Cisco Routers :: RV082 V3 Load Balancing (Protocol Binding) With IPsec Tunnel?
Mar 14, 2013
We have tried a variety of options in an attempt to use Load Balancing (Protocol Binding) with an RV082 that has a site to site IPsec tunnel with another RV082. Both are v3.
Here is the issue. We have dual ISPs, one has great bandwidth, but we incur overages. The other has mediocre bandwidth, but has unlimited usage.
GROUP1 - We want most PCs to use the "unlimited" ISP for general surfing, email, etc. (Bound all ports for range of internal IPs to ANY dest to WAN1)
GROUP2 - We want to use the "faster" ISP for our VPN tunnel (mostly RDP and SIP traffic). (Bound all ports for range of internal IPs to ANY dest to WAN2)
So far everything works. The router will route traffic appropriately and GROUP 1 uses WAN1 and GROUP 2 uses WAN2.
Unfortunately, sometimes GROUP1 users need access to resources over the VPN (WAN2).
There is something not right with the routing. For example GROUP1 can ping and receive responses from devices on the other side of the tunnel, but GROUP1 can't access intranet sites on the other side of the tunnel. They also can't RDP to PCs on the other side of the tunnel.
Why does the router correctly route ICMP, but not RDP?
We've tried adding additional protocol binding rules for specific ports(80, 3389, etc) and ip ranges (both local and remote) to see if we could force GROUP1 traffic destined via VPN through WAN2, but it doesn't work.
Shouldn't VPN tunnels created and configured in the RVs not adhere to protocol binding? It just seems logical to me, but maybe I am missing something.
View 7 Replies
ADVERTISEMENT
Oct 6, 2012
I have dual WAN connections on rv042G in "office 1". LAN is 192.168.10.x
A gateway to gateway VPN is made with another "office 2" on rv042G too.
The goal is to reach the LAN of the other "office 2" : 192.168.5.x
Working good. Now I need to use protocol binding : One LAN ip need to use WAN 2 : All traffic :192.168.10.77~77(0.0.0.0~0.0.0.0)WAN2 -> Working
The rest of LAN should use WAN 1 (same as the VPN) When I create this rules, I can't reach the "office 2" LAN : All traffic : 192.168.10.100~150(0.0.0.0~0.0.0.0)WAN1
What should I do to make it works ?
View 13 Replies
View Related
Mar 6, 2013
I am trying to make this router prefer Wan1 for outbound while listening to both WAN ports for Inbound. I set it to Load Balance mode and added in a rule for Protocol binding:
All Traffic( TCP & UDP/1-65535)>192.168.1.1~192.168.1.254(0.0.0.0~0.0.0.0)WAN1 ENABLED
This says bind all Outbound traffic to anybody to WAN1
My Wan 2 connection is over satellite so it is easy to tell if a ping is going over Wan2 because the latency is >600mS
If I start a continuous ping to outside site - eg Yahoo.com then if I Fail WAN1 I see the ping latency Jump from 30mS to 700mS as it starts to use Wan2. If I restore the Connection to Wan 1 then the pings stay on WAN2 - seemingly forever. If I stop pinging for 30 mins then a restart of pinging does use Wan1 - so it fails back eventually If I restore Wan1 and then remove Wan2, it fails back right away
My problem is with our VOIP which uses a connection keepalive so there is no real downtime for the router to release the path to WAN2 should it fail over how I can force the router to fail back to Wan1 without removing Wan2?
View 3 Replies
View Related
Jun 20, 2010
Our office of 40 employees has two internet connections: a fractional T1 (1.5Mbps up, 1.5 down) and an ADSL (386Kbps up, 6Mbps down). I have our RV082 configured in load balancing mode. Most of the high-bandwidth upstream protocols are bound to the T1 (FTP, SMTP, etc). HTTP is bound to the DSL in order to give users the fastest download experience.Things get fouled up when users attempt to upload via http (for instance, Youtube, Facebook, and Yousendit.com). Since the router recognizes the traffic as HTTP, it sends it up the very slow DSL line. Not only does the user experience long upload times, but downstream http traffic effectively grinds to a halt, due to the nature of ADSL (maximum download speed while uploading is 386kbps).
View 2 Replies
View Related
Jul 5, 2011
i have an ipsec tunnel between two rv082 routers. (1 v3 Hardware and the other with v2). On both devices are the latest firmware installed.
