Cisco Routers :: IPSEC VPN - WRVS4400N To ASA 5510?
Oct 11, 2009
WRVS4400N Version V2.0.0.7.I have been attempting for weeks to connect an IPSEC tunnel between a Cisco ASA 5510 Version 8.0(2) and a WRVS4400N . Phase one seems connect okay, where as phase two always give me the errors below. This as far as I have got, I tried disabling keep alive monitor, the device never attempted phase 2. I have read endless documentation on both devices and tried almost every combination of setting that I am aware of. The best case scenario answer would be detailed steps on how to setup the IPSEC VPN (linksys) & the site to site VPN (CISCO) as I cannot find any reference material for this combination .
View 6 Replies
ADVERTISEMENT
May 15, 2013
I have a remote WRVS4400N that has a dynamic outside address that's initiating a connection to a ASA 5540 with a static address.
I'm all set on the ASA side. My questions relate to the 4400N. It doesn't appear to have a very robust configuration/setup available for L2L tunnels. For one my encryption is limited to 3DES.
But I'm wondering if I'm missing something in the config. I have to set up L2L tunnels to two other firewalls. One firewall has 3 discontiguous networks, and the other has 2. I have 5 tunnels setup, is this the only way? What I would like to see is 2 tunnels, one for each remote firewall, but then each tunnel would have access to the appropriate networks (like on the ASA side), is there anyway to do this? Perhaps a command line util for this unit?
My other issue relates to the tunnel-groups I have set up on my ASA's, and I would like to use appropriate names...however I can't seem to find a way to enable this to happen on the 4400N side....what I mean is I need a way to create either a "keyword identifier" or a "firewall identifier" on the 4400N and I don't see an appropriate field in the web interface.
View 3 Replies
View Related
Oct 17, 2012
i have a WRVS4400N Router and behind that router i am running a OPENSWAN Server. I know that the WRVS4400N has a VPN Service on board, but for specific reasons i'd like to use my own ipsec server.
The problem is that i cannot forward the IPSEC Paketes (4500 and 500) coming from the internet interface to the LAN. All other port forwardings like SSH works. I think the reason is that the IPSEC Services (Pluto, etc.) are already running on the router and therefore the pakets cannot be forwarded. The log shows all forwarded port (e.g. SSH) but does not show any IPSEC traffic.
I'd like to turn off the VPN Service on the router, but I cannot find any configuration switch that allow my to do so.
View 1 Replies
View Related
Jan 31, 2012
I'm trying to find a reference for how many IPSEC tunnels the WRVS4400N can passthrough.
View 0 Replies
View Related
Oct 7, 2011
I have a WRVS4400N, and need to apply access control to an IPSec tunnel that terminates at a client site, but can't seem to make the device comply.
I can configure ACLs on their device for the LAN to restrict packets coming back into my network, and can restrict packets outbound frm my LAN but that is hardly a secure method of doing this in my opinion.
View 1 Replies
View Related
Dec 15, 2011
All of my remote sites use various routers to route all of their traffic via IPsec. However, I have one WRVS4400N w/firmware 2.0.2.1 configured with a working tunnel. My issue is I need to set the Remote Group to 0.0.0.0 0.0.0.0 so all traffic is forced via IPsec tunnel and not out the local gateway. When I do the error, Remote Security Group and Local Security Group cannot be in the same network. However, it works with Cisco/Linksys RV042.
View 3 Replies
View Related
Sep 5, 2011
I have setup a ISA2006 as Internet firewall, and use 4400N as VPN Client, connect to ISA2006 via IPSec VPN, but it did not work.
Network topological as below:
Internet <------------> ISA2006 <-------------------------> local1 <------------>local2 <--------------------> WRVS4400N <----------> PC
Static Internet IP | 192.168.112.25 192.168.112.0/255 | 192.168.114.0/255
[Code]......
View 1 Replies
View Related
Apr 29, 2013
I tried any type of combination and just couldn't make it works. Only PPTP works well. Whether Apple iOS IPSec VPN is supported or not?
View 11 Replies
View Related
Jan 29, 2012
Just bought 3 WRVS4400N, I wanted to setup gateway to gateway VPN. I followed the instructions on the WRVS4400N admin guide and VPN does not connect. I also downloaded the VPN setup wizard and that also did get the gateway connected. Everything seems to be correct. Do I have to enable anything else? Firewall setting?
Below is my config.
