Cisco Routers :: RV042 V3 Not Reconnecting Dropped VPN Tunnels?
Dec 18, 2012
We have numerous customers using Cisco / Linksys RV042 VPN firewall devices to connect to a central location via VPN tunnels. We have noticed that if there is an interruption to any of the tunnels, the RV042 v2 devices will re-establish the tunnel automatically, however the RV042 v3 devices will typically fail to automatically re-establish the connection and will usually require somebody to repower the RV042 or for somebody to clear the crypto session from the central router and then manually connect the tunnel from the RV042's VPN menu.
One of my colleagues setup two RV042 v2 devices for a site to site VPN for a customer and it worked fine. At some point they replaced one of the RV042 devices with a v3 device and since then they are having the same issue.We have this problem with several different version of the RV042 v3 firmware including the latest (4.2.1.02).
I have two Cisco RV042 Routers, they are being used to connect two offices, i have created a standard gateway to gateway connection, fixed public ip addresses on both sides and everything works fine, except when the tunnel gets disconnected, it does not connect back automatically, i have to log into either router console and click the connect button to get the tunnel working again, this is really annoying since it happens once or twice a day at least.
In common with some other reports, I've been having a problem with a keep-alive tunnel between a RV016 and a RV042 not reconnecting if the tunnel is interrupted (by the WAN connection going down). In this event the only remedies are to manually connect the tunnel or to power cycle the routers. The firmware is v4.2.1.02 on both routers.I solved the problem by enabling keep-alive on the RV016 and disabling keep-alive on the RV042. If I set it the other eay around (RV042 keep-alive and RV016 not) then it will not reconnect automatically.
I am a employed at a credit union with 17 branches. We have a mpls circuit connecting the branches to our main office. I setup DSL as a backup connection. I have 17 RV042 Cisco VPN Routers. I created a secure vpn tunnel for every branch to the main office. I made a delayed route in our main router to fail over to the VPN, in case the mpls failed. Almost everything works great except our ATM's are required to connect to a router at our main office to a different subnet than the tunnel is connecting, therefore not routing through the tunnel. I've tried creating another tunnel but only works with one of the branches, cause I get a conflict at the main office when I try a second tunnel with the same ip network. Also I tried routing all the traffic through the vpn by putting in the address 0.0.0.0 subnet 0.0.0.0, at the branch site. But I can only do that for one branch, The Downtown Cisco won’t let me create another tunnel with that setting.
Right now on my internet, we have U-Verse, so one router is the AT&T U-Verse one which is downstairs and I also have another router upstairs which is a Netgear oneThe problem is, the U-Verse always stays up, but on the Netgear router, it will sometimes randomly drop signal and the signal is no where to be found on devices with WiFi. I'd have to disconnect and reconnect the router for it to be seen again.They are both on the same internet network U-verse, I just have 2 routers because the devices I keep upstairs I connect to the upstairs router.
I have an old router linksys WAG54GS and now with my new internet connection gave me a HUAWEI 530.I'm still using linksys.So i wanted to connect the HUAWEI on the Linksys cause it has an external button for wireles, which Linksys doesnt.I followed the wizard you wrote.The DHCP off on the HUAWEI Different IP.So the Wired LAN worked fine, having an IP from the Linksys, but the wireless doesnt get one..I tried a lot of things on the huawei, nat off etc but nothing On the linksys i give on DHCP IPs from 192.168.1.105 - 7.I tried connect the netbook but only wired worked, not even my cellphone.
I purchased the RV180 to replace a dead Linksys BEFVP41 to connect a home office to HQ. The Linksys was configured with three IPSEC tunnels to connect to three different subnets all through the main HQ gateway. Note that each tunnel is independent with its own pre-shared key. I can configure the same tunnels on the RV180, and each one works correctly, but I can only get one to run at a time. I have to disable the other two. Enabling a second tunnel results in the No phase2 handle found error. I could not use the Basic VPN setup as it complains that the remote endpoint is already in use. I had to use the Advanced VPN Setup to create the IKE and IPSEC policies. In a different discussion [URL]
I was looking for a small business router that has VPN support and dual WAN support for load balancing. Upon reading reviews, I think RV042/RV042G is a good choice. Now am thinking if it supports intervlan/ router-on-a-stick configuration?