Everything working fine, the routers establish an ipsec connection but after about two hours, the router with hw version 3 freezes.... nor the wan neither der lan interface is pingable. I can only pull out the power cord. Below attached are the ipsec settings. It´s a Gateway to Gateway connection
View 7 Replies
View Related
Jun 23, 2012
Is there a way to implement unequal path cost load balancing without using EIGRP protocol?
View 8 Replies
View Related
Jun 26, 2012
I have a RV042 with a DSL (WAN1) and cable (WAN2) internet connection in Load Balance Mode. The DSL provider also provides internet telephony when registered via his line. When I disable the WAN2 port, my IP phone successully registers with the registration server of the DSL provider. I also defined protocol bindings for SIP (port 5060) and RTP (ports 5004 to 5020) to be bound to WAN1. My IP phone is set up to listen on only these ports. [code] With these protocol bindings in place when I re-enable WAN2, then after some time the phone reports "registration failed".Do I need to set something else apart from protocol binding to force the VoIP traffic to go via WAN1?
View 23 Replies
View Related
Jul 2, 2007
I have some problem connecting to sites when I'm using the router in Load Balancing mode on the 2 WAN. Looks that when a connection to a site is started with a WAN is not manteined with this one but jump from a wan to the other, causing, in some site like Home Banking to be disconnected every time. I would like to know if it's possible to configure the roouter in Load Balancing but Bindind the source and the destination IP address so the same wan will be used for the entire time this connection is up. In opther words the Load Balancing has a sense beetween connections not beetween the same connection.
View 9 Replies
View Related
Aug 16, 2011
We have Point to point T1 environment where 3 additional WAN sites get internet access through our RV042. When we setup load balancing we have problems with https traffic, so we setup protocol binding for https and everything worked great from the local LAN. When trying to access https content from the remote LAN across the WAN the sites failed and I see no option to add additional subnets to the protocol binding. Is there a command line feature that supports adding additional subnets for protocol binding or is the local LAN the only option?
View 7 Replies
View Related
Aug 7, 2011
Is it possible to use protocol binding to route pings only over the WAN1 connection, even if WAN1 fails? It seems like the protocol binding feature of the Linksys RV042 is ignored once WAN1 fails. I would like to use a ping from the LAN to an external IP to verify if the WAN1 connection is down, or is up and then use that information to power up, or power down a secondary communications system (WAN2). However, if the protocol binding is ignored when WAN1 fails, then I will not be able to use the ping to establish the state of WAN1 connection. Addtionally, is it possible to use protocol binding to only route pings and allow all other traffic to use either WAN connection? I have seen these feautures on a different brand of router that failsover to a cell connection, but it is not a true dual WAN router. It would be nice if the RV042 would allow this kind of control. Are there any other dual WAN routers out there that have this kind of protocol binding feature?
View 1 Replies
View Related
Jan 7, 2013
I'm in the process of finding a dual WAN router with VPN support, that allow me to redirect some traffic to one specific WAN port and do load balancing of that specific traffic in case of that WAN failing (this last requirement is preferably but isn't fully needed).
Does the RV042/G could work with that? In that case, does it allow protocol redirect only? What about ip/ports redirecting? Or some kind of packet filtering to redirect to specific WAN ports?
View 6 Replies
View Related
Oct 15, 2012
What the differences are between bandwidth management on WAN ports and protocol bindings?
If you can specify in each section which protocol should go where why having two places to configure this?Or are there some things to remind when using one of them?
View 3 Replies
View Related
Apr 23, 2013
I have a strange issue where im able to get an ipsec tunnel from tha cisco 1841 to a linksys/cisco RV016 for about a minute and ping/encrypt packets across the lin for about a minute before it goes down. I tried various configuration and it all results in the tunnel coming up for a minute then going down. I'm not sure if im hitting a bug and on which decide of if im doing something wrong.
RV016 firmware 2.0.18
cisco 1841: C1841-ADVENTERPRISEK9-M), Version 12.4(24)T
my config
no crypto isakmp default policy
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
[code]....
View 3 Replies
View Related
Dec 21, 2012
Region : Others
Model : TD-W8950ND
Hardware Version : V1
Firmware Version : 1.3.1 build 120406 Rel.32903n
ISP : PTCL
I am trying to establish IPSec VPN Tunnel between Linsys RV082 and TP-Link TD-W8950ND but failed.
