RVS4000 VPN Woes

Similar Messages

• DHCP Relay RV042 to RVS4000 VPN

  Is this possible? I have a couple of thin clients at a remote location that I would like to connect to my local DHCP server.  The clients are connecting to the RVS4000 @ 192.168.20.1  .  The RVS4000 connects to the RV042 (192.168.10.1 with two WAN IPs) through the IPSEC VPN.  I have a DHCP server @ 192.168.10.239 with a scope for 192.168.10.x and 192.168.20.x.   Should this work?  Any special setting other than turning on the relay and setting the IP for the DHCP Server? Local DHCP clients are connecting fine, but not the remote clients.  I did see one request an address when I first turned it on, but it timed out on the other side. After that I haven't been able to get another request through.  Thanks for reading.

  Larry,
  I don't believe what your wanting to do will work. The reason is, when you have an ip address you have a specific default gateway and that gateway is your access off you local network.
  If your default gateway is on another network and your on a remote local network you will not be able to get out.
  Try doing a static ip address on the clients and see if that works.
  If it does then you can leave them static, but i believe this will not work.

• RVS4000 VPN & IPAD

  I know from searching this site the IPAD and this router dont work together.
  However
  Since the IPAD VPC IPSec has Cisco's logo on it I would ahve to assum Cisco worked with Apple on this function.
  Can Cisco modify the RVS4000 to add a feature to work with the IPADS VPN
  or
  Work with Apple to offer a mode that works with the current VPN

  I just had a chat with the Small Business Support Guy today and he said that he had personally tested the Anyconnect app just recently, and it WILL NOT connect to the RVS 4000. -

• SonicWall VPN Woes

  Are the sites having problems on Comcast? I've had their crap block dhcp

  Two months ago we replaced an aging firewall with a SonicWall NSA 2600. It fulfilled several of my goals in one device: ability to expand the network, IPS, easier to manage, etc.However, VPN has never consistently worked since. I worked with our MSP on the multiple issues our remote users have been having these two months and now have no ideas how to proceed. Maybe you can help?Yesterday we spent seven hours on the phone with SonicWall support, through several engineers reinstalling software, doing registry hacks, using Powershell, etc. to no avail. At the end of the day the engineer says, "It is not a SonicWall problem." To be fair, an identical machine works here at the office (through hotspot) but not in Maine, and other identical machines have no problems in their locations.The Meat: SonicWall NSA 2600 SSL-VPN with Active...
  This topic first appeared in the Spiceworks Community

• VPN Woes with new AP unit

  I bought a new Airport Extreme, hooked it up and was enjoying everything that was flawlessly running... Then we tried our vpns.
  I ended up calling support to find out what I was doing wrong, and it tunes out that my purchase was the issue!
  We have two types of vpns here, cisco and Nortel. The recomendation was to negate our NAT and place everything out in the DMZ. After I finished laughing, I regretably took my unit back.
  Is there ANYONE that has a logical fix for this or recomendation... comments? I can see from oher posts that we are not alone here as far as getting propper vpn pass through on the new access point.
  We really liked the unit, but can not live without our vpn connections...
  Thanks

  Still reading -- but these links are very useful:
  Protocols supported by iOS:
  http://support.apple.com/kb/HT1288
  Setting up VPN (basic guide):
  http://support.apple.com/kb/HT1424?viewlocale=en_US

• VPN Woes

  After working (sometimes) for a year, now my VPN seems completely broken. I've been using it to access computers on the LAN using ARD while on the road. I can only connect to VPN currently while on the LAN while connecting to OSX Server's router address (10.0.1.1). This work. But if I try to connect the server's external IP address I get no connection. At first I thought it was a firewall issue, but after opening almost everything, both on the server and the client, I still have no luck.

