Cisco Routers :: RVS4000 - IPSec VPN Tunnel / Cannot Ping From One Network To Other
Aug 5, 2011
I have a RVS4000 at one location and a second RVS4000 at home. I have established an IPSec VPN tunnel between them and it is UP. I can ping the routers from each end no problem. I can ping the IPs listed in the "Local Group Setup" and the "Remote Group Setup" from both ends no problem. I can even open up a shared resource from a Win 7 machine (e.g. by typing \10.10.10.100 in start-run from a computer on my home network).
But - i can't ping anything else on one network from the other. What gives? I need to access a 10.10.10.101 machine but can't even ping it.
- both RVS4000 boxes have latest firmware (V1.3.3.5)
- home RVS4000 setup with IP 10.10.11.1
- home network has a server with IP 10.10.11.20
- other location RVS4000 setup with IP 10.10.10.1
- other location server setup with IP 10.10.10.100
Tunnel settings on home RVS4000 (the other location properly mirror these).
- Local Security Gateway Type : IP Only
- Local Security Group Type : Subnet
[code]....
View 2 Replies
ADVERTISEMENT
Aug 29, 2011
I recently purchased a RVS 4000 (firmware V2.0.0.3) and am having some issues creating a second (third...fourth?) IPSec VPN Tunnel. The first one is up and running just fine. On the VPN Summary screen it says [1 Tunnels Used 4 Tunnels Available].
When I go to configure the second tunnel, I select --New-- from the "Select Tunnel Entry" drop down and proceed to fill in all the connection information. When I click Save, it seems to be processing and after a few seconds just returns me to the same screen, with none of the information I just input and no connection created. No errors given.
I have another RVS4000 to connect at a different location which will require a similar setup, but don't want to do anything with it until I have the one mentioned above working fully.
View 1 Replies
View Related
Oct 17, 2011
Can I have use a Gateway-to-Gateway IPSec tunnel whereby a user can surf the Internet using his local Internet connection and at the same time connect through the IPSec tunnel to a remote subnet using RVS4000 routers?
View 1 Replies
View Related
Nov 2, 2009
On my ASA5520 I am trying to do a IPSEC tunnel between two sites. When I ping the protected network on the other side I get this when debugging IPSEC:
IPSEC(crypto_map_check): crypt o map man map 20 does not hole match for ACL man1
Not too sure what this means...
View 11 Replies
View Related
Dec 26, 2010
Linksys Small Business VPN endpoint routers?
I have been trying for two days to setup a Linksys RVS4000 to a RVL200 IPSec tunnel and I can't get them to connect.
The internet is via optimum online home internet accounts. From what Cisco said, the ports necessary are 500, 4500, 443 and 60443.
View 17 Replies
View Related
Aug 6, 2011
I have succesfully config an IPSec VPN Tunnel by using a Router Scientific Atlanta Cisco 2320 and a RVS4000 4-Port Gigabit Security Router with VPN.On the site of Router Scientific Atlanta Cisco 2320 this is some info: [code] On the site of RVS4000 4-Port Gigabit Security Router with VPN this is some info: [code] Remember that you can not be on the same range of IP, I mean, you can not have 192.168.0.X if the remote network is on 192.168.0.X, you have to change some of the Routers.I show the configuration on Router Scientific Atlanta Cisco 2320: I show the configuration on RVS4000 4-Port Gigabit Security Router with VPN:If all is correctly configured, you should see on Router Scientific Atlanta Cisco 2320 the Status Connected:
If all is correctly configured, you should see on RVS4000 4-Port Gigabit Security Router with VPN the Status Up.As you can see, I'm connected to the remote Router (RVS4000 4-Port Gigabit Security Router with VPN) by my own web browser accesing by the local IP 192.168.0.10.I have used Authentication MD5, maybe is not the best one but I had no time to test SHA1, I will when I will have time.
View 1 Replies
View Related
Sep 13, 2011
I configured ASA5520 and RV042 for site-to-site IPSec VPN tunnel.Tunnel get connected, but no ping, no traffic between both end network.
