I was hoping that the latest firmware would fix my (2) 'bugs', but it did not. We are using the RV042s at our remote medical clinics as an end-point VPN router to our Nortel 1700 VPN router, replacing our old Nortel Contivity 100s.When I try and do a reset when connected remotely via the WAN interface, the RV042 hangs and will only reset by re-powering.
View 1 RepliesWe are using router RV042 since last three it's working fine with single broadband connection but when we are using as a load balance it will hanged three or four time in a single day. I have updated firmware also but still my problem is not resolved
Below is my router detail.
CPU: Intel IXP425-266
Firmware version : 1.3.12.19-tm (Feb 13 2009 13:03:21)
DRAM : 32M
Flash : 8M
Latest firmware is v4.1.1.01-sp.bin but it will required v3 hardware, I don't know how to check hardware version.
I have two 5510's that I am trying to get a tunnel established. One has an exsistinig tunnel to a 5505 that works but I cant get the next one to get past the first phase. I have sanitized the attached configs
View 5 Replies View Relatedi successfully established site to site with 2 two ASA 5010. The problem is that traffic on not passing, This is current setup:1) Left side : only 1 private network 3) Right side : 1 private network, management network, 2 DMZ networks with public IP, On right ASA some netting is setup so servers in DMZ can be reached from private network. The goal would be that VPN client on left side can reach all resources on the right side (except management network, Just to get things going tunnel is built with only left and right private networks, but after tunnel is established i can't ping anything on other side.
View 4 Replies View Relatedhow to establish tunnel between rvs 4000 and rv042 ?
View 2 Replies View Relatedhere's my setup :
office 1 :
rv042 hw3
ISP:Obtain an IP automatically
office 2 :
rv042 hw3
ISP:PPPoE
VPN tunnel between both rv042, everything's fine but when i try to ssh from office 2 to an office 1's server, my connection drops.
When it drops, i can still ping pc in office 1, this is really strange!if i change the office 2 ISP to another provider (obtain an IP automatically) everything's ok !
i try to use another PPPoE ISP for office 2 and it's doing the same thing!I've also tried other rv042 in both locations with the same setup and it's doing the same thing, so it's not a router issue.
i've tried older firmware and it's doing the same thing, so it's not a firmware issue!
I have configured a VPN tunnel between two remote locations using static IP addresses on two RV042 routers. The tunnel seems to work but the problem is that when the two hosts attempt to ping each other only one can successfully ping. One PC with IP address 192.168.1.100 can ping across the network but the second PC with IP address 192.168.2.100 cannot. These are laptops seperate from the intranet used to test the tunnel. Someone had suggested NAT may be the issue so I enabled NAT Transverse on the routers but still no luck. The following is the results from a ping test.
PC 1
ping 192.168.2.1
Pinging 192.168.2.1 with 32 bytes of data:
Reply from 192.168.2.1: bytes=32 time=116ms TTL=63
[Code] ......
We have 4 RV 042 routers and cisco router at HQ, we have Site to Site VPN tunnels in between, All branch offices are connected to HQ via S2S VPN tunnels
10.10.1.0/ 24 HQ
10.10.2.0/24 Branch 1
10.10.3.0/24 Branch 2
10.10.4.0/24 Branch 3
10.10.5.0/24 Branch 4
now lets say i am branch 1, i can access 10.10.1.0/24 network but cant access 10.10.5.0/24 network, means i dont have branch to branch connection, it should be through HQ, means my RV042 at brnach should fwd all traffic to HQ for another branches also. Under VPN tunnel if i try to configure remote destination 10.10.0.0/21 its not allowing me it says network overlaping with local network, how i can sole it, I know how to do in cisco, we can permit those networks in access lists.
I'm having some problems getting an ipsec tunnel established between a cisco 887VA router and a cisco srp527w router.I am working from a few text books and some example materials. I have worked through many combinations of what I have got and am still struggling a little bit.I look at debug results and it appears as though the policies do not match between the devices:
Jul 23 05:44:37.759: ISAKMP (0): received packet from XXX.XXX.XXX.XXX dport 500 sport 500 Global (R) MM_NO_STATE
broute1#
Jul 23 05:44:57.079: ISAKMP:(0):purging SA., sa=85247558, delme=85247558
broute1#
Jul 23 05:45:17.031: ISAKMP (0): received packet from XXX.XXX.XXX.XXX dport 500 sport 500 Global (N) NEW SA
[code]....