  Jeff --
  Within the LAN I can connect and authenticate from a client only to the server's internal port (10.0.1.1) although once connected it shows as connected to the server's external IP.
  From the client I can ping both 10.0.1.1 and the external IP from within the LAN. Stopped and restarted VPN. It's setup to hand out addressed from 10.0.1.200 to 210. I'm using MS-Chap to authenticate, as Kerberos does not work for VPN for some reason. The DNS server on the "client info" page is set to 10.0.1.1 and a private routing definition is assigned to 10.0.1.0.
  The error returned is: "The server did not respond"
  It "feels" like a firewall problem, but I have all necessary ports open on both the server and the client.
  A log from a recent attempt:
  2006-08-25 17:29:45 EDT Loading plugin /System/Library/Extensions/L2TP.ppp
  2006-08-25 17:29:45 EDT Listening for connections...
  2006-08-25 17:30:05 EDT Incoming call... Address given to client = 10.0.1.200
  Fri Aug 25 17:30:06 2006 : Directory Services Authentication plugin initialized
  Fri Aug 25 17:30:06 2006 : Directory Services Authorization plugin initialized
  Fri Aug 25 17:30:06 2006 : L2TP incoming call in progress
  Fri Aug 25 17:30:06 2006 : L2TP received SCCRQ
  Fri Aug 25 17:30:06 2006 : L2TP sent SCCRP
  2006-08-25 17:30:06 EDT Incoming call... Address given to client = 10.0.1.201
  Fri Aug 25 17:30:06 2006 : Directory Services Authentication plugin initialized
  Fri Aug 25 17:30:06 2006 : Directory Services Authorization plugin initialized
  Fri Aug 25 17:30:07 2006 : L2TP incoming call in progress
  Fri Aug 25 17:30:07 2006 : L2TP received SCCRQ
  Fri Aug 25 17:30:07 2006 : L2TP sent SCCRP
  2006-08-25 17:30:07 EDT Incoming call... Address given to client = 10.0.1.202
  Fri Aug 25 17:30:07 2006 : Directory Services Authentication plugin initialized
  Fri Aug 25 17:30:07 2006 : Directory Services Authorization plugin initialized
  Fri Aug 25 17:30:07 2006 : L2TP incoming call in progress
  Fri Aug 25 17:30:07 2006 : L2TP received SCCRQ
  Fri Aug 25 17:30:07 2006 : L2TP sent SCCRP
  2006-08-25 17:30:08 EDT Incoming call... Address given to client = 10.0.1.203
  Fri Aug 25 17:30:09 2006 : Directory Services Authentication plugin initialized
  Fri Aug 25 17:30:09 2006 : Directory Services Authorization plugin initialized
  Fri Aug 25 17:30:09 2006 : L2TP incoming call in progress
  Fri Aug 25 17:30:09 2006 : L2TP received SCCRQ
  Fri Aug 25 17:30:09 2006 : L2TP sent SCCRP
  2006-08-25 17:30:09 EDT Incoming call... Address given to client = 10.0.1.204
  Fri Aug 25 17:30:09 2006 : Directory Services Authentication plugin initialized
  Fri Aug 25 17:30:09 2006 : Directory Services Authorization plugin initialized
  Fri Aug 25 17:30:09 2006 : L2TP incoming call in progress
  Fri Aug 25 17:30:09 2006 : L2TP received SCCRQ
  Fri Aug 25 17:30:09 2006 : L2TP sent SCCRP
  2006-08-25 17:30:10 EDT Incoming call... Address given to client = 10.0.1.205
  Fri Aug 25 17:30:10 2006 : Directory Services Authentication plugin initialized
  Fri Aug 25 17:30:10 2006 : Directory Services Authorization plugin initialized
  Fri Aug 25 17:30:10 2006 : L2TP incoming call in progress
  Fri Aug 25 17:30:10 2006 : L2TP received SCCRQ
  Fri Aug 25 17:30:10 2006 : L2TP sent SCCRP
  2006-08-25 17:30:11 EDT Incoming call... Address given to client = 10.0.1.206
  Fri Aug 25 17:30:11 2006 : Directory Services Authentication plugin initialized
  Fri Aug 25 17:30:11 2006 : Directory Services Authorization plugin initialized
