Cisco VPN :: 1900 Routers - IPSec S2S Tunnel Cannot Up

Apr 23, 2012

We have about 9 1900 routers and 1 ASA 5510 for partail mesh VPN network. So 8 1900 connect to 1 1900 and ASA located in HQ and datacenter. All worked well however there is one site running really strange. The tunnel between 1900 is up for a while and down. Reboot router seems to be the only fix. But tunnel to ASA does not seem to be down at all.
The issue happened again today, we rebooted the router on site but tunnel still not up. DEBUG shows: deleting SA reason "Death by retransmission P1 "
I can see alot of Apr 24 19:57:55.271: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
To me it seems like the IDE packet sent but never got reply and timed out. I did also check on the other end, the HQ. All other tunnels are still running fine on that router, just this remote site. Plus I got the similiar output when debugging on HQ router.
One thing do notice though, there was no match on both router for the ACL to match/permit ESP traffic... I asked on-site staff to reboot the modem used in remote site.

View 3 Replies


Cisco Routers :: Set A VPN IpSec Tunnel GW To GW Tunnel Between RV110W

Oct 17, 2012

I am using a Cisco RV110W (Firmware 1.2.09) in a branch and I would like to create a VPN Tunnel to another site that has a Cisco RV042 (firmware v4.2.1.02)
What would be the correct Configuration? the current configuration I am using is
in the RV042 i am using
Check Enable 
Local Group Setup
Local Security Gateway Type : IP Only
IP Address : RV042 Pulbic IP address


View 3 Replies View Related

Cisco WAN :: 871 / 5520 - L2L IPSec Tunnel Between Two Routers

Apr 4, 2011

Here is the situation: A CISCO871 router is configured to establish an IP SEC tunnel with a CISCO ASA5520. The configuration is OK about that. I wish to configure the same CISCO871 in order to establish a LAN-to-LAN IP sec Tunnel with another CISCO871 at the same time in order to reach private network. So, I have followed the Cisco procedure Document ID: 71462 "LAN-to-LAN IP sec Tunnel Between Two Routers Configuration Example"; it works, I can reach the peer private network BUT ONLY when the IP SEC tunnel with ASA is not established.
It seems to be a routing problem...I don't find how to configure to make both tunnels up and functional at the same time.

View 1 Replies View Related

Cisco Routers :: SRP-521w IPsec Protected GRE Tunnel

Jan 25, 2013

Our ISP supplies a Cisco SRP-521w router with our WIMax connection but I have had no experience with these and they look like a ex Linksys product? What they a like for use as a spoke router connected to the core hub (Cisco 2921 ISR G2)?We would be using a GRE Tunnel protected with IPsec 3DES encrypted.The SRP would be using PPPoE to authenticate to the ISP.Any known traps and limitations with the Cisco SRP-521w?We currently use a Cisco 877 for this but wanted to save them fr our adsl links

View 1 Replies View Related

Cisco Routers :: RV220W IPSec Tunnel Not Working

Sep 26, 2012

We have 2 RV220W Routers installed in seperate offices. We are attempting to setup a IPSec tunnel between the two sites. So far we have been unsuccessful in getting this to work.On both sides, we are getting a successful connection established, but netiher site is recieving any packets. Both sides are transmitting packets though. We have exhausted our resources trying to figure out why.

View 4 Replies View Related

Cisco Routers :: RVS4000 - Multiple IPSec VPN Tunnel

Aug 29, 2011

I recently purchased a RVS 4000 (firmware V2.0.0.3) and am having some issues creating a second (third...fourth?) IPSec VPN Tunnel. The first one is up and running just fine. On the VPN Summary screen it says [1 Tunnels Used  4 Tunnels Available].

When I go to configure the second tunnel, I select --New--  from the   "Select Tunnel Entry" drop down and proceed to fill in all the connection information. When I click Save, it seems to be processing and after a few seconds just returns me to the same screen, with none of the information I just input and no connection created. No errors given.

I have another RVS4000 to connect at a different location which will require a similar setup, but don't want to do anything with it until I have the one mentioned above working fully.