Some specific questions:
1) on the SRP in the example's I have used (and I have a few SRP->SRP VPN's that work) I see you need to enter the preshared key, I'm not seeing in the examples I have used anything about the IKE preshared key on the IOS box. Any examples where you use the preshared key for IKE? I wonder if this is my primary issue as it states clearly in the log that there is no Preshared key :|
2) I have used a mish mash of names between the various sections as on the SRP the naming convention isnt the same; ie: which parts of the IPSEC negotiation come from the IKE policy section and which from the IPSEC policy section. Do the names really matter across different ends of the VPN?
3) I notice when I perform this command in the(config-crypto-map)#:
set peer FQDN
It is converted to:
set peer XXX.XXX.XXX.XXX
Is this expected? I want the device to look at the FQDN as this particular host is using DDNS and not use a static IP address.
I have an RV042 VPN tunnel with an RV082.The RV042 has a public IP Address obtained by PPPoE, the RV082 has a public IP Address obtained via Static IP.The problem I see is a really slow performance. Both internet conections are idle and the performance is about 2 or 3 kbyte/s My question are if I should I enable any of this:
- Agresive mode
- NAT Traversal
- IP Compresion
- Dead Pear Detection
How can I troubleshot this slow performance?
i have 2 RV048 and one RV016
I have established VPN gateway to gateway tunnels; all routers use functional DYNDNS
IPrange site 1 192.168.123.1-254 external adres x.y.z.w
IPrange site 2 192.168.124.1-254 external adres a.b.c.d
IPrange site 3 192.168.122.1-254 external adres e.f.g.h.i
site 1 with 192.168.123.x has two win 2008R2DC servers, running AD, DNS, DHCP, RRAS with address 192.168.123.4-5
i can ping the routers only if i add the route to it but cannot ping further (route add command)
if i dont establish the route then nothing pings
How can i use the tunnel to connect to the servers in site 1
I configured ASA5520 and RV042 for site-to-site IPSec VPN tunnel.Tunnel get connected, but no ping, no traffic between both end network.
Network:
=======
192.168.113.0/24----------192.168.113.6 -ASA--------public, static IP address------Cisco 2821--------Internet
192.168.10.0/24-----------192.168.10.1 -RV042-----public, static IP address------Cisco 2821--------Internet
ASA5520 config:
----------------------
name 192.168.10.0 VPN
!
interface GigabitEthernet0/1
nameif NET
security-level 100
ip address 192.168.113.6 255.255.255.0
[code]....
Im able to create a gateway tunnel with two rv042 routers in different locations ( i can see the tunnel connected in the router) but the quick vpn utility is not working , i also tried to use the pptp as server as an alternative( im able to connect using windows connection to the pptp server but whenever I browse any of the four ip's allowed for the pptp server \10.0.0.200-204 it takes me to the documents of the local computer....I attached the configuration for one of the routers it is the same as the other end , just the information is flipped.
Message was edited by: Adrian Torres
I make a vpn site-to-site IPSEC tunnel between 2 RV110W the above ,you will find the configuration
Site1
Site 2
always the same message
I have now the sa`s stablished between SRP527w and cisco 857, but If i ping from a host of Cisco side to a host of SRP side I get only rx traffic on the tunnel, the stats keep tx at 0 and ping is not answered.My tunnel is to send some voice call into IPSEC tunnel keeping DSCP bits, It comunicate SRP voice vlan with Cisco lan.
I have on SRP 2 vlans:
1 Vlan for data on ports 1,2 and 4
1 voice vlan on ports 1,2,3,4.
I connect a netbook to port 3 and I can connect to internet but I cant reach by ping the other side of the tunnel?Maybe traffic from voice vlan is being natted with data vlan ip address?I need all traffic must go into the tunnel without being natted, on cisco side I have a policy to avoid nat but don know if SRP have any problem about it too.All gateways are ok ?
Few months back I had purchased this Router. But I did not use it till last week. Since the time I have installed it, it does freeze often (between 5 to 30 hours).
I can connect to devices within the subnet, but not elswhere. I have to remove the power and plug it back for it to respond. I have updated the firmware to the latest one that was on the Cisco site.
we are trying to establish VPN tunnel between ASA5550 and RV042. The tunnel is connected but I cannot access any resources that are behind ASA5550. I can ping the servers but that is about it.
View 1 Replies View RelatedI have an ASA 5510 at V8.2(5) with something near 20 site to site VPN tunnels. I am having a problem with 1 tunnel to a RVS4000. The tunnel is completely closed and reset during Phase2. Here is a small snipet at the time of the tunnel reset
x.x.x.x, Username = x.x.x.x, IP = x.x.x.x, Session disconnected. Session Type: IPsec, Duration: 7h:36m:30s, Bytes xmt: 333755, Bytes rcv: 86281, Reason: User Requested
Followed by Group = x.x.x.x, IP = x.x.x.x, Active unit receives a centry expired event for remote peer x.x.x.x.
