VPN tunnel Problem

Similar Messages

• Problems when trying to surf the Internet through a SSL VPN tunnel

  Hi,
  I have a small/big problem, I have a customer who have the need for the possibility to surf the internet through the SA500W when they are connected through a SSL VPN tunnel in to their network. I am not using a Split Tunnel. What I have seen until now, when you run IPCONFIG/ALL the default gateway for the SSL VPN IP settings is 0.0.0.0. Is this the problem and if so, how can this be solved?
  Thanks in advance!
  Brg
  Niklas Eklov

  There are various causes for this error, see [[Firefox is already running but is not responding]] for details.

• Cisco ASA 5520 Site-to-site VPN TUNNELS disconnection problem

  Hi,
  i recently purchased a Cisco ASA 5520 and running firmware v. 8.4(2) and ASDM v. 6.4(5)106.
  I have installed 50 Site-to-Site VPN tunnels, and they work fine.
  but randomly the VPN Tunnels keep disconnecting and few seconds after it connects it self automaticly....
  it happens when there is no TRAFIC on, i suspect.
  in ASDM in Group Policies under DfltGrpPolicy (system default) i have "idle timeout" to "UNLMITED" but still they keep disconnecting and connecting again... i have also verified that all VPN TUNNELS are using this Group Policie. and all VPN tunnels have "Idle Timeout: 0"
  this is very annoying as in my case i have customers having a RDP (remote dekstop client) open 24/7 and suddenly it gets disconnected due to no traffic ?
  in ASDM under Monitoring -> VPN .. i can see all VPN tunnels recently disconnected in "Login Time Duration"... some 30minutes, 52minutes, 40minutes and some 12 minutes ago.. and so on... they dont DISCONNECT at SAME time.. all randomly..
  i dont WANT the VPN TUNNELS to disconnect, i want them to RUN until we manually disconnect them.
  Any idea?
  Thanks,
  Daniel

  What is the lifetime value configured for in your crypto policies?
  For example:
  crypto ikev1 policy 140
  authentication rsa-sig
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 150
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400