View 1 Replies View Related

Cisco Routers :: RV110W Replacement For WRV210 IPsec VPN Tunnel Between Them

Aug 26, 2012

I have a VPN working between two locations using WRV210s at each end. Now I'm looking to replace one 210 with a new RV110W. Can I get the two to work together? The config is quite different.

View 4 Replies View Related

Cisco Routers :: SRP541W / Setup IPSEC Tunnel To Be Able To Go From Subnet?

Jun 12, 2012

Is there any way to setup an IPSEC tunnel to be able to go from my subnet, 192.168.75.x and be able to reach anything on the other side of the tunnel, 192.168.X.X?

View 5 Replies View Related

Cisco Routers :: RV082 Freezes Every 2 Hours When Using Ipsec Tunnel

Jul 5, 2011

i have an ipsec tunnel between two rv082 routers. (1 v3 Hardware and the other with v2). On both devices are the latest firmware installed.
Everything working fine, the routers establish an ipsec connection but after about two hours, the router with hw version 3 freezes.... nor the wan neither der lan interface is pingable. I can only pull out the power cord. Below attached are the ipsec settings. It´s a Gateway to Gateway connection

View 7 Replies View Related

Cisco WAN :: Setting Up IPSec Tunnel Between 3800 And 2600 Routers?

Jan 19, 2013

I'm setting up a IPSec Tunnel between 3800 and  2600 routers over the internet.
Do I need to create a tunnel interface as they suggest in this document?  [URL]
I just watched a couple of you tube videos saying I don't need to do that...

View 8 Replies View Related

Cisco Routers :: RVS4000 - IPSec VPN Tunnel / Cannot Ping From One Network To Other

Aug 5, 2011

I have a RVS4000 at one location and a second RVS4000 at home.  I have established an IPSec VPN tunnel between them and it is UP.  I can ping the routers from each end no problem.  I can ping  the IPs listed in the "Local Group Setup" and the "Remote Group Setup" from both ends no problem.  I can even open up a shared resource from a Win 7 machine (e.g. by typing \ in start-run from a computer on my home network).
But - i can't ping anything else on one network from the other.  What gives?  I need to access a machine but can't even ping it.  
- both RVS4000 boxes have latest firmware (V1.3.3.5)
- home RVS4000 setup with IP
- home network has a server with IP
- other location RVS4000 setup with IP
- other location server setup with IP
Tunnel settings on home RVS4000 (the other location properly mirror these).
  - Local Security Gateway Type :  IP Only
  - Local Security Group Type : Subnet

View 2 Replies View Related

Cisco Routers :: RV180W IPsec Tunnel Don't Connect Automatically After Reboot

Jan 9, 2013

I have a cisco RV180W with a IPsec tunnel to the head office. The tunnel is working good, but if I reboot the RV180W, the tunnel don’t reconnect automatically, I need to go in the admin interface to IPsec Connections Status and press on Connect.Is there a way to make the tunnel connect automatically?

View 4 Replies View Related

Cisco Routers :: RVL200 IPSEC Channel All Or Some Data Traffic Through Tunnel

Jan 2, 2013

Is it at all possible to channel all/some data traffic through an established ipsec tunneled connection using the RVL200? I have successfully established an ipsec connection through RVL200 and RV042 routers and are able to connect to servers/computers behind it.Now I want to channel all or some traffic through the ipsec-tunnel for computers that reside on subnet of RVL200 network.
Main office - RV042 router -
Remote office - RVL200 router -
I am trying to use the Advanced Routing option to add static routes but I am not 100% sure if I am configuring the routes correctly.To give an example of routing DNS requests for HOTMAIL.COM []: [code]For some reason this does not appear to work. I have also tried using the interface setting of WAN and tested - this also does not work.

View 10 Replies View Related

Cisco Routers :: Rv220W / Assign Vpn Traffic To A Vlan When Setup An Ipsec Tunnel?