  Fri Aug 25 17:30:11 2006 : L2TP incoming call in progress
  Fri Aug 25 17:30:12 2006 : L2TP received SCCRQ
  Fri Aug 25 17:30:12 2006 : L2TP sent SCCRP
  2006-08-25 17:30:12 EDT Incoming call... Address given to client = 10.0.1.207
  Fri Aug 25 17:30:12 2006 : Directory Services Authentication plugin initialized
  Fri Aug 25 17:30:12 2006 : Directory Services Authorization plugin initialized
  Fri Aug 25 17:30:12 2006 : L2TP incoming call in progress
  Fri Aug 25 17:30:12 2006 : L2TP received SCCRQ
  Fri Aug 25 17:30:12 2006 : L2TP sent SCCRP
  2006-08-25 17:30:13 EDT Incoming call... Address given to client = 10.0.1.208
  Fri Aug 25 17:30:13 2006 : Directory Services Authentication plugin initialized
  Fri Aug 25 17:30:13 2006 : Directory Services Authorization plugin initialized
  Fri Aug 25 17:30:14 2006 : L2TP incoming call in progress
  Fri Aug 25 17:30:14 2006 : L2TP received SCCRQ
  Fri Aug 25 17:30:14 2006 : L2TP sent SCCRP
  2006-08-25 17:30:14 EDT Incoming call... Address given to client = 10.0.1.209
  Fri Aug 25 17:30:15 2006 : Directory Services Authentication plugin initialized
  Fri Aug 25 17:30:15 2006 : Directory Services Authorization plugin initialized
  Fri Aug 25 17:30:15 2006 : L2TP incoming call in progress
  Fri Aug 25 17:30:15 2006 : L2TP received SCCRQ
  Fri Aug 25 17:30:15 2006 : L2TP sent SCCRP
  2006-08-25 17:30:15 EDT Incoming call... Address given to client = 10.0.1.210
  Fri Aug 25 17:30:16 2006 : Directory Services Authentication plugin initialized
  Fri Aug 25 17:30:16 2006 : Directory Services Authorization plugin initialized
  Fri Aug 25 17:30:16 2006 : L2TP incoming call in progress
  Fri Aug 25 17:30:16 2006 : L2TP received SCCRQ
  Fri Aug 25 17:30:16 2006 : L2TP sent SCCRP
  Fri Aug 25 17:31:06 2006 : L2TP received AVP with bad length... AVP type = 0
  2006-08-25 17:31:06 EDT --> Client with address = 10.0.1.200 has hungup
  Fri Aug 25 17:31:06 2006 : L2TP received AVP with bad length... AVP type = 0
  2006-08-25 17:31:06 EDT --> Client with address = 10.0.1.201 has hungup
  Fri Aug 25 17:31:07 2006 : L2TP received AVP with bad length... AVP type = 0
  2006-08-25 17:31:07 EDT --> Client with address = 10.0.1.202 has hungup
  Fri Aug 25 17:31:09 2006 : L2TP received AVP with bad length... AVP type = 0
  2006-08-25 17:31:09 EDT --> Client with address = 10.0.1.203 has hungup
  Fri Aug 25 17:31:09 2006 : L2TP received AVP with bad length... AVP type = 0
  2006-08-25 17:31:09 EDT --> Client with address = 10.0.1.204 has hungup
  Fri Aug 25 17:31:10 2006 : L2TP received AVP with bad length... AVP type = 0
  2006-08-25 17:31:10 EDT --> Client with address = 10.0.1.205 has hungup
  Fri Aug 25 17:31:11 2006 : L2TP received AVP with bad length... AVP type = 0
  2006-08-25 17:31:11 EDT --> Client with address = 10.0.1.206 has hungup
  Fri Aug 25 17:31:12 2006 : L2TP received AVP with bad length... AVP type = 0
  2006-08-25 17:31:12 EDT --> Client with address = 10.0.1.207 has hungup
  Fri Aug 25 17:31:13 2006 : L2TP received AVP with bad length... AVP type = 0
  2006-08-25 17:31:13 EDT --> Client with address = 10.0.1.208 has hungup
  Fri Aug 25 17:31:14 2006 : L2TP received AVP with bad length... AVP type = 0
  2006-08-25 17:31:14 EDT --> Client with address = 10.0.1.209 has hungup
  Fri Aug 25 17:31:15 2006 : L2TP received AVP with bad length... AVP type = 0
  2006-08-25 17:31:15 EDT --> Client with address = 10.0.1.210 has hungup
  Lost count   Mac OS X (10.4.5)  