IPSec VPN Tunnel: Enabled
Tunnel Name: TUN01
Local Security gateway: IP only
WAN1 IP: 192.168.100.1
SUBNET: 255.255.255.0
Local Security type: subnet
LOCAL IP: 10.10.10.1
SUBNET: 255.255.255.0
[code]....
View 1 Replies
View Related
May 5, 2012
i have started managing a asa 5510 firewall which is already having 10 ipsec tunnels , the problem i am facing is they are configured as "ipsec vpn map"
i have attached sample config, i am finding it difficult to understand the parameters used in each tunnel as the configration seems bit complex to me, how it works .
View 9 Replies
View Related
Mar 10, 2011
I need to create a IPSec Site-Site VPN in the Single mode firewall. Is it possible to create the tunnel. I have ASA 5510 Security Plus with Ver 8.3
View 5 Replies
View Related
May 12, 2011
We're in the process of setting up an ASA 5510 as our main VPN appliance.
The Outside interface of the 5510 faces our DMZ, the Inside interface sits on our main network. The 5510 uses radius for authentication going to a server on the same subnet for the authentication. That works fine. VPN client can connect to the 5510 and successfully authenticate. Routes are pass through to the VPN client, no problem. PC with VPN client can access internet (which is by design, it should use it's own internet connection), but cannot ping/access/trace over the tunnel at all.
My hunch is that this is a nat issue - but I am confused as to how the NAT should be configured - I've tried several configurations with no luck.
The VPN client is set to pull an ip address from the pool - 192.168.56.10 - 100. The 5510 is sitting on a separate subnet (50.x/22). This seems to work on the Cisco 1700 that it will be replacing just fine. I mirrored routes and ACLs as well onto the new 5510. No luck. Client connects, authenticates, pulls an IP address and routes, but can't see anything on the inside of the 5510.
View 24 Replies
View Related
May 17, 2012
I have an ASA 5510 running 8.4(2) which has a site to site IPSec VPN to a 3rd party who run some form of Checkpoint. The VPN establishes and allows access to a server in our DMZ on all ports that we have tested (so far HTTP, SSL, RDP, FTP) except for SQL which doesn't even seem to reach the server. I've got Wireshark running on the DMZ server and if the 3rd party initiates a TCP conversation from their server on any of the working ports to the server I see all of the expected packets arrive with the correct IPs etc (no NAT takes place across the VPN) but when an ODBC client attempts to query the SQL server on our DMZ box the packets do not arrive at the server. What I can see is the RX byte count on the VPN increasing each time the query is run but definitely no SQL arriving at the server.
Also if I revert the ASA back to the old PIX it has replaced with the same VPN config but on version 7.x then it works just fine.
View 16 Replies
View Related
Aug 6, 2012
We have an ASA 5510 running 8.3 that we need to use to terminate a LAN to LAN IPSEC VPN.
Problem is we only have one public address available so have had to configure the link between the ASA and the Internet Router on private addresses.
Is it possible to NAT the public address to the inside or outside interface of the ASA and terminate the VPN on that interface?
View 7 Replies
View Related
Aug 31, 2011
I have been given the following details by a company for us to connec to their IPsec VPN.
IP Address 200.9.21.214
VPN Device Description Cisco ASA
VPN Device Version 5510
Encryption Domain 10.152.24.10
Authentication Method Pre Shared Key
Encryption Scheme IKE
[code]....
I was going to use VPNC with linux but the company said they do not use remote access. So I tried a draytek vigor 3300v, that as well did not work. Had very bad logging so i couldn't troubleshoot.In the end I have decided to buy the cheapest cisco device that will allow me to connect to this.
View 3 Replies
View Related
Jul 5, 2011
Right out of the box, the WRVS4400N [firmware v2.0.1.3] I just purchased says the WAN interface is DOWN; and it simply will not obtain an IP address from the Arris TM602G cable modem it is attached to. Internet still runs great on the old WRT54G. Is this WRVS4400 DOA? Or is there some arcane setting the quickstart guide overlooks? OR?
View 2 Replies
View Related
Dec 7, 2011
I'll just use the 4400n to provide DHCP to my two VLANs and then a new problem cropped up. I am unable to add a default route to the 4400n's DHCP server. It uses the 4400n's vlan IP as the default route. What I'm trying to ultimately achieve is to configure the 4400n as an access point for our "private" network on vlan1 and also "guest" access to the internet on vlan2.