Apr 7, 2012

i'm using an rv220W and i whant to know if is it possible to assign vpn traffic to a vlan when i setup an ipsec tunnel?
Im using different vlans on my rv220W.
Vlan 10: engineers (ex: no intervlan routing
Vlan20: sales (ex: no intervlan routing
 This is what i need:  - An engineer is on the road and when he makes a ipsec vpn connection => assignd to the vlan "engineers" so he can access the server/pc's in that vlan.and when someone from the sales group starts a vpn connection he needs to be in the vlan "sales" so he can access his pc/data,...

View 15 Replies View Related

Cisco Routers :: RV082 V3 Load Balancing (Protocol Binding) With IPsec Tunnel?

Mar 14, 2013

We have tried a variety of options in an attempt to use Load Balancing (Protocol Binding) with an RV082 that has a site to site IPsec tunnel with another RV082. Both are v3.
Here is the issue. We have dual ISPs, one has great bandwidth, but we incur overages. The other has mediocre bandwidth, but has unlimited usage.
GROUP1 - We want most PCs to use the "unlimited" ISP for general surfing, email, etc. (Bound all ports for range of internal IPs to ANY dest to WAN1)
GROUP2 - We want to use the "faster" ISP for our VPN tunnel (mostly RDP and SIP traffic). (Bound all ports for range of internal IPs to ANY dest to WAN2)
So far everything works. The router will route traffic appropriately and GROUP 1 uses WAN1 and GROUP 2 uses WAN2.
Unfortunately, sometimes GROUP1 users need access to resources over the VPN (WAN2).
There is something not right with the routing. For example GROUP1 can ping and receive responses from devices on the other side of the tunnel, but GROUP1 can't access intranet sites on the other side of the tunnel. They also can't RDP to PCs on the other side of the tunnel.
Why does the router correctly route ICMP, but not RDP?
We've tried adding additional protocol binding rules for specific ports(80, 3389, etc) and ip ranges (both local and remote) to see if we could force GROUP1 traffic destined via VPN through WAN2, but it doesn't work.
Shouldn't VPN tunnels created and configured in the RVs not adhere to protocol binding? It just seems logical to me, but maybe I am missing something.

View 7 Replies View Related

Cisco Switching/Routing :: 1800 / 1900 / Unable To Receive Multicast Over GRE Tunnel

Sep 1, 2012

I setup a GRE tunnel between two cisco 1800 & 1900 routers. I can't received multicast.
Here is a copy of my configs:
R3#Building configuration...
Current configuration : 1238 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname R3!boot-start-markerboot-end-marker!logging message-counter syslog!no aaa new-modeldot11 syslogip source-route!ip cefip multicast-routing no ipv6 cef!multilink bundle-name authenticated!archivelog config  hidekeys! interface Loopback0ip address!interface Tunnel0ip address pim sparse-modetunnel source Loopback0tunnel destination!interface FastEthernet0/0ip address pim sparse-modeduplex autospeed auto!interface FastEthernet0/1ip address pim sparse-modeduplex autospeed auto!interface Serial0/0/0no ip addressshutdownno fair-queueclock rate 2000000!        router eigrp 1network auto-summary!ip forward-protocol ndno ip http serverno ip http secure-server!control-plane!line con 0line aux 0line vty 0 4exec-timeout 5 0privilege level 15no login!scheduler allocate 20000 1000end


View 3 Replies View Related

Cisco Routers :: IPSEC Site-to-site Tunnel Between 2 X RV110W Routers?

Mar 13, 2013

Is it possible to have a site-to-site IPSEC tunnel between 2 identical RV110W routers?I basically want one of them to initiate a secure tunnel with the second so that computers from one router subnet see the computers from the other router subnet.

View 3 Replies View Related

Cisco Routers :: IPSec Site-to-site Tunnel Between 2 X RV110W Routers

May 19, 2013

the RV110W IPSEC site-to-site tunnel, are there necessary 2 x public IPs for it to work, or only 1 public IP is enough? [code]If it works with 1 public ip, the "CLIENT" RV110W configuration should be straightforward (in Advanced VPN SetupRemote Endpoint i fill in the dyndns address?), but how do i setup "HOST" RV110W?