• VPN CLIENT PROBLEM

  Hi
  I have a problem with ping in VPN Client,
  In this senario, the VPN client should be able to ping PC-4 through ASA-1 (Site-A)but it could not.
  The router is able to ping Z.Z.Z.0/24.
  The Tunnel and VPN client are working.
  1. PC-1 can connect to ASA-1 and ping Network 20.20.0.0/16 and 10.10.10.0/24 but cannot ping PC-4.
  2. PC-2 can ping PC-1 and PC-3 but cannot ping PC-4.
  3. If PC-3 gateway be 10.10.10.1 , It can ping Z.Z.Z.2.
  4. If PC-3 gateway be 10.10.10.20 , It cannot ping Z.Z.Z.2.
  5. ASA-1 can ping ASA-2 and 10.10.10.1/24 but cannot ping Z.Z.Z.2.
  6. ASA-2 can ping ASA-1 and Z.Z.Z.2.
  This is my config on ASA-1 and ASA-2:
  hostname ASA-1
  interface G0/0
  nameif Outside
  security-level 0
  ip address x.x.x.1 255.255.255.224
  NO SHUT
  interface G0/3
  nameif Inside
  security-level 100
  ip address 20.20.0.1 255.255.0.0
  NO SHUT
  route Outside 0.0.0.0 0.0.0.0 x.x.x.2 1
  object-group network DM_INLINE_NETWORK_1
  network-object 10.10.10.0 255.255.255.0
  network-object 20.20.0.0 255.255.0.0
  network-object z.z.z.0 255.255.255.0
  ip local pool ATA 20.20.0.20-20.20.20.255 mask 255.255.0.0
  access-list 100 extended permit icmp any any
  access-group 100 in interface Outside
  global (Outside) 1 interface
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 1
  lifetime 86400
  crypto isakmp policy 20
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp enable Outside
  tunnel-group y.y.y.1 type ipsec-l2l
  tunnel-group y.y.y.1 ipsec-attributes
  pre-shared-key 1234
  group-policy ATA internal
  group-policy ATA attributes
  vpn-tunnel-protocol IPSec
  username TEST password TEST privilege 0
  username TEST attributes
  vpn-group-policy ATA
  tunnel-group ATA type remote-access
  tunnel-group ATA general-attributes
  address-pool ATA
  default-group-policy ATA
  tunnel-group ATA ipsec-attributes
  pre-shared-key 1234
  access-list Outside_1_Cryptomap extended permit ip 20.20.0.0 255.255.0.0 z.z.z.0 255.255.255.0
  access-list Outside_1_Cryptomap extended permit ip 20.20.0.0 255.255.0.0 10.10.10.0 255.255.255.0
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto map Outside_map 1 set pfs group1
  crypto map Outside_map 1 set peer y.y.y.200
  crypto map Outside_map 1 match address Outside_1_Cryptomap
  crypto map Outside_map 1 set transform-set ESP-3DES-SHA
  crypto map Outside_map 1 set security-association lifetime kilobytes 10000
  crypto map Outside_map interface Outside
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group2
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-3DES-SHA
  crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  access-list Inside_nat0_Outside extended permit ip 20.20.0.0 255.255.0.0 10.10.10.0 255.255.255.0
  access-list Inside_nat0_Outside extended permit ip 20.20.0.0 255.255.0.0 z.z.z.0 255.255.255.0
  access-list Inside_nat0_Outside extended permit ip object-group DM_INLINE_NETWORK_1 20.20.0.0 255.255.224.0
  nat (Inside) 0 access-list Inside_nat0_Outside
  nat (Inside) 1 0.0.0.0 0.0.0.0
  policy-map global_policy
  class inspection_default
    inspect icmp
  same-security-traffic permit intra-interface
  management-access Inside
  hostname ASA-2
  interface E0/0
  nameif Outside
  security-level 0
  ip address y.y.y.1 255.255.255.192
  NO SHUT
  interface E0/3
  nameif Inside
  security-level 100
  ip address 10.10.10.20 255.255.255.0
  NO SHUT
  route Outside 0.0.0.0 0.0.0.0 y.y.y.2 1
  route Inside z.z.z.0 255.255.255.0 10.10.10.1 1
  access-list 100 extended permit icmp any any
  access-group 100 in interface Outside
  global (Outside) 1 interface
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 1
  lifetime 86400
  crypto isakmp enable Outside
  tunnel-group x.x.x.1 type ipsec-l2l
  tunnel-group x.x.x.1 ipsec-attributes
  pre-shared-key 1234
  access-list Outside_1_Cryptomap extended permit ip 10.10.10.0 255.255.255.0 20.20.0.0 255.255.0.0
  access-list Outside_1_Cryptomap extended permit ip z.z.z.0 255.255.255.0 20.20.0.0 255.255.0.0
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto map Outside_map 1 set pfs group1
  crypto map Outside_map 1 set peer x.x.x.1
  crypto map Outside_map 1 match address Outside_1_Cryptomap
  crypto map Outside_map 1 set transform-set ESP-3DES-SHA
  crypto map Outside_map 1 set security-association lifetime kilobytes 10000
  crypto map Outside_map interface Outside
  access-list Inside_nat0_Outside extended permit ip 10.10.10.0 255.255.255.0 20.20.0.0 255.255.0.0
  access-list Inside_nat0_Outside extended permit ip z.z.z.0 255.255.255.0 20.20.0.0 255.255.0.0
  nat (Inside) 0 access-list Inside_nat0_Outside
  nat (Inside) 1 0.0.0.0 0.0.0.0
  policy-map global_policy
  class inspection_default
    inspect icmp
  same-security-traffic permit intra-interface
  management-access Inside
  Regards

  Hi,
  My suggestion to your puzzle  is to  either load your ASDM real time log and observe the logs while one host tries to ping each other and take notes on the log , this should provide you with  information  and some clues on what the issue could be.  You may also try  to packet capture in ASA-2  , either way,  I would start with easiest one which is  realtime log on ASDM.
  Could you provide the folloing:
  1 - Post output of    c:\ipconfig /all    from PC-4  z.z.z.2/24
  2 - Post output of     show ip route     from Router   where PC-4 subnet is routed from
  Regards

