subnet. This subnet is for example 1:1:1::/48
The router of the provider is located at 1:1:1::1 and my router should get 1:1:1::2(Cisco router). Every subnet I want to create must be routed by 1:1:1::2, for example if I want to create 1:1:1:1111::/64 it needs to be routerd by 1:1:1::2
How do I configure this on the RV220w?
Question 2. I have the possibility to create vlans on the RV220W. I can configure IPv4 addressen per vlan. Only for IPv6 this is not possible.How do I configure this or when will new software be released to configure this?Or do I have to edit the configuration file?
Based on my diagram, my computer A (192.168.100.11) can ping and access my computer B (192.168.10.14). But, when i'm home and i use remote access vpn (192.168.200.x) in cisco asa 5520 to connect to my computer A is okay. But, when i try to ping my computer B is not okay. I already do the exemption for 192.168.100.x and 192.168.10.x in nat rules for inside interface (192.168.100.2) ...
Should i put routing from outside 220.127.116.11 to 192.168.10.x by using 192.168.100.1 as a gateway?
We assign (reserve by MAC actually) static IPs to all of our devices. Over time we have gotten rid of some devices but haven't begun (or finished really) re-using the old IPs. On our WRVS4400N v2 routers we are able to set the max number of DHCP users per Vlan. This prevents unauthorized devices trying to connect to our LAN.For example. I set the range from 192.168.1.100 - 192.168.1.103. IPs 100, 101, and 103 are in use (reserved via MAC address). We set max number of DHCP users to 3. This prevents someone from gaining access to 192.168.1.102. Does this make sense? Or at least this was the initial goal and it tested out successfully back when we implemented it.
How can I do the same for with the RV220W? I can set the range, assign static IPs (reserve IPs by MAC address), but can't keep others from gaining accessing to our LAN via the unused IPs (not assigned a static IP).My initial thought was to create static IPs (for the unused IPs) using dummy MAC addresses. I'm sure there is a much better way of accomplishing what I am trying to do.
I have a RV220W setup with SSL VPN users, authenticating to an internal Active Directory. Maybe 5 ports forwarded and 8 external IP addresses. Besides this i have 1 data VLAN and a voice vlan on my network.
The reboots are on different times on a day, even on Sundays at 7 AM when noone is logged in to the network.FW is at 18.104.22.168.
is it possible to share the same network segment like my LAN for mobile users? In a so called bridge mode? I got a VPN tunnel to a customer from my local network and i need to access it within the mobile access. I can not change the VPN Site to Site tunnel.
How to set up a home network with 2 routers, where R1 acts as the DHCP server and R2 is basically a switch, connected LAN to LAN and everything is on the same subnet. Currently I have a different setup:Both routers have the DHCP server enabled and I connect R2's WAN port to R1 LAN. Therefore I have 2 subnets. Now my special requirement is that R2 is a DD-WRT router, which establishes a VPN connection to StrongVPN, so that all internet traffic via R2 is encrypted and goes through the StrongVPN server. Now my question:If I change my router setup to the same subnet, meaning R2 connects LAN to R1 LAN and I disable DHCP server on R2, will R2 still be able to establish the VPN connection?
IPv6 -> Tunneling.The 6to4 tunnel did not initialize after a reboot. The automatic tunneling had to be disabled and enabled again.It was used for a 6in4 tunnel to tunnelbroker and the Remote End Point IPv4.Address was enabled and specified.
We have 2 RV220W Routers installed in seperate offices. We are attempting to setup a IPSec tunnel between the two sites. So far we have been unsuccessful in getting this to work.On both sides, we are getting a successful connection established, but netiher site is recieving any packets. Both sides are transmitting packets though. We have exhausted our resources trying to figure out why.
I have a Cisco RV220W updated to latest firmware 22.214.171.124. I have been trying to get a VPN setup for the past few days without success. We had a test VPN up and running previously, but when we changed the IP's and secret key to connect the live VPN tunnel it failed and we haven't been able to get it working since.We have deleted both ends, rebuilt them probably 6 times each. We have changed secret keys, tried 3DES, AES, and AES256 encryptions with SHA-1. All the internal IP settings are correct :IE 192.168.1.1/24 or 192.168.1.1 255.255.255.0,External IP's are right, only oddball thing here is one of the external IP's is assigned by DHCP and is a /22 although the previous tunnel worked with the same ISP.
i'm using an rv220W and i whant to know if is it possible to assign vpn traffic to a vlan when i setup an ipsec tunnel?
example: Im using different vlans on my rv220W. Vlan 10: engineers (ex: 192.168.1.0/27) no intervlan routing Vlan20: sales (ex: 10.0.123.0/24) no intervlan routing
This is what i need: - An engineer is on the road and when he makes a ipsec vpn connection => assignd to the vlan "engineers" so he can access the server/pc's in that vlan.and when someone from the sales group starts a vpn connection he needs to be in the vlan "sales" so he can access his pc/data,...
I have RV110W connected in private network 192.168.5.0/24, I have redirected pptp port from adsl modem to the RV110W and VPN works OK. DDNS on the adsl modem is not available.I need to use Dynamic DNS functionality on my RV110W. The device supports several DDNS services (TZO.com, Dyn DNS.com, 3322.org and noip.com). For all but TZO the public "Internet IP Address" shows as 192.168.5.110, which also gets auto registered with the DDNS service.I have tested this with free noip.com account and this is obviously undesired behavior. I need the router to register my real public IP.For TZO it shows the proper public IP, but TZO service is no longer available on TZO.com.
I use to be running on firmware 126.96.36.199 with ProtectLink-Web working great, but then it expired. Some time later I updated the router to 188.8.131.52 and purchased a three year subscription to ProtectLink-Web, followed the registration link on the router, obtained an activation code, followed the activation link on the router and activated the service, however it didn't activate on the router.
I try to activate again and Trend Micro's site just says that it's already been activated. I contacted Trend Micro support and they see the activation attempts on there end and they said everything should be working. They recommended a factory reset which I performed and then attempted activation again, and again their site says that the service has already been activated. And yet when I go to Cisco ProtectLink Web > License > Summary it just says: "Please activate ProtectLink License to display the license information" and wont allow me to access the features. What is going on? Could the firewall be blocking the service? I didn't have this trouble the first time I used ProtectLink with f/w 184.108.40.206
I am working on a site that has recently added a new subnet and I am unable to ping any of the stations on this new network. I have configured an Exempt NAT rule just the same as the rules allowing access to other networks. I have a feeling the problem is in the Site-to-Site VPN configuration since the new subnet is at the primary location over the VPN.
In the site-to-site configuration I added the new subnet to the list of "Remote Networks" and I still can't communicate with any of the devices on the network. If I go to the main site I have no problems so it appears to be related to the VPN or a configuration in the ASA on that site.
A port scan shows that all the traffic is "filtered" so somewhere either the site ASA or the main ASA is blocking the traffic.