View 2 Replies View Related

Cisco WAN :: 1941 Router - Enable IPSec Virtual Tunnel Interface With Tunnel Mode IPv4

Sep 23, 2012

I'm in process of purchasing a new Cisco routers for our branches that will be used primary to enable IPSec virtual tunnel interfce with "tunnel mode ipsec ipv4". does the default IOS IP Base supports this feature? or i need to purchase DATA license or SECURITY license?

View 4 Replies View Related

Cisco Routers :: RVS4000 To Use A Gateway To Gateway IPSec Tunnel

Oct 17, 2011

Can I have use a Gateway-to-Gateway IPSec tunnel whereby a user can surf the Internet using his local Internet connection and at the same time connect through the IPSec tunnel to a remote subnet using RVS4000 routers?

View 1 Replies View Related

Cisco VPN :: Site To Site IPSec Tunnel With Two 880 Routers?

May 9, 2012

I want a site to site vpn ipsec tunnel there wants to use two Cisco 880 routers that are connected to a modem / router is this possible?

View 12 Replies View Related

Cisco VPN :: 1800 - 1900 - Connection Between Routers Disrupted Suddenly?

May 30, 2013

We have a vpn setup in our office, the setup is done by our ISP and they said this is a webvpn.Since when I join the company the vpn between the head office and the site office is working fine and there is no changes made on the setup of the routers.

Then suddenly is not communicating... Our router Cisco 1800 from head office can ping the route Cisco  1900 on the site office, but the site office cannot ping.Why the router of head office can ping the site office router, and the site cannot? What is causing this situation?

View 0 Replies View Related

Cisco VPN :: Ipsec Tunnel Between Two 881

Oct 19, 2011

- Ipsec tunnell between two 881's
- An Aruba access point trying to set up a tunnell back to controller through the ipsec tunnell, on udp 4500
- Even though traffic shouldn't be NAT'ed (and other traffic is not), udp 4500 is NAT'ed
I guess this might be default behaviour, thing is that it used to work when it was set up as a route based easy vpn.

View 1 Replies View Related

Cisco Routers :: Can RV042G IPSec VPN Support Apple IOS IPSec VPN

Apr 29, 2013

I tried any type of combination and just couldn't make it works.  Only PPTP works well. Whether Apple iOS IPSec VPN is supported or not?

View 11 Replies View Related

Cisco :: How To Create Ipsec Tunnel

May 4, 2011

how to create ip sec tunnel using these parameters. customer ip where tunnel has to be connected

ISAKMP Parameters: (Phase I)
Encryption: AES-256 or 3DES
Authentication Mode: Pre-shared key


View 4 Replies View Related

Cisco :: IPsec VPN Tunnel Between 2820 And 871?

Mar 9, 2011

We have a Cisco 2820 that serves as a hub and our spokes are Cisco 871s. Its been working for a while and for some reason last week. Http and https traffic over the tunnel is having connection issues. I can Remote desktop or PCanywhere into the remote PCs. From that PC I can ping internal IP address or IP of the webmail server or internal webserver with no issue. But if I access it over the browser it times out or it will work and stop working again. Basically ica, icmp, pcanythere, rdp traffic works over the tunnel but not http or https.

View 2 Replies View Related

Cisco VPN :: Force Use Of NAT-T On IPSEC L2L Tunnel

May 4, 2011

can I force an IPSEC L2L tunnel to use NAT-T encapsulation no matter what? Automatic detection says none of the endpoints are behind NAT. I know I can disable it by the "crypto map XXX set nat-t-disable" command, but I want the exact opposite.
I have a very strange issue where asynchronos routing is making my life as a technician very hard.
A side question; Can I do something about an ISP that is policy-base-routing its ESP traffic (and/or translating it)?
ASA5505 ===>===>===> ISAKMP traffic ===>===>===> ASA5510                                                        (traffic source IP:


View 3 Replies View Related

Cisco VPN :: ASA Or 871 IPSec L2L To SSG-140 - Tunnel Is Up But No Traffic

Aug 8, 2012

i am curently troubleshooting a ipsec l2l VPN between
1. ASA 7.2(4) to SSG-140
2. Cisco 871W to SSG-140
In both scenario's the tunnel is nicely established, and traffic goes into the tunnel, but nothing comes out. All encap's, but no decap's                    
It seems like a routing issue, but we can not find anything on both sites.
So maybe i m running into a (known) issue between cisco VPN equipment and the SSG-140?
Could it be a proxy-id issue? Cause they configure stuff like and i configure