Network:
=======
192.168.113.0/24----------192.168.113.6 -ASA--------public, static IP address------Cisco 2821--------Internet
192.168.10.0/24-----------192.168.10.1 -RV042-----public, static IP address------Cisco 2821--------Internet
ASA5520 config:
----------------------
name 192.168.10.0 VPN
!
interface GigabitEthernet0/1
nameif NET
security-level 100
ip address 192.168.113.6 255.255.255.0
[code]....
View 5 Replies
View Related
Oct 17, 2012
I am using a Cisco RV110W (Firmware 1.2.09) in a branch and I would like to create a VPN Tunnel to another site that has a Cisco RV042 (firmware v4.2.1.02)
What would be the correct Configuration? the current configuration I am using is
in the RV042 i am using
Check Enable
Local Group Setup
Local Security Gateway Type : IP Only
IP Address : RV042 Pulbic IP address
[Code].....
View 3 Replies
View Related
Aug 2, 2012
I have a IPSec tunnel that is working in one direction. Below is the router config from the side that can connect to the other side perfectly. I believe the issue is with this router as while I was waiting on delivery for the ASA I had an SRP527W sitting in it's place and had exactly the same problem.On one side I have a 887VA router and the other an ASA5505.The network behind the 887VA can access the remote site perfectly, backup services are traversing the link as are web interfaces for applications. In the other direction I can ping hosts but cannot connect. What else is interesting is if from the remote site I attempt to connect to a particular device that performs a port redirect the remote site browser gets so far as being redirected to port 5000 but then hangs.
I am seeing some very generic packet drop debug notices on the 887va on the NAT-ACL access list but I think this is as it should be as it is dropping the tunnel traffic from the NAT'ing.The config for the router is here, I will post the ASA config when I get to the other site shortly but I am convinced the issues is on this device, all the crypto configurations match.I have looked at the MTU's on each side, the path MTU on both sides is 1492. The asa does say the media MTU is 1500 but I believe that is the ADSL link so shouldnt matter?I even went so far as installing CCP and testing the VPN. It says the tunnel is up. It did state a failure:A ping with data size of this VPN interface MTU size and 'Do not Fragment' bit set to the other end VPN device is failing. This may happen if there is a lesser MTU network which drops the 'Do not fragment' packets. [code]
View 1 Replies
View Related
Oct 8, 2009
I'm replacing my RVS4000 with the RV180 but having VPN connection issues with the RV180. Let me know the VPN tunnels work perfectly fine on the RVS4000.I have configured my RV180 for 3 VPN tunnels. My ISP is Comcast (cable) Business class with a Static IP. First VPN tunnel is to another Comcast ISP and the VPN works flawlessly - connects immediately.Second VPN Tunnel is to Business class ISP (Verizon-NJ) and VPN will NOT connect.Third VPN Tunnel is to Business class ISP (Cox Network-VA) and VPN will NOT connect.I had opened both the RVS4000 and RV180 up on a browser and both settings from the units were idential. I reconnect the RVS4000, VPN tunnels work great, I unplug and reconnect the RV180, the Comcast VPN works, but the other two do not.From what the log is saying "[IKE] WARNING: no phase2 found" and the other says "[IKE] ERROR: remote identifier not found". It has to be something with the RV180 that I'm missing or possibly configuring incorrectly.
View 3 Replies
View Related
Oct 28, 2011
In an established IPSec VPN between a RVS4000 and IOS (2801), everything works great (RDP / UNC File Share / HTTP) - with the exception of SMTP and HTTPS.I can do pretty much everything over the tunnel that I need, except attempting to send anything over port 25 or 443, it's getting destroyed in the tunnel.I've completely disabled the firewall in the RVS4000 and on the IOS side, I just have an extended access list that permits the entire IP protocol. The tunnel works fine, as mentioned above, and stays up with no issues.
View 1 Replies
View Related
Jul 26, 2011
My RVS4000 router freezes up when a lot of data is being pushed through the Ipsec tunnel. Let me explain in detail.
