Cisco VPN :: Can't Establish Site-to-site VPN Between RV042 And RV220W
Sep 3, 2012
I'm trying to establish a site to site VPN using ipsec between an RV220W in the UK and an RV042 in Italy to no avail.The RV042 tells me it's "waiting for a connection" and it gives 0.0.0.0 as the remote address (i'm using Dynamic addressing at both ends). I can ping the remote address with a response.The basic parameters I'm using is 3DES with SHA1, but the RV042 offers an option for Perfect Forward Secrecy which the RV220W does not (I've tried toggling this) and the RV220W offers and Extended Authentication mode which I can't see on the RV042.
View 2 Replies
ADVERTISEMENT
Dec 19, 2011
As you can see i have problems with connecting 2 SRP521W together for an VPN tunnel. I tried as much as I can but now i dont know what to do or how and where is the mistake? the connection between these two devices was there last week, after weekend (nothing changed in configs) the connection suddenly was interrupted, without any reason or warning. another day it worked again and 20 mins later connection was dead again...and now it wont establish at all.. here are some screenshots from the vpnconfigs of my devices. one has a static IP the otherone uses FQDN. These are the IKE policies: Here the IPsec Policies: and the GRE policies:
View 10 Replies
View Related
Nov 13, 2011
our customer unfortunately uses a Watchguard.Finally we could establish a site-to-site vpn connection.To test if the connection re-establish again, we cleared our vpn session by "clear crypto isakmp <session id>" and after that "clear crypto sa <ip address of the peer>"After that, the session is down on our site, but the watchguard keeps the Phase I still up, either the deleting messages from our cisco are visible in the watchguard log files.Watchguard helpdesk told us, that the messages are only seen as a deletion message for Phase II, therefore Watchguard keeps Phase I up and running.Here you could see the cisco 7206 log messages aftre the clear commands:
: Nov 10 13:22:06.508 MEZ: IPSEC(delete_sa): deleting SA,
2011-11-10 13:22:06 Local7.Debug 649460013: : (sa) sa_dest= <local peer>, sa_proto= 50,
2011-11-10 13:22:06 Local7.Debug 649460014: : sa_spi= 0xEB0AE65A(3943360090),
2011-11-10 13:22:06 Local7.Debug 649460015: : sa_trans= esp-aes 192 esp-sha-hmac , sa_conn_id= 669,
2011-11-10 13:22:06 Local7.Debug 649460016: : (identity) local= <peer>, remote= <peer>
[code]....
In my opinion, it looks ok and we do not have problems with other VPN devices with this kind of tests.what could be done that the watchguard deletes Phase I, too? Or that an explicit Phase I deletion message is created and sent by our cisco 7206?
View 3 Replies
View Related
Feb 17, 2013
We have configured a site to site tunnel from our ASA to another organizations Cisco 3030. It appears to have just one way initiation. We can do a ping to a device on the remote site and it will ping just fine. however, when the tunnel needs to be initiated from the remote site, it will not work until we have initiated the tunnel and then everything works.
I continue to see Error processing payload: Payload ID: 1 errors on the ASDM logs.It appears that all the configuration is in place because we can in fact establish the IPSec tunnel unidirectional. And once established, traffic can flow bidirectional.
View 1 Replies
View Related
Dec 27, 2012
Last week, I was able to establish a site-to-site VPN tunnel between an ASA 5505 and Cisco C881 router just fine. The tunnel was up and and running for a number of days but today the tunnel is no longer up. I was wondering how, if there are any commands to re-establish or re-initiate the tunnel.
View 3 Replies
View Related
Jul 26, 2011
I'm trying to establish site to site VPN between ASA5510 to ASA5520, scenario. [code] our Vendor said to nat the local network to specific ip and use that ip as local pool,here the configuration details [code] i create static nat but its doesn't work for me phase 1 is not up, how to create nat local network to 10.10.10.10.
View 9 Replies
View Related
Jul 29, 2012
It is required to setup site to site vpn between cisco 7200 and checkpoint firewall.But tunnel won't establish and following error occured. It's difficult to troubleshoot because other end managed by different party. In our side udp port 500 opened.
