I think I have now tried about everything, varying all the settings. I now believe that the giveaway is that, when I make Site B the dial-out end of the tunnel, it fails to make the connection. The firmware versions on the 2 routers are identical. The VPN and Remote Access settings for Remote Access Control and PPP General Setup are also identical.

Any ideas? Could the ISP be blocking it in some way?

Murray

If you can get a tunnel between the two machines, which you can when Site A dials Site B, then the ISP has nothing to do with what passes through the tunnel. I believe that if the ISP is blocking IPSec, it will normally be blocked in both directions. Once a tunnel is working, pinging or mapping drives through it is a completely different issue.

Can I suggest that you post your LAN-LAN configurations for both routers. Also which firmware are you using? I am not familiar with 2820 firmware issues, but I don't think there are any IPSec ones with the latest version. (There appear to b PPTP issues)

What I propose to do is set up a VPN link between a PC at Site B and the Site A router and then see if I can create a network place shortcut to a PC at Site A as a test.

You ask for the LAN to LAN configurations for both routers. I will create a text document for them and paste it in - without the static IP addresses!

The firmware versions are 3.3.1.2_232201 - ADSL is 232201_A Annex A.

Murray

The test from a Site B PC to Site A worked fine (except for some hiccups caused by the antivirus package). From Site A to Site B the VPN connection was rejected. I am able to get a VPN connection from my PC to both sites. Here are the router LAN to LAN configurations :-

Site A
1. Common settings
VPN Connection through WAN1 Only
Netbios Naming Packet Pass
Call Direction Dial-Out
Always On Set
2. Dial-Out Settings
PPTP selected, IPSec Tunnel and L2TP not selected
Server IP/Host Name for VPN
Site B static IP address
Username Admin
Password
PPP Authentication PAP/CHAP
VJ Compression On
IKE Authentication Method
Not set
IPSec Security Method
Not set
3. Dial-In Settings
PPTP Set
IPSec Tunnel Not set
L2TP with IPSec policy Not set

Specify Remote VPN Gateway
Peer VPN Server IP
Site B static IP
Username Admin
Password
VJ Compression On
IKE Authentication Method
Not set
IPSec Security Method
Not set
4. TCP/IP Settings
My WAN IP 0.0.0.0
Remote Gateway IP 0.0.0.0
Remote Network IP 192.168.1.0
Remote Network Mask 255.255.255.0
RIP Direction TX/RX Both
From first submit to remote network you have to do
NAT

Site B
1. Common settings
VPN Connection through WAN1 Only
Netbios Naming Packet Pass
Call Direction Dial-In
Always On Not set
Idle timeout 0

2. Dial-Out Settings
PPTP selected, IPSec Tunnel and L2TP not selected
Server IP/Host Name for VPN
Site A static IP address
Username Admin
Password
PPP Authentication PAP/CHAP
VJ Compression On
IKE Authentication Method
Not set
IPSec Security Method
Not set
3. Dial-In Settings
PPTP Set
IPSec Tunnel Not set
L2TP with IPSec policy Not set

Specify Remote VPN Gateway
Peer VPN Server IP
Site A static IP
Username Admin
Password
VJ Compression On
IKE Authentication Method
Not set
IPSec Security Method
Not set
4. TCP/IP Settings
My WAN IP 0.0.0.0
Remote Gateway IP 0.0.0.0
Remote Network IP 192.168.2.0
Remote Network Mask 255.255.255.0
RIP Direction TX/RX Both
From first submit to remote network you have to do
Route

I found that without TX/RX Both I could not ping from Site A to Site B.

Murray

I guess I assumed you were using IPSec. I think I have seen posts about PPTP VPN issues on the 2820 series so there may be some bugs. I believe the latest firmware is OK for IPSec VPN's so you may want to give it a go. If you use a strong (long, random) PSK they are way more secure than PPTP. If you get IPSec up and running, then have a look at certificates which are even better for security than PSK's, but my routers are older and do not support certificates so I cannot give you any guidance.

I really do appreciate all the time you are taking to help me with this problem. Because there is obviously something wrong with the anti-virus package on the Site B PC I am going to wait till that is sorted out before I try any more changes to the router configuration.

Murray