View 1 Replies
View Related
Apr 8, 2011
How is the best and easiest way to check kind of load balancing on the routers using BGP (Border Gateway Protocol)?
View 6 Replies
View Related
Feb 22, 2012
this router (RV016v3, Firmware: v4.1.1.01-sp (Dec 6 2011 20:03:18)) in regards to it not properly directing UDP packets out of the right WAN, as per the settings stored in Protocol Binding section of [System Management, Multi-WAN].I use the section to direct all traffic from desktop computers (192.168.5.100 ~ 192.168.5.199) through WAN4, and all VoIP related traffic (192.168.5.200 ~ 192.168.5.239) through WAN2(PPPoE).Everything seems to be working well except for some of the UDP traffic from 192.168.5.200 which is seen in the log going out of WAN4 instead of WAN2.I have even created a new entry for [UDP/5060~5060]->192.168.5.200~192.168.5.200(0.0.0.0~255.255.255.255)WAN2, and placed it at the very top of the list.Here are a few lines that I've observed in the log: (Refreshed the registration of two SIP Trunks configured in our PBX)
Feb 23 18:11:47 2012 Connection Accepted UDP 192.168.5.200:5060->184.72.227.214:5060 on eth4
Feb 23 18:11:46 2012 Connection Accepted UDP 192.168.5.200:5060->50.56.59.168:5060 on ppp2
Feb 23 18:11:46 2012 Connection Accepted UDP 192.168.5.200:5060->184.72.227.214:5060 on eth4
Feb 23 18:11:46 2012 Connection Accepted UDP 192.168.5.200:5060->50.56.59.168:5060 on ppp2
There are no static routes configured, so i'm baffled by what could cause some of the UDP packets to go through the wrong WAN.All TCP Traffic from 192.168.5.200 is seen going though WAN2 as it should.
View 2 Replies
View Related
Feb 24, 2011
We have a network topology like 2821 router with MPLS link and 881 Router with DSL Connection(DMVPN).
MPLS Link runs in BGP
DSL Connection runs in EIGRP.
So the existing scenario is like When ever MPLS link goes down Traffic will be moved to DSL connection. and once it come again it will be moved back to DSL using HSRP we are doing this. in this case most of the times my DSL connection will be in standby mode.Now my management decided to use both the links in active state and want to do some load balance between the links for some specific traffic like Internet, WSUS Updates, Antivirus updates need to go through the DSL connection even the MPLS is up and running.
View 2 Replies
View Related
Apr 6, 2012
I have a rv042 router with two internet connections. I have setp the WAN1 and WAN2 and set the load balance mode. Surfing on internet is then not a problem and I checked that I was using the two internet connection.However if I try to connect to my corporate (OWA) outlook web access i am looping on the first page where I should provide my credentials.I know that most of the load balancer could be set up with a sticky bit to keep the session on the same WAN connection.
View 4 Replies
View Related
Mar 7, 2013
I bought one of these I am very disappointed by the management interface which is very limited/restricitve.I completely agree with Antonio here. In my case, most of my traffic is HTTPS sobinding https ports to a given WAN port makes the load balancing completely useless!!I also hope there will be a software update including the possibility to keep the session on the same WAN connection.
View 1 Replies
View Related
Jan 27, 2012
We are looking at purchasing and RV042 soon and have one cruitcial question. I am looking at having two internet connections running into the RV042. The only load balancing is going to be that all the VOIP traffic will go through one connection (eg WAN2) and then have all other traffic (such as web and email) through WAN1.
I am looking to have it so that if one of the internet connections goes down then it will failover EVERYTHING to the one that is working so both the VOIP and all the other traffic share the same connection until both WANs then go back online.
View 3 Replies
View Related
Oct 17, 2012
I am using a Cisco RV110W (Firmware 1.2.09) in a branch and I would like to create a VPN Tunnel to another site that has a Cisco RV042 (firmware v4.2.1.02)
What would be the correct Configuration? the current configuration I am using is
in the RV042 i am using
Check Enable
Local Group Setup
Local Security Gateway Type : IP Only
IP Address : RV042 Pulbic IP address
[Code].....