View 8 Replies
View Related
Dec 18, 2011
Can I use a single Public IP address for both Internet access and site to site vpn access?If not, can I configure the RV220W as a bridge and still use it via another gateway configured for vpn passthrough as a VPN appliance/server on the LAN?
View 3 Replies
View Related
Dec 23, 2011
I have two Cisco RV220W routers and I would like to realy DHCP from the home office to the remote office accross the IPsec Tunnel. Is this possible and if so how?
I have already gone into the IPv4 LAN (Local Network) settings on the remote router and set the DHCP mode to "DHCP Relay" providing the internal ip address of the home office router as the remote DHCP server.
View 1 Replies
View Related
Jul 22, 2012
I have a site to site VPN tunnel configured between a rv220w and rv180. Everything works fine going from site to site on LAN connections. I'm now trying to tie in the remote site wireless (rv220w side) by pointing radius to my ACS server which is on the other side of the site-to-site tunnel but it seems as though it doesnt route across the site to site tunnel. If i put a radius server on the local lan on the remote site that authentication works fine. I have confirmed there are no ACL problems. the RV220W capable of using a radius server across the vpn tunnel?
View 1 Replies
View Related
Jan 13, 2012
I have recently bought two CISCO routers RV220W for our main and brach office mainly for VPN tunneling. I didnt know they are routers only not modems. so I have set it up using BT 2wire Router as modem only.
I have successfuly setup the routers and manage to establish the VPN tunneling between two routers. AS bt doesnt give static WAN IP address so I have used Dyndns which works fine. although I have 5 static ip address which cannot be used for WAN unless i cahnge to one IP address even then BT tech said it will not work.
when I created the tunnel i could ping both servers with their IP only not with the names. I can ping them fine locally. I could also see the network from branch office to main office but not from main office to branch office. today when I restarted the server I cannot ping both server i mean vice versa but VPN tunnel is established. now I cannot see the network from branch office to main office as well.
Both sites running windows server 2008 standard. main office server has 6 NIC cards two wwith public and three with private ip addresses, its also runing Terminal server, exchange, file etc. the branch office has two NIC card one with private and one with public ip. Intially I could establish the VPN tunnel as the network range was same on both sites so I changed one in th e10.0.0.0 range other in 192.168.1.0 range and VPN tunnel was established straightaway.
As soon as the VPN tunnel was created I manage to creat an external trust without any problems and both servers are added in each other forward zones as name servers.
in the main office the fues went off and I had to re-start the router and now the VPN tunnel is not establishing, mainly the error is ISAKMP-SA Expired I will paste the log of both routers below
1. How to Clear Old or Existing Security Associations (Tunnels) on RV220W
2. how to fix the problem where I can ping the server with their IP as well as domain names ?
3. how to set it up so that both sides can see the network resources as well as access it ?
4. how to set it up so if the staff in branch office wants to log on the domain in main office he can simply do it as he does it in his office.
View 7 Replies
View Related
Jun 1, 2012
For the purpose of a remote backup between 2 QNAP NAS devices, I have setup a site to site VPN using 2 Cisco RV220W routers. Although VPN connects just fine, I can only access Network B from network A, but not the other way around. I believe it could be related to ip ranges/subnets.IPSec VPN connects successfully (IPSec SA Established)From network A I can connect to any device on network B (qnap smb, ssh, cisco web interface, printer, laptops, etc)From network B, I can ping any device on network A, I can access the cisco web interface from network A, and nothing else. If I try to access the web interface for the qnap on network A from a device in network B, no luck, it seems to hang. I also tried issuing a wget command from the qnap (ssh) on network B to fetch the web interface of the qnap on network A, and it says connected, but then hangs. I've tried lots of different settings (creating static routes, dynamic routes, changing subnets, etc), but without any luck.
View 0 Replies
View Related
Jan 9, 2012
I'm looking to get a remote office RV220W connected to my ASA5510. I have several PIX 501 and ASA5505's connected to the ASA5510.
I've setup everything similar that I can think of though I'm still not connecting.