View 7 Replies View Related

Cisco VPN :: PIX-501 IPSec To Configure Tunnel

Mar 24, 2011

I'm attempting to configure a tunnel on a PIX-501 version 6.3. It's an old device that's due to be replaced soon, but unfortunately we need a tunnel now... I have been using this document as a reference (6211): URL ,The remote end is a sonicwall.
The problem seems to be that the pix never sees the interesting traffic for the tunnel, and never tries to initiate a connection. I have enabled crypto ipsec and crypto isakmp debugs, but no data is ever displayed, even when attempting to access a device on the remote side of the tunnel! Someone had tried to set up this device with some tunnels in the past, but was never successful, so I'm thinking there might be remaining commands in the running-config causing problems.

View 7 Replies View Related

Cisco VPN :: 887 - Static NAT With IPSec Tunnel

Oct 29, 2012

configuring some static NAT entries on a remote site 887 router which also has a IPSec tunnel configured back to our main office. 
I have been asked to configure some mobile phone "boost" boxes, which will take a mobile phone and send the traffic over the Internet - this is required because of the poor signal at the branch.  These boxes connect via Ethernet to the local network and need a direct connection to the Internet and also certain UDP and TCP ports opening up.
There is only one local subnet on site and the ACL for the crypto map dictates that all traffic from this network to our head office go over the tunnel.  What I wanted to do was create another vlan, give this a different subnet.  Assign these mobile boost boxes DHCP reservations (there is no interface to them so they cannot be configured) and then allow them to break out to the Internet locally rather than send the traffic back to our head office and have to open up ports on our main ASA firewall. 
So I went ahead and created a separate vlan and DHCP reservation and then also followed the guidelines outlined above about using a route-map to stop the traffic being sent down the tunnel and then configured static NAT statements for each of the four ports these boost boxes need to work.  I configure the ip nat inside/outside on the relevant ports (vlan 3 for inside, dialer 1 for outside) The configuration can be seen below for the NAT part;
! Denies vpn interesting traffic but permits all otherip access-list extended NAT-Trafficdeny ip ip ip


View 1 Replies View Related

Cisco :: L2L IPSec Tunnel - ASA To 3800 Router

Mar 3, 2011

I have been struggling for a few days with getting site-to-site traffic working across a L2L IPSec tunnel. At this point, I have the tunnel up, and I see packets being decrypted on the correct IPSec SA's when I ping from a local network computer on the ASA side to a local network computer on the router side. I cannot ping from one side to the other, but those packets are getting through. We have another L2L tunnel that is from that ASA to another remote site's ASA, and that is functional. I have mirrored the configuration for ACLs, etc. from that site, so I believe that the issue is with the packets getting incorrectly translated by the NAT/NONAT statements/ACLs on the router side.

View 8 Replies View Related

Cisco :: Reach Second LAN Over Existing IPSec Tunnel?

Nov 28, 2012

since a few days I'm trying to solve a problem. I've successfully established an IPSec tunnel between two local LANs. In the main office I'm working with a ASA5510 CLI 8.4 and a static public IP address. The branches are using different Cisco 8xx routers and dynamic public IP address. The following picture shows the current configuration:As I mentioned an IPSec Tunnel between the main office "Intern"-LAN and an outside LAN is successfully established. Now there is a new intern "Admin"-LAN at the main office. The users from the outside LAN need the possibility to reach this new intern "Admin"-LAN.Can I simply route the traffic from to via the existing IPSec-Tunnel? Or need I a new IPSec tunnel between the outside LAN and the new "Admin"-LAN

View 5 Replies View Related

Cisco :: DNAT / SNAT After IPSec Tunnel

Aug 24, 2012

I'm going to implement a S-2-S VPN IPSec connection between 2 locations and I've to NAT incomming and outgoing traffic.

View 4 Replies View Related

Copyrights 2005-15, All rights reserved