On physical location A, I have an RVS4000 router (with IP 192.168.3.1) which is permanently connected with a WRVS4400 router (with IP 192.168.1.1) on physical location B. The Ipsec tunnel has been configured using the Easy Setup Wizard of Cisco and has been working fine and stable for months. Both routers have another Ipsec tunnel with another WRVS4400 router (with IP 192.168.2.1) on physical location C, but this router does not play a role in the problem below.Recently, I’m trying to set up a remote backup service between physical location A and B using “rsync”, which uses port 873. Due to the Ipsec/VPN tunnel, I could configure rsync to move the backup files from our NAS on location A (NAS has IP 192.168.1.2) directly to location B (NAS has IP 192.168.3.2). Both NAS-devices are of the brand Synology (DS211J). The Ipsec tunnel guarantees that the data is coded and thus secure.
However, when pushing the first batch of data, I noticed that the router on the receiving end (RVS4000) freezes up after approx. 1,5h after the batch has started, which is after approx. 1 gigabyte of data has been transmitted. The connection with the WAN is lost, also the VPN-tunnel is not working, I cannot ping the device or reach its configuration pages (on 192.168.3.1), the only option is unplugging it and letting it reboot. I’m thinking the router cannot deal with the huge amount of data that needs to be decoded. I tried 5/6 times, with always the same result (timing / amount of data pushed through before router freezes varies slightly).
View 11 Replies
View Related
Apr 16, 2013
I have a RVS4000 and I would like to setup a Ping monitoring from the outside to a device behind RVS on lan network. I have created a rule to allow a service PING for range from WAN 46.xxx.xxx.xxx - 46.xxx.xxx.xxx to host 192.xxx.xxx.xxx but unfortunately this is not working. I can confirm that I can ping host 192.xxx.xxx.xxx from diagnostics on RVS.
View 2 Replies
View Related
Jul 21, 2011
I'm trying to set up a VPN tunnel between a Linux machine and a RVS4000 at a remote site (served via satellite connection). After many efforts, I finally succeeded (based on Openswan). However, while PINGing is OK, big packets (from the RVS4000 LAN to the Linux box) arrive corrupted.
I lowered the WAN MTU, with no success. What finally did the trick is to lower the MTU at the RVS4000 LAN interface. Since this is not possible via the Web I/F, I did it via telnet ("ifconfig eth0 mtu 1400"). However, this change is lost after router reboot. How can I make the LAN MTU setting permanent?
View 1 Replies
View Related
Sep 22, 2012
Router connects to ISP but cannot browse the Internet. I have updated the firmware to 2.0.3.2 and that did not work. Reset the router to factory settings and that did not work either. Router had worked until the ISP changed the ONT. The router worked initally after the ONT was changed, but that changed sometime during the day as it did not work that night. The ISP gave me a netgear router and that works, so I can connect, but I would rather the RVS4000 would work. I assume a setting at the ISP, but do not know which one. I get an error on the computer "name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded" I can ping, tracert and my little weather gadget works, but a web page will not display
View 7 Replies
View Related
Dec 17, 2011
Using the latest Cisco QuickVPN, my Windows 7, 64 bit laptop processes the QuickVPN connection to the point where the laptop attempts to ping the router and verify the connection. Those pings fail.Windows firewall is ON and IPSEC is started on the laptop. I have tried Kaspersky's firewall both enabled and disabled with no change.
View 19 Replies
View Related
Apr 23, 2012
We have about 9 1900 routers and 1 ASA 5510 for partail mesh VPN network. So 8 1900 connect to 1 1900 and ASA located in HQ and datacenter. All worked well however there is one site running really strange. The tunnel between 1900 is up for a while and down. Reboot router seems to be the only fix. But tunnel to ASA does not seem to be down at all.
The issue happened again today, we rebooted the router on site but tunnel still not up. DEBUG shows: deleting SA reason "Death by retransmission P1 "
I can see alot of Apr 24 19:57:55.271: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
To me it seems like the IDE packet sent but never got reply and timed out. I did also check on the other end, the HQ. All other tunnels are still running fine on that router, just this remote site. Plus I got the similiar output when debugging on HQ router.