View 12 Replies
View Related
Mar 3, 2013
I'm having problems trying to establish a IP Sec tunnel from the office to home. All of our machines are Macs so I have been using the directions described in "How to create an IP Sec tunnel for MAC Clients, A QVPN alternative" but I still can't get it to work. My setup is as follows:
The office is connected to the outside world through a MODEM (Sagemcom 2864 Connection Hub). This MODEM is also a wireless router. It's DHCP server provides addresses 192.168.2.x.The WRVS4400N's WAN port is connected to one of the LAN ports on the MODEM. It's IP address from the MODEM is 192.168.2.x. The WRVS4400N provides addresses 192.168.21.x to devices connected to it.We have a DynDNS account and are using the DDNS client on the WRVS4400N router to connect to it.At home, we have a DIR-655 router with IP Sec Passthru enabled. The router provides IP addresses 192.168.1.x for all devices connected to it. I am fairly sure there are no issues with the router setup at home since I am able to VPN into the office of my full-time job without any problems. I have tried just about everything I can think of but have not been able to get this to work. setting up the Local and Remote Group Settings on the WRVS4400N and the IP address settings in IP Securitas?
View 2 Replies
View Related
Sep 16, 2011
Ive setup a few WRVS4400N over the past 6 months, and have been receiving the below message from some of them every couple of hours.What does the message indicate?
View 1 Replies
View Related
Sep 15, 2012
I have successfully got QuickVPN working from Windows 7 64bit into my WRVS4400n. The router is sat behind another router/modem (Belkin) as the UK uses PPPoA and the WRVS4400n doesn't.So I set up DMZ and changed the DHCP to always allocate 10.x.x.2 on the Belkin which is the WAN side for the WRVS4400n as it is the only thing attached.I have now noticed, and I'm not sure whether it was the case before, that the DNS that the WRVS4400 is showing is the LAN address for the Belkin Modem/Router (10.x.x.1), not 192.x.x.1 for the WRVS4400n itself. I assumed setting the Static DNS 1 on the WRVS4400n would do it, but it didn't?When I connect into the network with QuickVPN, the computer names do not show even though I have selected the option in QuickVPN?
View 1 Replies
View Related
Aug 8, 2011
Our business was looking at purchasing one of these Cisco routers and were curious if it supported WPA2 EAP-TLS?
View 2 Replies
View Related
Jul 23, 2012
I have 2 WRVS4400N's available to be. One is running my network and security connected to my WAN.I want to use the other one stricly as a switch or even adding wireless repeat of my current wireless LAN.
View 1 Replies
View Related
Dec 16, 2012
Recently installed a WRVS4400N router on my home network. Prior to that I was using the wireless built into my FIOS router. I wanted something more secure so I went with the WRVS4400N. I turned off the FIOS wireless and am only using the cisco wireless.
Im having intermittent issues with the wireless. I have many things hooked up to my wireless including a HP printer and a Sonos system. Most of the time if I just open my ipad I cannot see anything else on my network including the printer. If I try to see the Sonos system can cannot, sometimes I can open the app on my iphone and then I can see it.
Sometimes I can see the printer and sometimes I cant. Sometimes when I do see it and then print to it, it will be gone before it even prints.
I don’t seem to have any issues thru the LAN connections.
Also, ive noticed that the wifi is much slower than the old FIOS box.
FYI, when I remove the cisco and fire back up the FIOS wifi I don’t have any problems at all at any time. And its much faster.
I have tried channel 6, 11 and auto. Also turned off IPC and still no change.
View 1 Replies
View Related
Aug 5, 2012
I have a gateway to gateway vpn (home-office) working fine for almost an year btw 2 wrvs4400n routers, This morning, the VPN tunnel was down. I clicked "Connect" from the web based interface, but it does not reconnect.
I tried setting up a new tunnel using the VPN setup wizard, but it says it can't connect to the remote router. Which is strange, since I can ping there normally.
View 2 Replies
View Related
Oct 15, 2011
I'm having a heck of a time connecting the WRVS4400N VPN to another WRVS4400N VPN. both of the routers have the current firmware version V2.0.2.1: Router 1 is below, and router 2 has the matching configuration with as it should be the local group being that routers local information and the remote crew set up being router ones information. the status is up on both of the routers, but I'm unable to ping the remote gateway or any device behind it.[code]
View 5 Replies
View Related
Nov 13, 2012
I have an ASA 5510 running ver 8.0(2) that has (4) Ipsec tunnels going from it to various other locations. I am having an issue with data transfer speed on only one of the Tunnels. This tunnel is between the 5510 and the 5555, on that link I am getting a dat transfer rate of a little over 120k a second, whereas if I pull the same set of files from another location I am seeing a transfer rate of 5m per second.