• Configure RVS4000 Behind 2700-Gateway Qwest DSL Router VPN

  I have my QWEST DSL Router 2700-Gateway using a static public IP address
  This is setup to be the DHCP and assigned 192.168.0.2-50
  I need some help how to connect my RVS4000 and utilize VPN so I can connect to my work network from home. The 2700-Gateway has some features like Transparent Bridging, etc, but not sure how to me this work. Can anyone point me to article even if it's configuring with another DSL Router.
  Here is how I tried with my medium knowledge of networking...
  I have configured the RVS4000 as:
  LAN Static IP
  192.168.0.115
  Configured as DHCP Relay
  the 2700-Gateway router saw the device so:
  Configured firewall on 2700-Gateway for PORT FORWARDING:
  TCP port 1723 for PPTP tunnel maintenance traffic
  UDP port 47 Generic Routing Encapsulation (GRE)
  UDP port 500 for Internet Key Exchange (IKE) traffic
  UDP port 1701 for L2TP traffic
  --> 192.168.0.115
  This did not work.

  gv,
  Thanks for your help. I discovered the EasyVPN works quite differently then I expected a IPSec to work. Thanks for the suggestions. I documented my finding and procedure below.
  The answer was to use the transparent bridging setting on my DSL modem model 2Wire GATEWAYHG-2700 and and turn off Search PCV,  then setup the PPPoE on the RVS4000 VPN router to accept and authenticate my public IP address.
  Once I had the modem and router configured, I then had my RVS4000 VPN router ready to test VPN client. The documentation is vague. But after doing some research on here and having some difficulty:
  My Finding:
  I already had latest Firmware 1.109 from purchase
  On the client, I discovered from reading that the EasyVPN uses 443. Well I have this forwarding to a exchange server to utilize RPC/HTTPS with outlook. This turns out that it was fixed with the lastest firmware
  The new firmware allows this, as they fixed the vpn listening port override to port 60443..
  I port forwarded this to my router gateway 192.168.1.1
  In order to use this port, you must have the lastest client from the downloads at RVS4000 version. 1.10 which adds a drop box Auto/443/60433. I found auto and 60443 to work with my configuration.
  This configuration let me connect successfully.
  If you read the readme that's included with the EasyVPN client download, you have to export the client cert under VPN, and copy the file *.pem to the root folder of the vpn client.exe stated in readme to get rid of the security popup. This worked for me.
  So everything seems to be connecting.. But know get "The remote gateway is not responding" popup.  I tried the suggested MTU setting with no luck.
  After establishing a network share under map drive, this seems to have stop responding as well once this popup occurs.
  Things like this should just not be so hard..
  So I found this post in regards to my problem and hoping to here if anyone else has found a solution or work around here. Good night, some things are just not worth staying up late for,
  http://forums.linksys.com/linksys/board/message?board.id=Wired_Routers&message.id=13651#M13651
  Message Edited by MOTOGEEK on 12-10-2007 11:01 PM
  Message Edited by MOTOGEEK on 12-10-2007 11:04 PM
  Message Edited by MOTOGEEK on 12-10-2007 11:05 PM