• 2 VPN Tunnels between 2 devices on separate links

  Hello,
  I have a 2811 connected to two different ISPs, implying I have 2 separate interfaces for both links. I initially setup a VPN tunnel to a 3rd party remote site on one of the links/interfaces. I am now required to setup an additonal VPN tunnel to the same remote site on the other interface/link. When I finish the config and run tests, I get an error saying that the crypto map is not applied on the correct interface and that the peer is being routed through a non-crypto map interface.
  One thing I would like to know is if it is possible to configure the router to establish these two tunnels on the different links/interfaces to the same peer. Please note that the first VPN tunnel is still active, but the other one has just refused to come up. Please see the snippets of my router config below:
  crypto ipsec transform-set ABCD esp-3des esp-md5-hmac
  crypto isakmp policy 4
  encr 3des
  hash md5
  authentication pre-share
  group 5
  crypto isakmp policy 5
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp policy 6
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp key 123key address x.x.130.130
  crypto map SDM_CMAP_1 3 ipsec-isakmp
  description VPN Tunnel to ABCD on x.x.130.130
  set peer x.x.130.130
  set transform-set ABCD
  set pfs group5
  match address ABCD
  crypto map SDM_CMAP_2 1 ipsec-isakmp
  description description PROD VPN Tunnel to ABCD
  set peer x.x.130.130
  set transform-set ABCD
  set pfs group5
  match address ABCD_PROD
  interface FastEthernet0/1
  description ISP1 WAN INTERFACE$ETH-WAN$
  ip address a.a.42.66 255.255.255.252
  ip nbar protocol-discovery
  ip flow ingress
  ip flow egress
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  auto discovery qos
  crypto map SDM_CMAP_1
  interface FastEthernet0/2/0
  description ISP2_WAN_INTERFACE
  ip address y.y.12.94 255.255.255.192
  ip nbar protocol-discovery
  ip flow ingress
  ip flow egress
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  auto discovery qos
  crypto map SDM_CMAP_2
  ip access-list extended ABCD
  permit ip host 172.30.50.2 host x.x.130.138
  ip access-list extended ABCD_PROD
  permit ip host 172.19.205.31 host x.x.130.134
  ip route 0.0.0.0 0.0.0.0 a.a.42.65
  So its the tunnel running on ISP1 that is fine while the tunnel on ISP2 is not coming up.
  While pasting this though, I just realized there is no default route for ISP2, could this be the problem and would adding another default route not create some sort of loop?
  Regards,
  Femi

  Hello Marcin,
  When you said I didnt need to put both ISPs into VRF, i assume you meant that I only needed to put on f the ISPs into VRF, specifically the other ISP I was trying to establish a new VPN connection over?
  I did read the cheat sheet thoroughly and also went through some other documents. However, I still cound not get out of the router as the router kept complaining about routing issues:
  1. The peer must be routed through the crypto map interface. The following peer(s) are  routed through non-crypto map interface - a.b.130.130
  2. The tunnel traffic destination must be routed through the crypto map interface. The following destinations are routed through non-crypto map interface - a.b.130.134
  Below is the config I applied but I didnt get traffic out of the router still to even attempt to establish a connection:
  ip vrf PROD_INTCON
  rd 100:1
  route-target export 100:1
  route-target import 100:1
  ip vrf ISP2
  rd 101:1
  route-target export 101:1
  route-target import 101:1
  crypto keyring NI2-keyring vrf ISP2
    pre-shared-key address a.b.130.130 key xxxxx
  crypto isakmp policy 4
  encr 3des
  hash md5
  authentication pre-share
  group 5
  crypto isakmp policy 5
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp policy 6
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp profile NI2-profile
  vrf PROD_INTCON
  keyring NI2-keyring
  match identity address a.b.130.130 255.255.255.255 ISP2
  isakmp authorization list default
  crypto ipsec transform-set NI2set esp-3des esp-md5-hmac
  crypto map SDM_CMAP_2 1 ipsec-isakmp
  description PROD VPN Tunnel to NI2
  set peer a.b.130.130
  set transform-set NI2set
  set pfs group5
  set isakmp-profile NI2-profile
  match address NI2_ACL
  reverse-route
  interface FastEthernet0/2/0
  ip vrf forwarding ISP2
  ip address z.y.12.94 255.255.255.192
  crypto map SDM_CMAP_2
  interface FastEthernet0/2/1.603
  description PROD_INTCON_ZONE
  encapsulation dot1Q 603
  ip vrf forwarding PROD_INTCON
  ip address 172.19.205.1 255.255.255.0
  ip flow ingress
  ip nat inside
  ip virtual-reassembly
  ip route vrf ISP2 0.0.0.0 0.0.0.0 z.y.12.65
  ip route vrf PROD_INTCON a.b.130.134 255.255.255.255 FastEthernet0/2/0 z.y.12.65
  ip access-list extended NI2_ACL
  permit ip host 172.19.205.31 host a.b.130.134