One thing do notice though, there was no match on both router for the ACL to match/permit ESP traffic... I asked on-site staff to reboot the modem used in remote site.
View 3 Replies
View Related
Apr 4, 2011
Here is the situation: A CISCO871 router is configured to establish an IP SEC tunnel with a CISCO ASA5520. The configuration is OK about that. I wish to configure the same CISCO871 in order to establish a LAN-to-LAN IP sec Tunnel with another CISCO871 at the same time in order to reach private network. So, I have followed the Cisco procedure Document ID: 71462 "LAN-to-LAN IP sec Tunnel Between Two Routers Configuration Example"; it works, I can reach the peer private network BUT ONLY when the IP SEC tunnel with ASA is not established.
It seems to be a routing problem...I don't find how to configure to make both tunnels up and functional at the same time.
View 1 Replies
View Related
Jan 25, 2013
Our ISP supplies a Cisco SRP-521w router with our WIMax connection but I have had no experience with these and they look like a ex Linksys product? What they a like for use as a spoke router connected to the core hub (Cisco 2921 ISR G2)?We would be using a GRE Tunnel protected with IPsec 3DES encrypted.The SRP would be using PPPoE to authenticate to the ISP.Any known traps and limitations with the Cisco SRP-521w?We currently use a Cisco 877 for this but wanted to save them fr our adsl links
View 1 Replies
View Related
Sep 26, 2012
We have 2 RV220W Routers installed in seperate offices. We are attempting to setup a IPSec tunnel between the two sites. So far we have been unsuccessful in getting this to work.On both sides, we are getting a successful connection established, but netiher site is recieving any packets. Both sides are transmitting packets though. We have exhausted our resources trying to figure out why.
View 4 Replies
View Related
Aug 26, 2012
I have a VPN working between two locations using WRV210s at each end. Now I'm looking to replace one 210 with a new RV110W. Can I get the two to work together? The config is quite different.
View 4 Replies
View Related
Jun 12, 2012
Is there any way to setup an IPSEC tunnel to be able to go from my subnet, 192.168.75.x and be able to reach anything on the other side of the tunnel, 192.168.X.X?
View 5 Replies
View Related
Jul 5, 2011
i have an ipsec tunnel between two rv082 routers. (1 v3 Hardware and the other with v2). On both devices are the latest firmware installed.
Everything working fine, the routers establish an ipsec connection but after about two hours, the router with hw version 3 freezes.... nor the wan neither der lan interface is pingable. I can only pull out the power cord. Below attached are the ipsec settings. It´s a Gateway to Gateway connection
View 7 Replies
View Related
Jan 19, 2013
I'm setting up a IPSec Tunnel between 3800 and 2600 routers over the internet.
Do I need to create a tunnel interface as they suggest in this document? [URL]
I just watched a couple of you tube videos saying I don't need to do that...
View 8 Replies
View Related
Jan 9, 2013
I have a cisco RV180W with a IPsec tunnel to the head office. The tunnel is working good, but if I reboot the RV180W, the tunnel don’t reconnect automatically, I need to go in the admin interface to IPsec Connections Status and press on Connect.Is there a way to make the tunnel connect automatically?
View 4 Replies
View Related
Jan 2, 2013
Is it at all possible to channel all/some data traffic through an established ipsec tunneled connection using the RVL200? I have successfully established an ipsec connection through RVL200 and RV042 routers and are able to connect to servers/computers behind it.Now I want to channel all or some traffic through the ipsec-tunnel for computers that reside on 192.168.1.0 subnet of RVL200 network.
Main office - RV042 router - 10.200.62.1
Remote office - RVL200 router - 192.168.1.1
I am trying to use the Advanced Routing option to add static routes but I am not 100% sure if I am configuring the routes correctly.To give an example of routing DNS requests for HOTMAIL.COM [65.55.72.183]: [code]For some reason this does not appear to work. I have also tried using the interface setting of WAN and tested - this also does not work.