I have verified that it is not a capacity issue on the Internet bandwidth on both locations, and I can pull the same data from the same location to various other locations via Ipsec tunnels, I am only having an issue with a specific tunnel going from the 5510 to the 5555.
Since it is not affecting other tunnels on the 5510 nor is it affecting tunnels on the 5555 going to other locations, I am leaning toward a routing issue within the ISP? I will say the ISP is taking me a long way around to stay in the same Metropolitan area.
View 1 Replies
View Related
Jun 8, 2011
i've an Cisco ASA 5510 with Security Appliance Software Version 8.0(2), in this ASA i've many L2L tunnels to this ASA, anda sometims new tunnels can't connect, the older tunnels still ok and working, yesterday this situation occured again and i've tried to clear all ipsec tunnels and try to reconnect again no one cames up again. At the time of this situation memory usage was about 78% and CPU is was around 5%. I've made a reload without changes and the situation returns to the normality.
At the time of the fail i've collect the outpu from debug crypto isakmp 255, the outpu was in the annexed file.
View 1 Replies
View Related
Mar 28, 2013
I've got random connection issue when I try to connect to a VPN gateway through an ASA 5510 (IPSEC client ->ASA 5510->VPN Gateway).
When the tunnel is coming up, those two lines appears in the captured traffic on the internal interface :
<private internal IP>.500 > <destination IP>.500: udp 541
<public external IP>.500 > <destination IP>.500: udp 541
When it's not coming up, the port nuimber for the public IP is not 500
(private internal IP).500 > (destination IP).500: udp 541
(public external IP).442 > (destination IP).500: udp 541
I don't understand why sometimes the port for the public external IP is 500 and sometimes not.
View 1 Replies
View Related
Jul 16, 2012
We have built IPSEC VPN over MPLS P2P circuit between Head & Branch office using Cisco ASA 5510. Client systems at Branch office connects to Citrix app at Head office, but it gets disconnect intermittently for all user. if any recommendations/changes required for Citrix App whn passing over IPSEC VPN/ ASA.
View 2 Replies
View Related
May 22, 2013
I have a 5510 that i have configured for L2TP over IPSEC, not using AnyConnect. The first, and most prevelant being, VPN clients are unable to ping/access any of the hosts that are assigned a static NAT from the inside interface to the outside interface. I was able to circumvent this by adding another static NAT to the public interface for the incoming clients, but this caused intermittent connectivity issues with inside hosts. The second issue involves DNS. I have configured two DNS servers, both of which reside on the internal network and are in the split_tunnel ACL for VPN clients, but no clients are using this DNS. What is the workaround for using split tunneling AND internal DNS servers, if any?
i've had two different CCNA's look at this numerous times to no avail. A ping from a VPN client to any internal host works fine, unless it is one that is NAT'd. You can see in the config where i added the extra STATIC NAT to try and fix the issue. And this works perfectly across the tunnel but only intermittenly from the internal 10.1.4.x network. [code]
View 1 Replies
View Related
Oct 27, 2011
I have a 2811 that is my HQ router with a 10MB pipe. I was trying to configure a IPSEC tunnel to connect to my ASA that has access to our companies internal servers on the 10.33. and 172.16.31 network. I am having a problem getting phase 1 to even come up. I've looked over the configurations and unless i'm overlooking something I dont see what could be keeping it from at least completing phase 1
Below are the configs.
2811-CFG
crypto isakmp policy 10
encr 3des
hash md5
[Code] ....
View 6 Replies
View Related
Oct 11, 2011
I currently have an ASA 5510 setup with Dual homed ISP's and a remote access IPsec VPN setup to terminate at either interface. The first interface is named Outside and the second is simply called Outside-2. When outside the company(such as at home), the VPN client will connect on the Outside-2 interface and work normally. The problem is while testing on our DMZ, the VPN Client will not connect on the Outside-2 interface. It will try that interface fail to connect and then connect to the backup Outside interface. This isn't a huge concern because it still connects, but if we were ever to get rid of one of those connections, it would be nice to reliably test from our DMZ.
View 1 Replies
View Related
Jan 18, 2012
I am trying to pass Traffic thru the IPSEC tunnel but it does not work ([Cisco Router 892] <---> [Cisco ASA 5510] <---> [Cisco Router 892]) The Cisco ASA 5510 doesn't pass traffic UDP=500 & UDP=4500 ports...
View 1 Replies
View Related