• How can I improve performance over a Branch Office IPsec vpn tunnel between and SA540 and an SA520

  Hello,
  I just deployed one Cisco SA540 and three SA520s.
  The SA540 is at the Main Site.
  The three SA520s are the the spoke sites.
  Main Site:
  Downstream Speed: 32 Mbps
  Upstream Speed: 9.4 Mbps
  Spoke Site#1:
  Downstream Speed: 3.6 Mbps
  Upstream Speed: 7.2 Mbps (yes, the US is faster than the DS at the time the speed test was taken).
  The SA tunnels are "Established"
  I see packets being tranmsitted and received.
  Pinging across the tunnel has an average speed of 32 ms (which is good).
  DNS resolves names to ip addresses flawlessly and quickly across the Inter-network.
  But it takes from 10 to 15 minutes to log on to the domain from the Spoke Site#1 to the Main Site across the vpn tunnel.
  It takes about 15 minutes to print across the vpn tunnel.
  The remedy this, we have implemented Terminal Services across the Internet.
  Printing takes about 1 minute over the Terminal Service Connection, while it takes about 15 minutes over the VPN.
  Logging on to the network takes about 10 minutes over the vpn tunnel.
  Using an LOB application takes about 2 minutes per transaction across the vpn tunnel; it takes seconds using Terminal Services.
  I have used ASAs before in other implementation without any issues at all.
  I am wondering if I replaced the SAs with ASAs, that they may fix my problem.
  I wanted to go Small Business Pro, to take advantage of the promotions and because I am a Select Certified Partner, but from my experience, these SA vpn tunnels are unuseable.
  I opened a case with Small Business Support on Friday evening, but they couldnt even figure out how to rename an IKE Policy Name (I figured out that you had to delete the IKE Policy; you cannot rename them once they are created).
  Maybe the night weekend shift has a skeleton crew, and the best engineers are available at that time or something....i dont know.
  I just know that my experience with the Cisco TAC has been great for the last 10 years.
  My short experience with the Cisco Small Business Support Center has not been as great at all.
  Bottom Line:
  I am going to open another case with the Day Shift tomorrow and see if they can find a way to speed things up.
  Now this is not just happening between the Main Site and Spoke Site #1 above. It is also happeninng between the Main Site and Spoke #2 (I think Spoke#2 has a Download Speed of about 3Mbps and and Upload Speed of about 0.5 Mbps.
  Please help.
  I would hate to dismiss SA5xx series without making sure it is not just a simple configuration setting.

  Hi Anthony,
  I agree!.  My partner wants to just replace the SA5xxs with ASAs, as we have never had problems with ASA vpn performance.
  But I want to know WHY this is happening too.
  I will definitely run a sniffer trace to see what is happening.
  Here are some other things I have learned from the Cisco Small Business Support Center (except for Item 1 which I learned from you!)
  1.  Upgrade the SA540 at the Main Site to 2.1.45.
  2a. For cable connections, use the standard MTU of 1500 bytes.
  2.b For DSL, use the following command to determine the largets MTU that will be sent without packet fragmentation:
  ping -f -l packetsize
  Perform the items below to see if this increases performance:
  I was told by the Cisco Small Business Support Center that setting up a Manual Policy is not recommended; I am not sure why they stated this.
  3a. Lower the IKE encryption algorithm from "AES-128" to DES.
  3b. Lower the IKE authentication algorithm to MD5
  3c. Also do the above for the VPN Policy
  Any input is welcome!

• SNMP Management of individual VPN Tunnels

  Is there a way of indexing individual VPN Tunnels statically, through a VPN3000 concentrator?
  If I MIB browse a VPN3000 concentrator, I can see the individual VPN tunnels each with ifindex numbers, so for the period this tunnel is active, I can collect performance statistics from it. The problem occurs when the connection from the same site is reset, the ifindex is renumbered which means I have to relearn the new ifindex in order to continue collecting information.
  Is there a way around this, or is there another solution for getting traffic statistics from VPN tunnels between sites, via SNMP?