• Can't get VPN to work on RV220W

  I am a home office user who bought a RV220W router for the speed advertised on smallnetbuilder.  I am trying to set up the VPN but can't get it to work with the Quick VPN client.  I am using dyndns to manage the dynamic IP and have entered that into the setup noted below.  I can access the router remotely (remote administration) when enabled using the dyndns address so I know that is working.
  IKE Policy Table
  General
  Policy Name:                 krafty001vpn    
  Direction / Type             Responder    
  Exchange Mode:           Aggresive    
  Enable XAUTH Client:    None    
  Local Identification
  Identifier Type:               FQDN    
  FQDN:                          krafty001.dyndns.org    
  Peer IKE Identification
  Identifier Type:               Remote Wan IP    
  FQDN:                          krafty001.dyndns.org    
  IKE SA Parameters
  Encryption Algorithm:     3DES    
  Authentication Algorithm:          SHA-1    
  Authentication Method:          Pre-Shared Key    
  Pre-Shared Key:          xxxxxxxxx    
  Diffie-Hellman (DH) Group:          Group 2 (1024bit )    
  SA-Lifetime:          28800 Seconds
  VPN Policy Table
  Add / Edit VPN Policy Configuration
  Policy Name:
  krafty001vpn
  Policy Type:
  Auto Policy
  Remote Endpoint:
  FQDN
  krafty001.dyndns.org
  NETBIOS:
  Enable
  Local Traffic Selection
  Local IP:
  ANY
  Start Address:
  End Address:
  Subnet Mask:
  Remote Traffic Selection
  Remote IP:
  ANY
  Start Address:
  End Address:
  Subnet Mask:
  Split DNS
  Split DNS:
  Enable
  Domain Name Server 1:
  Domain Name Server 2:
  (Optional)
  Domain Name 1:
  Domain Name 2:
  (Optional)
  Manual Policy Parameters
  SPI-Incoming:
  SPI-Outgoing:
  Encryption Algorithm:
                               3DES                             None                             DES                             AES-128                             AES-192                             AES-256                             AES-CCM                             AES-GCM                            
  Key-In:
  Key-Out:
  Integrity Algorithm:
                               SHA-1                             SHA2-256                             SHA2-384                             SHA2-512                             MD5                            
  Key-In:
  Key-Out:
  Auto Policy Parameters
  SA-Lifetime:
  3600
                               Seconds                             KBytes                            
  Encryption Algorithm:
                               3DES                             None                             DES                             AES-128                             AES-192                             AES-256                             AES-CCM                             AES-GCM                                                       
  Integrity Algorithm:
                               SHA-1                             SHA2-256                             SHA2-384                             SHA2-512                             MD5                            
  PFS Key Group:
  Enable
                               DH-Group 1 (768 bit)                             DH-Group 2 (1024 bit)                             DH-Group 5 (1536 bit)                            
  Select IKE Policy:
                                                            krafty001vpn                                                                                     
  Quick VPN Setip
  User Profile: homevpn
  User Name krafty001vpn
  Password: xxxxx
  Server Address:  krafty001.dyndns.org
  Port for QuickVPN:   Auto
  Any help in identifying what setup component I have configured incorrectly would be appreciated
  Thanks

  I am not sure this will help but make sure the following is set correctly:
  Currently VPN is somewhat broken on all versions of firmware of the RV220W including beta where VPN will ONLY negotiate on 443. If you are port forwarding 443 to a server or something else it will fail. You must allow the VPN to authenticate on 443. The router SHOULD be able to connect on 60443 as indicated on the QUICKVPN software however it doesn't this has been confirmed by a CISCO engineeer I have been speaking with regarding my VPN woes. Currently there is NO ETA on this fix.
  But since you didn't mention if your 443 ports were being routed elsewhere I figured i would lay out that information here incase you where. Also I strongly recommend contacting Cisco Support for the beta firmware it makes the RV220W much better.
  Also the reason for the update to the beta firmware it resolves the hair pinning problem which could also lead to VPN issues.

• Install RVS4000 with DSL modem / router combo?

  I'm trying to install a RVS4000 VPN router in our small office.  My problem is that AT&T has installed a Netopia 3347-02 DSL combination Modem / router.  So I can't connect the RVS4000 directly to a dsl modem, the only access I have is on the Lan side of the Netopia.  When I tried to set the WAN side of the RVS4000 to the same subnet as our Lan, it wouldn't let me do that.  I tried setting the Lan side of the Netopia and the Wan side of the RVS4000 to (the same) slightly different subnet, but that didn't work either.  The only way I can get internet access going through both devices is to connect the Lan side of the Netopia to the Lan side of the RVS4000, but that bypasses the VPN, correct?  The reason I bought the RVS4000 is for the VPN.  Is there a way to configure the RVS4000 in this situation, or do I need to get a plain old DSL modem without a built in router?
  Thanks, Scott