I have an issue with 2 site to site VPN tunnels from a RV042G router. The issue is for both VPN tunnels is that in the logs, it is showing that when the RV042G router is trying to establish the tunnel, it is getting a response from the remote gateway internal address and not the Public address of the remote gateways. On the remote gateways I have other site to site VPN's terminating fine and the tunnels are passing traffic. I only have an issue with the RV042. On the VPN Tunnel page it shows for both tunnels waiting for connection. This is an output from the log of the RV042G
Dec 17 15:19:48 2012VPN Log(g2gips0) #2174: sending encrypted notification INVALID_ID_INFORMATION to 203.43.XX.XXX:500 Dec 17 15:19:48 2012VPN Log(g2gips0) #2174: [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet Dec 17 15:19:48 2012VPN Log(g2gips0) #2174: [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet Dec 17 15:19:48 2012VPN Log(g2gips0) #2174: Peer ID is ID_IPV4_ADDR: '22.214.171.124' Dec 17 15:19:48 2012VPN Log(g2gips0) #2174: we require peer to have ID '203.43.XX.XXX', but peer declares '126.96.36.199' Dec 17 15:19:48 2012VPN Log(g2gips0) #2174: we require peer to have ID '203.43.XX.XXX', but peer declares '188.8.131.52' Dec 17 15:19:48 2012VPN Log(g2gips0) #2174: sending encrypted notification INVALID_ID_INFORMATION to 203.43.XX.XXX:500 Dec 17 15:39:50 2012VPN Log(g2gips1) #2192: [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet Dec 17 15:39:50 2012VPN Log(g2gips1) #2192: Peer ID is ID_IPV4_ADDR: '10.1.202.65' Dec 17 15:39:50 2012VPN Log(g2gips1) #2192: we require peer to have ID '203.47.XXX.XX', but peer declares '10.1.202.65' Dec 17 15:39:50 2012VPN Log(g2gips1) #2192: we require peer to have ID '203.47.XXX.XX', but peer declares '10.1.202.65' Dec 17 15:39:50 2012VPN Log(g2gips1) #2192: sending encrypted notification INVALID_ID_INFORMATION to 203.47.XXX.XX:500
VPN tunnel terminating on 203.43.XX.XXX is a Checkpoint firewall running R70 software version?VPN tunnel terminating on 203.47.XXX.XX is a Cisco ASA 5510 running ASA 8.2.4 software?As stated above, I have other VPN tunnels working fine. This RV042 is a replacement router as the original router suffered a power surge.
I connected the DSL (WAN1-Internet) port in and the Cisco RV042 was able to get an IP automatically. I tested the connection and it works just fine. Then I connect the Cable Modem-Comcast (WAN2-DMZ/Internet Port) in and I have the RV042 automatically optain IP address. But it just says 0.0.0.0. I've tried release/renew and that does nothing. Also, when I connect the 2nd Internet connection the Internet goes down. The only way it goes back up is when I disable under the PORT MANAGMENT setting.
All the settings have been kept to the default.How can I get the router to obtain an IP address from the Cable Modem-Comcast (WAN2 DMZ/Internet Port).
We have an Cisco RV042. We need to setup a VPN with a business partner who is already using our current IP scheme on another VPN with another client. They have asked us to NAT our IP's from 192.168.25.x to 192.168.245.x
I can't seem to figure this out on this router. I have done it on a Sonicwall and Watchguard, but can't seem to get it to work on the RV042.
I have setup the VPN and the One-To-One NAT. The tunnel will connect (using the 245.x IP as our local IP on the VPN setup), but no traffic will pass through.
i was planed to make a vpn over rv042 so i get the rv042 connected behind a thosmon 456(configured as a bridge) and 1 static ip ... and i configured the vpn and worked great ...but due to some circumstance i get a package of 6 ips insted of the old ip , so when i try to configure the router with the ISP they but the wan ip 10.232.x.x and told me that an internal ip from there lan ... and give me the 6 ip of 196.x.x.x to use as 1 for internal interface for the rv042 and 5 for the pc's,now the vpn not working anymore...notice: when try to configure the vpn tunnle in the local securty setting i mark the ip only and the ip that abear is the wan ip 10.232.x.x but i can't ping that ip beside i can ping the internal ip of the router 196.x.x.50does rv042 can support static and virtual ip inside the lan |! can i configure the thomson as pppoe and use one static ip from 196.x.x.x as wan ip for it ... and use anther 196.x.x.x ip for the rv042 to get access from outside and connect the lan to the rv042 with internal ip 192.168.x.x ...so i can access the vpn from outside .....and can connect the device i need to use static ip to the thomson ...