  Since the if numbers change the best way to get your stats would be from the routers behind the vpn on either side. Then you can turn on ip accounting or use netflow on the routers. There is a free netflow collector @ www.ntop.org. I think this approach will work if you.
  Hope this helps.

• Private vpn tunnel from behind NAT

  Hello all,
  Our provider suddenly refuses to give us public ip addresses. Instead we get a private one and the provider does nat.
  Problem is this site has an IPSEC tunnel towards a public ip address for connectivity to main offices, the tunnel also runs BGP as routing protocol (so dynamic).
  Is there a way to make this work ? I guess the client side needs to be forced into setting up the tunnel always and the tunnel must be kept alive with hello packets or something like that...
  Any link to some good documentation would be appreciated ?
  regards,
  Geert

  Trying to establish a vpn tunnel from a windows vpn client to a watchguard Firebox X700 VPN.
  Thanks.

• Router-to-PIX VPN Tunnels fade in and out

  Does anyone know of any problems with Router-to-PIX vpn tunnels? For a number of months we've had about 35 831Routers vpn'd into our PIX515 and the tunnel has been stable. Recently, however, the tunnel has been dropping out at a number of sites.
  When the tunnel goes down the users still have access to their local internet but obviously not to the shared network resources of the vpn tunnel. In most cases the tunnel can be re-established at each location simply by rebooting the router. Only problem with that is that some of the locations are having to reboot their 831Router more than two or three times a day.
  I've added keepalive statements into theconfig of the routers and the PIX. Specifically I've added these two lines to the routers:
  Crypto isakmp keepalive 10 5
  crypto ipsec secutity-association lifetime seconds 28800
  I added a similar isakmp keepalive to the PIX. Any suggestions would be appreciated as some of my users are getting frustrated.
  Thank you,
  Chris

  Try using the debug commands and see if you are getting any error messages that might give us some idea.

• Can QoS be implemented when VPN tunnel bandwidth is unknown?

  Is it possible to have some sort of QoS on both sides of a VPN tunnel when the speed at the endpoint is unknown. In other words is it possible to have QoS bandwidth parameters to be automatically detected/adapted to the actual bandwidth?

  Hey Martin,
  Thanks for your reply. I Think IntServ won't be a solution straight away, I'll try to explain what I would like to do.
  What my issue is that I have a few locations who are kind of mobile, and each location connects to the internet via various links, depending on which is available. This link can be a normal ISP which blocks all traffic except port 80 and 443. The connection could be a simple ISDN dialin or a dedicated T1 link.
  Because there is a Cisco VoIP router on the mobile location and some users' data should have precedence over others' I would like to implement QoS.
  My idea was when I were able to set up a site-to-site SSL VPN tunnel to a router in a datacenter (using Array Network stuff if the Cisco can't do site-to-site SSL) I would have more control over the internetlink. I Would not be limited to using only port 80 and 443: all traffic would just go encrypted and look like normal HTTPS traffic.
  It's likely that this VPN link would always consume the maximum available bandwidth. When it is be possible for some QoS mechanism to "detect" the speed of the VPN I could let's say dedicate bandwidth for 4 VoIP calls and the remaining bandwidth can be made available for normal traffic. Note that this normal traffic should have some priority levels too.
  Assigning dedicated bandwidth to VoIP isn't a big problem I think, however how can I make x percentage of the remaining bandwidth available to user x and y percentage available to user y?
  I Hope I wrote it understandable ;).
  Regards

• Ping IP addresses thru VPN Tunnel

  Is it possible to ping an address thru a VPN tunnel?  I have a Panasonic system with IP phones located at the far end of a tunnel  I cannot ping them or ping a computer at the far end uning the private address.

  Did you check any firewalls that might be hindering your connection both in your network and the remote network? I saw a link that has worked with a gateway topology for Quick VPN. Try to look go to this link: 
  http://forums.linksysbycisco.com/linksys/board/message?board.id=Wireless_Routers&message.id=97196&qu... 
  If that still didn’t work, please elaborate the network topology of your network and remote network to further understand the cause of the problem.