  Scott,
  You should not need to get another device to use the VPN functions of the RVS4000.  To setup the equipment you have, you just need to place the Netopia DSL router into "bridge" mode.  This will then allow you to connect the DSL router to WAN (internet) port on your RVS4000.  Once in bridge mode, your WAN port on the RVS4000 will receive its IP address from AT&T, which will then take over all routing functions, and enable you to use the VPN feature of this router.
  If your DSL provider is using PPPoE, you will need to select "PPPoE" on the WAN setup page of the RVS4000, then enter the username and password into the RVS4000 so that it can authenticate and get an IP address from AT&T.
  To place the Netopia DSL router into "bridge" mode, I am including a link to one of their user guides.  The section for placing it in bridge mode starts on page 107.
  http://www.netopia.com/support/hardware/SoftwareUserGuideV761-Clsc.pdf
  Thank you,
  Darren

• RVS4000 certificates not recognized

  Ever since we updated our RVS4000 VPN router to firmware version 1.3.2.0 (~ July 2010) and our Cisco VPN Client software to version 1.4.0.5, the connection cannot recognize our installed certificates.  We did not create new certificates after the firmware update.  I moved my certificate files from the old install directory.  When this didn't work, I re-exported the RVS4000 certificates (admin and client) and placed them in:
  c:\Program Files\Cisco Small Business\QuickVPN Client\RVS4000_Admin.pem
  c:\Program Files\Cisco Small Business\QuickVPN Client\RVS4000_Client.pem
  When I connect (same for my co-workers), we get the window:
  Server's certificate doesn't exist on your local computer.  Do you want to quit this connection?  Yes / No
  When we say No to the question, we get connected.
  Why doesn't the CiscoVPN Client recognize the files?  I am running WinXP and already have the Microsoft patch for packet losses and connection problems.
  Thank you,
  Rene Feitelson

  omg how i hate seeing speculative answers by people with the "cisco" icon next to their name. you would think that the MAKERS OF THIS HARDWARE (and their employees who are purportedly subject matter experts on said hardware) would be able to provide technical solutions rather than SPECULATING and GUESSING at how to fix the problem.
  so yea, i'm having the exact same problem. however, the only cert i have is the client cert in the correct directory. so none of that asinine "QuickVPN Client might be confused by this certificate" (NO CISCO REP SHOULD USE THE WORD "MIGHT" --- FOR GODS SAKE, KNOW WHAT YOU'RE TALKING ABOUT!!! YOU ONLY WORK FOR THE COMPANY!!!).
  i tried generating a new certificate on the RVS4000 and then using that certificate in the correct QVPN directory. i even downgraded the software thinking there was a problem with the most recent version.
  STILL HAVING ISSUES.
  WILL SOMEONE WHO KNOWS WHAT THEY'RE TALKING ABOUT THAT WORKS FOR CISCO PLEASE PROVIDE A WORKING TECHNICAL SOLUTION INSTEAD OF GUESSING!?

• RVS4000 Bandwidth issue

  Hello
  I have recently purchased a RVS4000 VPN Router and I have a slight problem I wish an expert to help me with.
  At home I have a 100Mbps internet connection which gets a result of around 80-98Mbps on the speedtest.net . However, when I connect the RVS4000 to my network I can only achieve 20Mbps. I am using Cat 6 cabling for everything with Gigabit ports. The QoS / bandwidth settings are disabled.
  Any ideas what could be causing the slow down?
  Regards
  Chris D

  Wrong forum, try  "small business - routers".

• RVS4000 firmware updates don't work with Internet Explorer 8.0

  I have 2 RVS4000 VPN routers.  Neither would accept firmware updates via the admin browser interface using Internet Explorer 8.0.  After lots of troubleshooting, I tried Chrome (Google) on 1 router and Mozilla Firefox on the other.  Both updates were successful.  The firmware rescue utility that you can download from the Cisco web site also works.  It does the update without the browser interface, but installs a slightly older version of firmware than is availble for browser-based firmware updates.  I hope this saves you time and frustration when you need to update your routers.
  Rene Feitelson