View 3 Replies
View Related
Feb 28, 2012
We have a RV016 load balancing between two broadband WAN connections. On protocols that are sensitive to a change in IP address such as ssh and https, if the client connection goes inactive for a short time (sometimes as short as 10 seconds), the RV016 often changes WAN connection as part of its "load balancing" feature. Most protocols do not even notice, but the more sensitive protocols do and often lock a session or timeout the session which is not a good thing.
We have been able to bind these sensitive protcolols to a particular WAN port but (in our minds) this is not an "ideal" situation. In fact I would consider this to be a broken "load balancing" solution and should be fixed.
View 7 Replies
View Related
Feb 13, 2012
I'm trying to setup a VPN between an RV042 V3 and an RV082 V2 router. They get connected but no traffic gets through the tunnel. I tried with and without firewall,DPD, Keepalive, forward secrecy but nothing worked. What should I do? I don't want to throw out the V2 routers. V3 to V3 connects fine.
View 1 Replies
View Related
Aug 21, 2012
I have a RV082 v2 with Firmware 2.0.2.01-tm with a Site-to-Site VPN to a Cisco ASA5510.
The PCs behind the RV082 can not see two webservers behind the ASA5510. Both servers have full DNS registration and are accessable from other sites with RV042 routers.
View 0 Replies
View Related
Jun 1, 2011
VPN tunnel backup is not available on the RV016 firmware version 4.0.2.08 (it IS on the RV082. The data sheet and the manual for the RV016 is wrong. I have purchased several RV016 hardware V3 and several RV082 hardware V3. Both have the same current firmware version. We have noted that the RV016 does not have the VPN tunnel failover option found in the RV082. It also does not have split DNS (noted in the manual. A I would have thought that the firmware would provide equal options on the RV042, RV082, and RV016.
View 2 Replies
View Related
Sep 8, 2011
According to the manual rv082, if you wan to use vpn.. check the enable
But I can't check enable botton... it's disable So i can't check
View 1 Replies
View Related
Aug 29, 2011
A customer of mine has two RV082 in different locations. The "main" router is providing a gateway-to-gateway VPN tunnel, and is also used by a few road warriors for VPN access. We've had some issues with the "main" router lately, so we've decided to exchange it for a brand new device (v3). The old RV082 was a hardware revision v2 device, so I had to manually rebuild the config on the new router. The new router is working fine so far - connectivity and gateway-to-gateway VPN are fine. IPsec Client VPN, however, doesn't work at all. The config of the new router is identical to the config of the old one, IPsec Client VPN used to work fine on the old router.
The router is running the latest firmware (v4.0.4.02-tm). I've been trying to make IPsec VPN work with "QuickVPNplus ver: 1.0.6" and the "Cisco QuickVPN Client v1.4.2.1". From what I understand, both programs first connect to the routers external IP and download some sort of VPN config file. The info in that file is then used to create the actual connection. The problem is that the config file is invalid. It contains HTML code instead of config data. This is the code: "<HTML><HEAD><meta http-equiv="refresh" content="0; URL=/cgi-bin/welcome.cgi"></HEAD><BODY></BODY></HTML>". The URL is the same I see when logging in to the admin interface of the router. The Cisco client tells me in its "wget_error.txt": "rwConnStart message=All 1 wget requests did not return a valid vpnserver.conf". Both clients connect to the router fine, and the config download itself is working - only the returned data is invalid.
I've already tried lots of stuff to make the problem go away - enabling/disabling the firewall, VPN passthrough options, and other things. I'm beginning to think that there may be a bug in the firmware I'm using, or that the way Client VPN works has changed in a way that makes connecting with a client implementing the "old" method impossible. By the way, PPTP is working fine, so we're using it as a temporary workaround. My client, however, isn't happy with this workaround - he bought a relatively expensive router so he can make use of its advanced features, after all.
View 8 Replies
View Related
Apr 18, 2012
I have a RV082 that has an issue keeping an IPSEC Gateway to Gateway VPN running from itself to our ASA 5510. At 8 hours of connectivity (I can almost set a clock to it) the Tunnel will say it is connected on the RV082 but on the ASA 5510 the tunnel is not up.
If I click on disconnect on the RV082 under the VPN Summary page things will come back up. from the ASA 5510 side there is nothing I can do to get things back (ping inside "vpn network" or even trying to make a connection to a networked VPN machine).