• Use client VPN tunnel to traverse LAN-to-LAN tunnel

  I've been troubleshooting a problem and can't get over a hurdle. The ASA is running ASA running 7.2(1)24 code. I'm trying to use a client VPN tunnel to connect to the ASA. The ASA already has a LAN-to-LAN tunnel set up and functioning, and I need the client VPN to access the remote site over the LAN-to-LAN tunnel.
  The internal IP address of the local side is 192.168.0.0/24 and the IP of the remote LAN-to-LAN tunnel is 172.20.1.0/24. The clients are handed out 192.168.200.0/24 IPs. I've attached the relevant configuration for the ASA.
  When the client VPNs into the network, I can access the resources on the ASA's internal network. Users on the ASA's internal network can access resources across the LAN-to-LAN tunnel. Client VPNs cannot access resources over the LAN-to-LAN tunnel. For the latter, there are no hits on the C-TEST access list.
  Thank you for your assistance.

  try adding...
  same-security-traffic permit intra-interface
  http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a00806370f2.html#wp1042114

• Vpn tunnel

  how do i go about connecting 2 airports in two diffrent locations NY /GA so both locations act like one all the time, not that i have to vpn in when i want access

  No I'm not using the Linksys software.
  I have a Microsft Server set up as a VPN server behind a Linksys v1.1 router. Therefore I cannot ping the WAN IP address as the router is set up to not reply to pings. On the client side, I was just using the Microsoft PPTP VPN connection that comes with XP. When the client tried to connect to the server through a Linksys router at the client end, I get the dialog box that says "Verifying user name and password". But it does not connect and eventually times out. If I bypass the Linksys router on the client end, and plug my computer directly into the cable modem, I get connected to the VPN server with no problems.
  It seems so far that it is just when I am trying to get the VPN connection when  the client it is conencted to a Linksys v5 router. I have not been able to test this out with another version of the Linksys router. When the client is connected to some other brands of routers, I can get a VPN tunnel to work. Is there some problem with Linksys to Linksys Microsoft VPN tunnel connectivity?

• Cisco 857W that freeze when a lot of traffic travel over a VPN tunnel...

  Hi to all...
  i've a serious trouble with 2 cisco 857w...
  They will freeze!
  Between them there is a ipsec tunnel, over the vpn tunnel there are 2/3 termianl services connections, and some outlook/exchange clients.
  While all work great when only 2 terminals are working, the branch office router(sometimes also the main office router...) stop responding when someone other onen outlook or open a new ts connection. Both lines are 4mb download and 512 upload, that must be emough...
  The attached config is the sh run of the router that freeze only sometimes (the other that freezes frequently is 90% identical).
  I avent's still updated the adsl FW...
  [code]
  Init FW: embedded
  Operation FW: embedded
  FW Version: 2.5.42
  [/code]
  Until not too much traffic is sent trougth the vpn tunnel, all ok, work really well.
  Someone can help me how to find where is the problem?? It's a config problem??
  Thanks to all!

  I meant to say I have a MBPro and an IPAD 3...

• WRV54G drops VPN tunnels several times a day.

  Help I have a WRV54G with 6 VPN tunnels all going across DSL. Each 1 of the tunnels will just drop and reconnect for no reason at some point maybe not at the same time but constantly. The other side of the tunnels are also WRV54G's. All 6 tunnels are connected together at each location and only their tunnels to me drop and not to anyone else. Any help would be appreciated. Tech support sent me a so called beta load of 2.39.12 but that did not help at all. I also loaded that same load to one of the routers and that tunnel still drops as well as the others.

  I've had this wrv54g for several years now and it's never worked properly.
  As a router and wireless access point it's ok but using it to connect to my vpn at the
  server (befvp41) it's useless. I bought it to test for a company I work for but because of the problem with maintaining a vpn connection I cannot recommend it.
  I can establish the tunnel and it will work for a while but if I leave it alone for a while
  the tunnel stops working. Both ends show connected but you cannot pass anything thru the tunnel. I have to reset the client end in order to get it to work again. The one thing I haven't tried is getting a static ip at the client end.
   I use befvp41's and befsx41's and they work fine... A bit slow but they stay connected.
   I've ended up using it on my network because I hate to waste money but it really is a PITA. whenever I have to use the vpn to check the server I have to log on to the router and disconnect and then reconnect the vpn before I can work.
  The internet connection doesn't drop out just the vpn stops working.
  The Linksys tech support was no help whatsoever.