We use a number of connection oriented sessions and this blowing them out of the water. all other tunnels are up for DAYS to more than a Month.
I'm trying to figure out what's wrong in a LAN having 70 computers.There are three routers in the same subnet with three switches (kinda crappy). DHCPs are off.The problem is that randomly the routers are losing their configurations or the network hangs a lot. There is no problem in the routers (tested many times).The thing is that when i start packet sniffing over the network using wireshark there's a big flood (over 10.000 packets in a sec) coming in a internal ip inside the network ex. 192.168.1.60.Next thing is that when one of the routers shuts down manually, the other one is losing it's config. Today, when i went to check 192.168.1.60 i saw the power plug was not connected, when i re-plugged it the flood was gone. (the computer was turned off).I enabled SPIs / firewalls in all of the three routers and there is no problem yet.
View 5 Replies View RelatedI have VPN Gateway to Gateway VPN tunnels set from my central office to four remote sites. The tunnels have always been problematic. Started out with five Linksys RV042 v2 devices these had problems with handshake, sometimes would disconnect during this process and had to click disconnect button on either device and this wouold force the tunnel to rebuild. Recently upgrade central device to a Cisco RV042 v3 device. Good news is that this seems to have corrected the handshake issue but now each of the remote sites are having problems during periods of inactivity losing tunnel. The staff at the remote site indicate that they have to close out application and restart router to rebuild the tunnel.
All tunnels are Gateway to Gateway static IP addresses. They all will connect and behave as expected until they reach a certian period of inactivity. I have searched all over Cisco, Linksys, and Google have seen problems similar but no consistant or logical solutions so I thought since I am slowly upgrading my network from my initial equipment which was truely purchased based on cost alone to adding more Cisco equipment. However since this is among the first of my upgrade moves and the improved equipment is creating more problems than my older less expensive equipment I needed a solution to the problem before submitting additional PO's to upgrade switches and firewall products.
I have a two RV042 VPN Router, I successfully connected the IPSEC tunnel. I cannot route Traffic in the tunnel. See the diagram.
MAIN Network
10.252.x.x
-------------->
FIREWALL
a.a.a.1
INTERNET
RV042a WANa <<------------------------------->> WANb RV042b
a.a.a.2 b.b.b.b
In this manner the network of b.b.b.b wil connect to the Main Network 10.252.x.x, unfortunately I can't pass traffic to RV042b going to RV042a. Everytime I trace the route, the traffic goes outside the Internet not to RV042a.
I don't know if this is in the right section, but I cannot set up a vpn tunnel between an asa 5510 and a cisco rv042 router. I believe the problem is because i need to set up a nat exempt rule on the rv042 route but don't know how.
View 1 Replies View RelatedJust bought myself an ASA5505 to replace a PIX 501, and having transferred over most of the previous config I've managed to get the two IPSEC VPN tunnels working as before.
Unfortunately when I try and SSH to the ASA the connection just resets instantly even when the tunnel is up. It seems as if the ASA is actively refusing the connection, though the log doesn't state this. I had always presumed that traffic over an established IPSEC tunnel was implicitly trusted and not subject to usual access-list rules.
I am unable to SSH to the ASA from the 10.0.0.x range, but I can SSH to a machine on 10.27.0.4 (so I know the tunnel is up and working)
Config (minus irrelevant sensitive information) is attached for reference.
Also - though I'm not sure how relevant it is given the tunnels appear to work - when I enter the line "crypto map meepnet-map interface outside" in config mode the ASA reports "WARNING: The crypto map entry is incomplete!" even though I have supplied the access-list, peer and transform-set variables.
We are facing a strange issue with GRE tunnel. We are using this tunnel from a branch office to Hub office. All other tunnels terminated on Hub router are working fine. Issue with this tunnel is that whenever WAN connection goes down Line protocol on tunnel interface some times comes up and sometimes not (therefore we have to reset the tunnel interface and it comes up). IOS used on this router : c2900-universalk9-mz.SPA.152-1.T2
View 5 Replies View Relatedconfigure ip-sec vpn tunnel between ASA5525x and RV042
View 5 Replies View RelatedI am using a Cisco RV110W (Firmware 1.2.09) in a branch and I would like to create a VPN Tunnel to another site that has a Cisco RV042 (firmware v4.2.1.02)
What would be the correct Configuration? the current configuration I am using is
in the RV042 i am using
Check Enable
Local Group Setup
Local Security Gateway Type : IP Only
IP Address : RV042 Pulbic IP address
[Code].....