To make things more complicated I have another VPN on the RV082 to a PIX 506e that works with no issues. I also have another RV082 at another location with the same settings that keeps its tunnel with the ASA 5510 with out any issue. Some things I have tried to try and fix the issue are:
I upgrade the firmware on the Rv082 V3 from 4.0.0.7-tm (what it was shipped with) to 4.1.1.01-sp) - This seemed to have no effect.
on the RV082 I have changed the MTU from automatic to 1428 and 1452 - all this does is make the connection to the PIX 506e unstable like it is for the ASA 5510 I have changed this back to automatic.
since the time of stability seems to be 8 hours I have changed the "Phase 1 SA life time" and "Phase 2 SA life time" to 28800 both at the same time and individually - This seemed to have no effect.
The current configuration on the RV082 are:
Local security gateway type: IP Only
IP address: (local ISP provided static IP address)
[Code]......
View 19 Replies
View Related
Feb 18, 2013
I have an RV042 VPN tunnel with an RV082.The RV042 has a public IP Address obtained by PPPoE, the RV082 has a public IP Address obtained via Static IP.The problem I see is a really slow performance. Both internet conections are idle and the performance is about 2 or 3 kbyte/s My question are if I should I enable any of this:
- Agresive mode
- NAT Traversal
- IP Compresion
- Dead Pear Detection
How can I troubleshot this slow performance?
View 2 Replies
View Related
Oct 27, 2011
I'm using a RV082 with latest firmware v4.0.4.02tm in one of our branch offices. Sometimes the tunnel to the main office (IPCOP 1.4.21) fails.
Both sides display the status "tunnel connected" but IP traffic doesn't go through. If i try to ping the main office using the RV082 diagnostic feature, the RV082 seems to run into a loop...the window continues refreshing without any error message and i'm not able to cancel the test. If I restart the RV082 using the web interface, the "diagnose" and VPN problem still exists, even if the web interface told me that the device did a restart.
The only solution is to to a cold restart of the RV082. After that, the VPN tunnel works again....
This problem occurred 3 times in the last 3 weeks. I never hat this problem with previous firmware versions at this ot other sites.
View 1 Replies
View Related
Apr 23, 2012
We have about 9 1900 routers and 1 ASA 5510 for partail mesh VPN network. So 8 1900 connect to 1 1900 and ASA located in HQ and datacenter. All worked well however there is one site running really strange. The tunnel between 1900 is up for a while and down. Reboot router seems to be the only fix. But tunnel to ASA does not seem to be down at all.
The issue happened again today, we rebooted the router on site but tunnel still not up. DEBUG shows: deleting SA reason "Death by retransmission P1 "
I can see alot of Apr 24 19:57:55.271: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
To me it seems like the IDE packet sent but never got reply and timed out. I did also check on the other end, the HQ. All other tunnels are still running fine on that router, just this remote site. Plus I got the similiar output when debugging on HQ router.
One thing do notice though, there was no match on both router for the ACL to match/permit ESP traffic... I asked on-site staff to reboot the modem used in remote site.
View 3 Replies
View Related
Apr 4, 2011
Here is the situation: A CISCO871 router is configured to establish an IP SEC tunnel with a CISCO ASA5520. The configuration is OK about that. I wish to configure the same CISCO871 in order to establish a LAN-to-LAN IP sec Tunnel with another CISCO871 at the same time in order to reach private network. So, I have followed the Cisco procedure Document ID: 71462 "LAN-to-LAN IP sec Tunnel Between Two Routers Configuration Example"; it works, I can reach the peer private network BUT ONLY when the IP SEC tunnel with ASA is not established.
It seems to be a routing problem...I don't find how to configure to make both tunnels up and functional at the same time.
View 1 Replies
View Related
Jan 25, 2013
Our ISP supplies a Cisco SRP-521w router with our WIMax connection but I have had no experience with these and they look like a ex Linksys product? What they a like for use as a spoke router connected to the core hub (Cisco 2921 ISR G2)?We would be using a GRE Tunnel protected with IPsec 3DES encrypted.The SRP would be using PPPoE to authenticate to the ISP.Any known traps and limitations with the Cisco SRP-521w?We currently use a Cisco 877 for this but wanted to save them fr our adsl links
View 1 Replies
View Related