Firmware v4.0.4.02 has a nasty bug in the VPN section. If you switch to "IP by DNS Resolved" (yes, it says "Resolved" instead of "Resolution". Gotta love all the Engrish in the RV042!), it will automatically populate the field with "@yourdomain.com". This will cause the VPN to not lookup the proper IP address. Simply deleting the atmark after it populates will fix the problem.
Let's see what happens when we validate a Cisco RV042 webpage:
Errors found while checking this document as HTML 4.01 Transitional! Result: 353 Errors, 1 warning(s)
i am trying to make a simple Site to SiteVPN between two offices, one has Cisco ASA and one has RV042 router.when traffic initiated from ASA side, i keep getting this message in Debug and tunnel wont come up . [IKEv1]: Group = A.A.A.139, IP = A.A.A.139, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.Apr 26 00:15:53 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
whereas if traffic initiated from RV042 side, i keep getting this message in debug and tunnel wont come up.
Apr 26 00:43:44 [IKEv1 DEBUG]: IP = RV.RV.RV.139, Oakley proposal is acceptableApr 26 00:43:44 [IKEv1 DEBUG]: IP = RV.RV.RV.139, IKE SA Proposal # 1, Transform # 0 acceptable Matches global IKE entry # 6Apr 26 00:43:44 [IKEv1]: IP = RV.RV.RV.139, Connection landed on tunnel_group RV.RV.RV.139Apr 26 00:43:45 [IKEv1]: IP = RV.RV.RV.139, Connection landed on tunnel_group RV.RV.RV.139Apr 26 00:43:45 [IKEv1]: Group = RV.RV.RV.139, IP = RV.RV.RV.139, Freeing previously allocated memory for authorization-dn-attributesApr 26 00:43:45 [IKEv1]: Group = RV.RV.RV.139, IP = RV.RV.RV.139, PHASE 1 COMPLETEDApr 26 00:43:45 [IKEv1]: IP =RV.RV.RV.139, Keep-alive type for this connection: DPDApr 26 00:43:45 [IKEv1 DEBUG]: Group =
I have a RV042 router (Ser#: NKS10462300, HW V3) running Firmware version v4.0.2.08-tm (Jan 14 2011 22:08:38) set up as a gateway. Right after it boots I am able to long into its web interface but shortly after that if I try to log into it I go through a very log time out while the web page is waiting the router to respond and then eventually IE comes back and says it 'cannot display the web [age'.
I have a Cisco RV042 VPN Router and I have added a group vpn, but when I am trying to connect I got an error that the remote vpn server isn't responding.
Here's my log:
2013/01/15 12:24:53 [STATUS]OS Version: Windows 7 2013/01/15 12:24:53 [STATUS]Windows Firewall Domain Profile Settings: ON 2013/01/15 12:24:53 [STATUS]Windows Firewall Private Profile Settings: OFF 2013/01/15 12:24:53 [STATUS]Windows Firewall Private Profile Settings: OFF 2013/01/15 12:24:53 [STATUS]One network interface detected with IP address MY HOME IP
If I am trying to connect the status of the vpn user in the remote interface is "online".I have deactived my firewall at home and at the server for testing purposes.
I am looking to configure RV042 for VPN access to local machines and Win 2008 server. The story: Had issues with remote printers being created for clients logging into old Linksys RV042 with Linksys VPN software. First Tech exposed server without security, and it had to be removed as it was being attacked, but did not fix printing issue. 2nd tech could not get VPN to work after 1st tech. 3rd tech, 4hours, and I got that the router is a piece of ... So I'm out over 1000, and not able to have a simple router set up. The present situation. New RV042 with firmware V4.1.1.01, using Cisco VPN client 5.0.07.0410, most XP 32 bit machines coming into network, one 64 bit win 7. My clients have been unable to access their data for too long.
I'm trying to set up 2 subnet with two RV042 routers. One router will act as a gateway and both WAN ports will be used by two different isp connection. The first router (gateway) LAN IP will be 192.168.0.1/24. I would also like to set up another router behind the gateway with with separate subnet 192.168.1.X/24. And I would like clients on the 192.168.1.x subnet to use the internet through the gateway router and clients on the 192.168.0.x subnet to access resources on the 192.168.1.x subnet. Am I able to do this with two RV042?
The issue is when I am using PPTP the router seems to die, not every time but I would say about once a week now. I am the only PPTP user, simply using RDP. A few hours into an RDP session the PPTP connection drops and cannot be re-established, or quickvpn, nothing. Routing still works (somewhat, high latency) locally.