I installed a 1941 router with an encrypted GRE tunnel yesterday. The router has ipbasek9 and securiyk9 licensed. Initially the router was running the image c1900-universalk9-mz.SPA.150-1.M5.bin and was working fine. The tunnel was up and passing traffic. I then upgraded the IOS to c1900- universal k9-mz.SPA.151-2.T2.bin and when I reloaded the router the tunnel was stuck in a reset/down state. I tried doing shut/no shut on the interface and reloading the router again, no change. Being under some time pressure to get the device back into production I rolled back to the previous IOS image and the tunnel worked fine again. Is there a known bug that causes this behavior? I have searched cisco.com but have not found one. [code]
View 1 Replies View RelatedI have a client that needs to establish a IPsec tunnel to a large organization. They will not forward any traffic to an IP using private reserved IPs. However I am not finding another way to accomplish this. I tried ipsec to the router and using a second IP to a 1:1 Nat but it will not pass the traffic and would seem really insecure from the public internet. 1:1 Nat does work from the public internet but not over the tunnel.I have an RV042 a /29 block of IPs. I am at a loss of how I can accomplish what they want without allowing a private IP.
View 1 Replies View RelatedEnvironment :linksys wrt300n v1.1 which can have ddwrt-mega. Willing to tunnel all lan's outbound traffic through an ssh tunnel.
View 2 Replies View RelatedI have a remote location that has a Linksys/Cisco RV042 router [URL] that allows PPTP connections based on username and password combinations. There are no intermediary routers between this device and the internet - only a DSL modem. A secondary WAN connection is not present.
I am able to dial into this VPN using the Windows XP and Windows 7 dialers from any of my local free-wifi locations(e.g. Starbucks). I WAS able to connect to this VPN connection from my house when my home router was a Buffalo brand router.
I have replaced the Buffalo router with a 2620(non-XM) that is connected in ROaS fashion to a 2950 switch. I need some guidance on what in my config is not allowing me to connect to this remote site.
Home network info: Local subnets : 192.168.x.x
Remote network info: Local subnet : 10.214.x.x
The Windows XP dialer client indicates that the username and password challenge is where the connection fails. It ultimately gives me the error code 619. I have performed a Wireshark packet capture of an attempt to connect from ip 192.168.10.11. This packet capture shows multiple "Configuration Request" packets being exchanged between the two endpoints, but does not ever show an exchange of authentication.
My nat translation table shows an entry for both a GRE tunnel as well as port 1723 between 192.168.10.11 and the WAN port of the RV042 when attempting to establish this VPN.
I have attached my 2620 configuration for your review.
i have 2 rv042 with a vpn tunnel between them.the problem is that i can't access https over the VPN !if i telnet 192.168.10.1 443 through the VPN, it's not working either. if i telnet 192.168.10.1 443 in my 192.168.10.0 network it's working so it's reall the VPN tunnel the problem.
View 1 Replies View RelatedSetup is two dynamic IP locations
1. first location RV042 is the gateway attached to ADSL modem
2. second location RV042 is behind BT home hub gateway - for now the BTHH DMZ is enabled to the RV042
Followed the user manual config for two dynamic IP but it seems that the RV042 behind the BTHH obviously has a different IP than the resolved IP and is causing problems with connection.
This from the log file:
Jan 14 15:04:16 2011 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
Jan 14 15:04:16 2011 VPN Log [Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 1st packet
Jan 14 15:04:16 2011 VPN Log Aggressive mode peer ID is ID_IPV4_ADDR: '192.168.95.139'
Jan 14 15:04:16 2011 VPN Log No suitable connection for peer '192.168.95.139', Please check Phase 1 ID value
Jan 14 15:04:16 2011 VPN Log initial Aggressive Mode packet claiming to be from 81.156.xxx.xx on 81.156.xxx.xx
But no connection has been authorized,check peer ID Is there some way of making the RV042 behind the BTHH properly identifiable to the other end?
This is the RVS 4000
Firmware version 1.3.3.5
STAR 9202 Chipset
64 MB DRAM
8MB Flash
DOS, Block WAN Rq, Remote mgmt all OFF
IPSec Tunnel none used
[code].....
Every day or so the Router becomes unresponsive to the HTTP mgmt interface, as well as it no longer offers DHCP services.then this happens the only remedy is to power reboot.
Everything comes back online just fine, however, the LOGS are initilaized so no data to figure out what`s going on.My next step is to setuo a syslog server and have the logs copied out.( No, I have no Torrents running at all, but I do have several devices like AppleTV, PS3s etc that run streaming Video plus I have the SPA3102 )