View 10 Replies
View Related
Apr 7, 2012
i'm using an rv220W and i whant to know if is it possible to assign vpn traffic to a vlan when i setup an ipsec tunnel?
example:
Im using different vlans on my rv220W.
Vlan 10: engineers (ex: 192.168.1.0/27) no intervlan routing
Vlan20: sales (ex: 10.0.123.0/24) no intervlan routing
This is what i need: - An engineer is on the road and when he makes a ipsec vpn connection => assignd to the vlan "engineers" so he can access the server/pc's in that vlan.and when someone from the sales group starts a vpn connection he needs to be in the vlan "sales" so he can access his pc/data,...
View 15 Replies
View Related
Mar 14, 2013
We have tried a variety of options in an attempt to use Load Balancing (Protocol Binding) with an RV082 that has a site to site IPsec tunnel with another RV082. Both are v3.
Here is the issue. We have dual ISPs, one has great bandwidth, but we incur overages. The other has mediocre bandwidth, but has unlimited usage.
GROUP1 - We want most PCs to use the "unlimited" ISP for general surfing, email, etc. (Bound all ports for range of internal IPs to ANY dest to WAN1)
GROUP2 - We want to use the "faster" ISP for our VPN tunnel (mostly RDP and SIP traffic). (Bound all ports for range of internal IPs to ANY dest to WAN2)
So far everything works. The router will route traffic appropriately and GROUP 1 uses WAN1 and GROUP 2 uses WAN2.
Unfortunately, sometimes GROUP1 users need access to resources over the VPN (WAN2).
There is something not right with the routing. For example GROUP1 can ping and receive responses from devices on the other side of the tunnel, but GROUP1 can't access intranet sites on the other side of the tunnel. They also can't RDP to PCs on the other side of the tunnel.
Why does the router correctly route ICMP, but not RDP?
We've tried adding additional protocol binding rules for specific ports(80, 3389, etc) and ip ranges (both local and remote) to see if we could force GROUP1 traffic destined via VPN through WAN2, but it doesn't work.
Shouldn't VPN tunnels created and configured in the RVs not adhere to protocol binding? It just seems logical to me, but maybe I am missing something.
View 7 Replies
View Related
Apr 11, 2013
I'm trying to achieve a site-to-site ipsec tunnel to a Cisco ASA 5520. Most examples feature the ASA with a public interface that terminates the tuennel and a private network on another interface that the tunnel interacts with. Where my scenario differs is that the interface that accepts the tunnel is part of a public /29 network where I want the remaining hosts on that subnet to be able to route thrugh to the other end of the tunnel. My tunnel gets established, but any attempts to route via the IP assigned to that one interface result in the ASA rejecting traffic. If so, what configuration options should I consider?
View 5 Replies
View Related
Mar 13, 2013
Is it possible to have a site-to-site IPSEC tunnel between 2 identical RV110W routers?I basically want one of them to initiate a secure tunnel with the second so that computers from one router subnet see the computers from the other router subnet.
View 3 Replies
View Related
May 19, 2013
the RV110W IPSEC site-to-site tunnel, are there necessary 2 x public IPs for it to work, or only 1 public IP is enough? [code]If it works with 1 public ip, the "CLIENT" RV110W configuration should be straightforward (in Advanced VPN SetupRemote Endpoint i fill in the dyndns address?), but how do i setup "HOST" RV110W?
View 2 Replies
View Related
Sep 23, 2012
I'm in process of purchasing a new Cisco routers for our branches that will be used primary to enable IPSec virtual tunnel interfce with "tunnel mode ipsec ipv4". does the default IOS IP Base supports this feature? or i need to purchase DATA license or SECURITY license?
View 4 Replies
View Related
Nov 4, 2012
I need to check and possibly change which Network address is allowed down a tunnel and check our Phase 2 IPSEC proposal. How would I do this on a VPN3000?
View 3 Replies
View Related