  Rene,
  A thousand thanks for taking the time to post your result. You've made my day!
  I have spent over 8 hours today trying to implement a firmware upgrade on my RVS4000, with zero success. I initially used Safari 5 (on a Win XP SP3 machine) in order to update IPS to v1.42, with no success. Switching to MS IE8 and the update worked fine - hence I stuck with IE8 for the firmware update. I can confirm your result - IE8 does not initiate a firmware update, nor does it provide any feedback whatsoever on its failure.
  Using the Firefox v3.5.9 browser the RVS4000 v1.3.2.0 firmware update worked straight away without a glitch.
  So, perhaps a general "Heads Up" to everyone - if you have any issues when trying to configure your Router, then try using another browser as the first step.
  Many thanks again, Rene.
  Message was edited by: Robert Gough
  Oh, another issue that might help folks:
  When the firmware update file "filename.img" is downloaded from the Cisco site Windows interprets it as a .zip file and associates the usual ZIP file icon to it. Cisco's documentation states "unpack the file and ......". This immediately leads one to believe that the firmware update file is contained in the ZIP file. This is not the case! It is NOT a ZIP file at all, but is the binary that the router requires.
  If one tries to unzip the file WinZip throws up an error "ISO file incomplete" and doesn't unzip it.
  So, ignore the ZIP file icon and just point the router firmware updater at the .img file, despite its ZIP icon.

• Problem configuring RVS4000 router

  I just purchase the Cisco Router RVS4000 vpn and I am having problem configuring the VPN option.  I just try all way I could imaging, but somehow something are missing and I don't know what it is.  Here are a image of my current configuration.

  Without examining this in detail, it is only half of the equation.  The other end of the tunnel needs to be configured as well.  BTW, don't ever post your WAN IP and shared key in a public forum.  Change the key.

• HOWTO: Setting up Server-Side Authentication with SSL

  This howto covers the configuration of server-side SSL authentication for both Net8 and IIOP (JServer) connections. It documents the steps required to set up an SSL encrypted connection; it does not cover certificate authentication.
  It is worthwhile noting that although the setup of SSL requires the installation of certificates, these certificates do not have to be current, only valid. For some reason, in order to enable SSL connections, it is necessary to set up valid certificate file on the server whether you intend to use certificate authentication or not.
  NOTE: I have been unable to determine whether or not the above statement is entirely correct. If anyone can confirm or disprove it, please let me know.
  The steps described below must all be carried out from the same logon account. They have been tested on both 816 and 817 databases, but will probably work for all versions, including 9i (unless there have been some drastic changes in 9i that I'm not aware of).
  1. Log on to the database server with an administrative login.
  Configure the database and listener to run under the current login account (Control Panel -> Services). It is not necessary to restart these services at this time.
  2. Create an Oracle wallet and set up the required certificates
  (i) Open the Oracle Wallet Manager:
  Start -> Programs -> [Oracle Home] -> Network Administration -> Wallet Manager
  (ii) Create a new wallet (Wallet -> New).
  (iii) When prompted, elect to generate a certificate request.
  (iv) On the request form, the only field that matters is the Common Name. Enter the fully qualified domain name (FQDN) of the database server (i.e. the name with which the database server will be referenced by clients).
  (v) Export the certificate request to file (Operations -> Export Certificate Request).
  (vi) Obtain a valid server certificate from an authorised signing authority. It will also be necessary to download the signing authoritys publicly available trusted root certificate. Certificates can be obtained from Verisign (http://www.verisign.com/)
  (vii) Install the trusted root certificate obtained in (vi) into the wallet (Operations -> Import Trusted Certificate). Either paste the contents of the certificate file, or browse to the file on the file system.
  (viii) Install the server certificate obtained in (vi) into the wallet (Operations -> Import User Certificate). Either paste the contents of the certificate file, or browse to the file on the file system.
  (ix) Save the wallet (Wallet -> Save). The wallet will be saved to the [user home]\Oracle\Wallets directory.
  3. Configure the listener for SSL.
  (i) Open the Oracle Net8 Assistant:
  Start -> Programs -> [Oracle Home] -> Network Administration -> Net8 Assistant
  (ii) Select Net8 Configuration -> Local -> Profile.
  (iii) From the drop-down list at right, select Oracle Advanced Security. Select the SSL tab.
  (iv) Select the Server radio button.
  (v) In the wallet directory field, enter the location of the wallet created in step 2, e.g. C:\WINNT\Profiles\oracleuser\ORACLE\WALLET
  (vi) Uncheck the Require Client Authentication checkbox.
  (vii) Select Net8 Configuration -> Listeners -> [listener name].
  (viii) Add a new address:
  Protocol: TCP/IP with SSL
  Host: [database server FQDN] (e.g. oraserver)
  Port: 2484
  (ix) Add a second new address:
  Protocol: TCP/IP with SSL
  Host: [database server FQDN] (e.g. oraserver)
  Port: 2482
  Check the Dedicate this endpoint to IIOP connections checkbox.
  (x) Save the Net8 configuration (File p Save Network Configuration).
  (xi) Restart the listener service.
  4. Configure the database to accept SSL connections.
  (i) Open the database inti.ora file (\admin\[SID]\pfile\init.ora or equivalent).
  (ii) At the bottom of the file, uncomment the line that reads
  mts_dispatchers = "(PROTOCOL=TCPS)(PRE=oracle.aurora.server.SGiopServer)"
  (iii) Save the file and restart the database service.
  5. Test the SSL confi guration using the Net8 Assistant.
  (i) Open the Oracle Net8 Assistant.
  (ii) Select Net8 Configuration -> Local -> Service Naming.
  (iii) Add a new net service (Edit p Create).
  Net service name: [SID].auth (e.g. iasdb.auth)
  Protocol: TCP/IP with SSL
  Host: [database server] (e.g. oraserver)
  Port: 2484
  Service Name/SID: [SID] (e.g. iasdb.orion.internal)
  Note: at the end of the net service configuration, click Finish, not Test. The test can hang if run from the wizard.
  (iv) Test the connection (Command -> Test Service). If the only error to appear is username/password denied, the test has succeeded.
  null