IKE Policy:
Direction: Initiator
Exchange mode: Aggressive (for using FQDN Ident)
Remotes are all DHCP, so setup Local Identifier on RV220W as FQDN and typed in a FQDN for the remote RV220W. That is the same name I used for the Tunnel-Group on the ASA. Remote is IP, ASA is setup to send IP for Ident.
IKE SA:
3DES, SHA, DH2, 28800
VPN Policy:
Auto Policy, Remote Endpoint IP
[Code]....
View 3 Replies
View Related
Dec 29, 2012
Is there a way to set up a Site-to-site VPN between RV042 & Cisco 2911? I "googled" this and obtained a document, but it is not regarding Cisco 2911: [URL]
Routers are needed to setup it successfully. I have tried on both routers several configuration steps, no success...
View 3 Replies
View Related
Mar 25, 2013
I have no problem configuring both devices to successfully connect when the juniper firewall isn't in the picture. But due to policy; the RV042 at our main site must sit behind the firewall.
I've got the port forwarding setup but I'm not able to connect. I know I"m missing some configuration on the RV042 but I can't think of it! I've attached a GIF to give an example of both setups.
View 3 Replies
View Related
May 7, 2012
I am trying to set up a Site to Site between two RV042 with static IP at both routers.at the log at site 1 i get: packet from XX.XXX.XX.167:5: initial Main Mode message received on 10.2.32.1:500 but no connection has been authorized with policy=PSK.At site 2 i get: packet from xxx.xxx.xxx.146:500: initial Main Mode message received on 192.168.1.1:500 but no connection has been authorized with policy=PSK.I have tuned off the firewall and added a Port forwarding to the router ip and port 500.Tried with different autentication methods, but get the same message.
View 1 Replies
View Related
Jul 6, 2012
how to configure a site-to-site VPN between RV042 router and 1941 router?
View 0 Replies
View Related
Apr 23, 2013
I have got two CISCO RV042 .I need to configure a site to site VPN .
View 1 Replies
View Related
Nov 28, 2012
I recently bought two RV042s to create a site to site VPN for a client. I have several of these setups installed at other locations but this is the first version 3 hardware I've used.It seems like the dynamic IP functionality of the VPN setup may not be working correctly. I've verified all settings on each router match and have deleted/recreated the setup several times just to make sure. Here's the logs from the router with a static IP.
Nov 29 06:49:51 2012 VPN Log (g2gips0): deleting connection
Nov 29 06:49:51 2012 VPN Log added connection description (g2gips0)
Nov 29 06:49:51 2012 VPN Log listening for IKE messages
Nov 29 06:49:51 2012 VPN Log forgetting secrets
Nov 29 06:49:51 2012 VPN Log loading secrets from '/etc/ipsec.d/ipsec.secrets'
Nov 29 06:49:51 2012 VPN Log (g2gips0): cannot initiate connection without knowing peer IP address
Nov 29 06:49:51 2012 VPN Log (g2gips0): cannot initiate connection without knowing peer IP address
I've tried both dynamic IP + email and dynamic IP + FQDN to authenticate the router using the dynamic IP and both give the same error as above.I did a firmware update hoping to fix PPPoE which seemed to be broken with a Netopia modem in bridge mode so both routers are on the latest firmware, v4.2.1.02.
View 18 Replies
View Related
Oct 15, 2012
May I know can the 2 models WRVS4400N and RV042 perform site-to-site vpn with each other?
View 1 Replies
View Related
Mar 7, 2013
I configured every thing in both site, there is a connection between my sites BUT I can't access my resources from Site B with it has RV042. It also shows that it connected to my ASA in Site A but there is no traffic between sites !!! I don't know what should I do now ?
View 2 Replies
View Related
Jan 24, 2013
I have an RV042 connected to another RV042 via site-to-site VPN. The tunnel has been solid for months, but when I did an actual read/write test between PCs at either endpoint, the speeds were quite slow.
Endpoint A has a line speed of 25/5.
Endpoint B has a line speed of 50/7-ish.
Read/write test from A to B was about ~3 write and ~7 read. Does this sound normal for these routers? I was hoping for better performance than that.