When I've checked the logs both times I see:
TimeEvent-TypeMessageSep 3 17:07:56 2012KernelOut of memory: Killed process 14354 (pppd). Sep 3 17:07:56 2012KernelOut of Memory: Kill process 14354 (pppd) score 177 and children. Sep 3 17:07:56 2012KernelOut of memory: Killed process 14367 (sh). Sep 3 17:07:56 2012KernelOut of Memory: Kill process 14354 (pppd) score 234 and children. Sep 3 16:46:41 2012KernelOut of memory: Killed process 14330 (pppd). Sep 3 16:46:41 2012KernelOut of Memory: Kill process 14329 (pptpctrl) score 134 and children. Sep 3 16:46:41 2012KernelOut of memory: Killed process 14324 (pppd). Sep 3 16:46:41 2012KernelOut of Memory: Kill process 14324 (pppd) score 177 and children. Sep 3 16:46:40 2012KernelOut of memory: Killed process 14328 (sh). Sep 3 16:46:40 2012KernelOut of Memory: Kill process 14324 (pppd) score 234 and children. Sep 3 15:36:15 2012KernelOut of memory: Killed process 14187 (pppd). Sep 3
I have an RV042 connected via VPN to the office (to a LinkSys DFL-700). Sometimes the VPN is dropped and never activates again. In this state, if I try to connect to the WEB interface, I can log in, but the router hangs at the login screen. I have to power recycle the router to make it work again.
Updated to latest firmware 4.2.1.02 for V3 hardware. The funny thing is that services from the WEB routed through to local IP adresses on the lan is still accessible. I have setup PPPT VPN on the router, and that also fails to work.
Is there, as a workaround, any possibility to access the routers reset page or access via TELNET to reset the router? This migth be useful, when I'm out. (I have a backup solution to access the local network at home).
I have just purchased the RV042 and while it is working great on WAN1 over Xfinity/Comcast broadband, I'm unable to get it working with my AT&T DSL for WAN2. I am planning on running this in failover mode - not load balancing.
The DSL modem it is connected to is a SpeedStream (hooking up laptop directly works etc. etc.). The SpeedStream is set to PPOE authentication passed in via the computer (in this case the RV042). On the RV042 side, I set it to use PPOE, using the credentials as given my AT&T DSL. The DNS servers are set to the ones recommended
i have setup vpn connection (client-gateway) using quick vpn ( default cisco) and third party like thegreenbow. connection is ok (established) but why from outside I can only ping to IP LAN PC , if I ping ip server the result is request time out(failed). I have been trying do this to 3 server ( windows server 2003 as OS).four your information I have made firewall "OFF" on all of those servers. the result is same, failed.
I'm tryig to put a computer into the DMZ and then access it from computers on the LAN using a local IP address. My reason for doing this is that I'd like my DMZ computer to be a locked down web server (just ports 80 and 443 open to the outside), but I need to be able to have more access to it from inside my LAN (e.g. I want to be able to SSH into it from the LAN).
Thus far I've been able to get a computer set up in the DMZ and can access the Internet from the DMZ computer. And I can access the DMZ computer from the LAN computers using the public address for the DMZ computer. But I can't access the DMZ computer from the LAN computers using a private address for the DMZ computer. see the attached file for a diagram of our current settings. A few descriptions:
- Verizon provides us with a number of static IP addresses, i.e. 184.108.40.206-12 (note these aren't actually the addresses, but representative).
-- In the RV042, I have the following configurations made: - Setup > Network > LAN Setting - Device IP Address = 10.4.20.1
I have a static DSL connection and my ISP is giving me 4 static IP's. I have connected my RV042 to the DSL modem and I have now 1 subnet at 192.168.0.0. What I want to create is a WEB server/ Email server, but to sit on a different subnet - 192.168.5.0. For now I have connected the server to the DMZ port, but I am unable to to access it from WAN, only from LAN. How to configure properly the 2 subnets (192.168.0.0 and 192.168.5.0) and how to forward my static address to the server which I which to be on the 192.168.5.0.
We are currently installing RV-042 V3 Dual WAN VPN Routers for a Customer with an HQ Office & 3 Branch Offices. The Customer recently requested to use the WEB Filter feature available in the RV-042 V3 Router to do the followng : - " Block all the HTTP Traffic Except for the company Website " We tried all the Combinations between " Access Rules " & " Content Filtering " available under the " Firewall " but we always reach the result that either to Allow ALL HTTP Tarffic to All Websites or to Block ALL HTTP Traffic.
how to Block all HTTP Traffic except for certain URL ( Using the URL Name NOT the IP Address ).