  Dear Alex,
  Thank you for reaching the Small Business Support Community.
  I would first suggest you to uncheck the "Perfect Forward Secrecy" setting on the RVS4000 and if see if there is some similar setting enabled, then disable it, on the other side.  If still the same thing happens, then go to RVS4000, VPN Advanced settings, and disable the "Aggressive Mode" so it becomes "Main mode" and use the same on the other end of the tunnel.
  Just in case and as a VPN configuration guide, below is a document called "IPSec VPN setup" if it helps somehow;
  http://sbkb.cisco.com/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=587
  Besides my suggestions I would advise you to contact your ISP to make sure there is no IPSec traffic restrictions and/or if there is something in particular they require to make this happen and please do not hesitate to reach me back if there is any further assistance I may help you with.
  Kind regards,
  Jeffrey Rodriguez S. .:|:.:|:.
  Cisco Customer Support Engineer
  *Please rate the Post so other will know when an answer has been found.

• I need the communities help in solving a network issue

  Hello all,
  I need your help. I am experiencing brief losses in connectivity somewhere in my Internet connection. They happen sporadically. Some days I get none, on average I get 1-2, rarely more then 3. And they  last from 10-30 seconds. Nothing has to be done on my end to start communication happening again.
  All, in all, it is relatively minor.  Except that I work from home. My VPN connection can drop during this time causing some frustration. But, the biggest problem is my VOIP phone (over this VPN). The phone always drops off and has to re-register (1-2 minute process). I am often times leading critical phone meetings, and dropping off-line is not an option.
  So, why am I asking you for help?  Well I have almost an exclusive Apple environment (as much as I can at least). I am wondering if there is any way I can figure out what is going on through some sort of logs on my Airport Extreme? Is there some sort of sniffer program that can be installed on the Mac that will help?
  I have called my cable internet provider (Cox) and of course they say everything is fine on their end.  I don't know where to start!
  Any help would be appreciated!
  Stuart

  Thanks for the update on the Cisco. I use a Cisco RVS4000 VPN router as my main Internet router and have a pair of 802.11n AirPort Extreme Base Stations (AEBSn) that connect back to this Cisco by Ethernet which provide wireless for both floors of my house. I use the same Cisco VPN client to access a work PC as well.
  However, notice that I have the VPN router well upstream in my network as it is directly connected to my Broadband modem. This would be the ideal location for a VPN appliance, but is not mandatory.
  Your AirPort, unfortunately, does not have any QoS or traffic-shaping features. That means all data coming/going though the AirPort is pretty much treated equally. Your work-provided Cisco router does have these features and could be configured to prioritize all VPN and/or VoIP data traffic.
  It may be possible the issues you are seeing is where this Cisco is situated downstream of both another router and a switch.