View 1 Replies
View Related
Nov 8, 2012
My problem is VPN Site2Site between Cisco and Linksys routers: after a troubles vpn tunnel now seems up but no data is passed accross tunnel.This is configuration of Linksys RV042 (Firmware Version: 1.3.12.6-tm, seems last for this hardware [code]
View 1 Replies
View Related
May 18, 2012
I have a requirement to create a site to site vpn tunnel on ASA 5510 from a remote site to my HO, ihave already other site-to-site tunnels are up and running on the ASA.The issue is my remote site has got the network address which falls in one of the subnet used in HO(192.168.10.0/24).My requirement is only My remote site need to accees couple of my servers in HO which is in 192.168.200.0/24 subnet.
View 2 Replies
View Related
Jun 17, 2012
We have ordered a pair of Cisco ASA5520 (ASA5520-BUN-K9).Now there is a requirement to terminate site-to-site VPN from remote site. Do we need VPN plus licence for this and how much it cost?
View 1 Replies
View Related
Jun 13, 2012
The scenario where a Site to Site VPN tunnel has been established between Site A and Site B. Lan on Site A can ping Lan on Site B. My problem is a Printer behind Site B needs to be accessed by using the WAN IP address of Site A. Also i could not ping the remote lan or printer from the router.
Below are my configure on the Cisco 877 in site A.
Building configuration...
Current configuration : 5425 bytes
!
! Last configuration change at 15:09:21 PCTime Fri Jun 15 2012 by admin01
!
version 12.4
no service pad
[code]....
View 1 Replies
View Related
Oct 11, 2011
cisco products and am struggling getting a VPN going between an ASA 5505 and 5510. I have a VPN created (using the VPN wizward on both) and it shows the VPN is up, but I can't ping the remote site (from either side).
View 11 Replies
View Related
Feb 7, 2011
I have ASA 5505, i configured site to site vpn between central site and remote site and is working. Now the problem is we use remote site for troubleshooting purpose, so we need to create a tunnel from remote site to central site. I need to configure such a way that remote site can craete a tunnel to central site, but central site not able to create a tunnel, it just respond to remote site.
View 3 Replies
View Related
Mar 6, 2011
i have 2 router asa 5505 with base license i wanna make site to site vpn connection and remote site using vpn client to connect first i have hdsl router with 5 public ip i wanna try it by giving 1 public ip to each router and try the vpn but nothing work?
View 1 Replies
View Related
Dec 29, 2011
We have to configure our firewall cisco Asa 505 (ASA Version 8.3(1)) in order to establish a ipsec vpn between our office site and another external site. Vpn has been established successfully between our ip site 172.16.69.24 and other vpn ip site 172.16.23.23.Our server (192.168.100.25) behind firewall cisco (sk lan 192.168.100.254) manages to ping server 172.16.23.23 on other site through a static route add on windows so server (route add 172.16.23.0 MAK 255.255.255.0 192.168.100.254).On the other site, server with ip 172.16.23.23 doesn't ping our vpn ip site (172.16.69.24) which has to be natted to our server 192.168.100.25.
View 2 Replies
View Related
Jan 27, 2012
i want configure VPN between backoffice which have ASA5510 firewall with static IP and site which have cisco router 1861 with dynamic IP.
how i can configure the site to site between them?
View 2 Replies
View Related
Dec 23, 2011
I have 16 customers using RV042 router all 11 have the RV042 router different ISP's. After eleminating every thing else we were down to the routers. Two of the customers we built linux boxes to do the routing and firewalling and VPN, etc. Once in place the problems went away. Which confirmed it was the RV042 router causing the problem.
We watched the traffic and after about 2 hrs the router tells both ends to reset. End of communication.
My question is how do we stop the router from terminiating the connections. They are not bandwith hogs. They are nessessary connect connections.
View 3 Replies
View Related
Oct 23, 2012
Having some issues getting a site to site VPN connected between two RV042. Any experience getting this to work behind a Motorola SBG9000.Will I be able to get this working? Or will I have to organise a cable modem through my ISP instead
View 1 Replies
View Related
