I have a problem in my IPSec tunnel. One of the routers (Cisco 861) doesn't encrypt the packets but does decrypt the incoming ones from the remote peer (RV042). In the access-list for the wan interface I deny the traffic between the subnets and in the vpn access-list I permit the traffic.
View 4 Replies
I have 2691 Router conencted to Internet and it is doing Nat.
This connects to 3550A Switch which has connection to 1811W Router.
I setup VPN between 1811W and 3550A.
3550A has connection to 2691 via ospf.
OSPF is running between 1811w and 3550A.
1811
1811w# sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
[Code]....
I have 2691 Router conencted to Internet and it is doing Nat. This connects to 3550A Switch which has connection to 1811W Router.
I setup VPN between 1811W and 3550A. 3550A has connection to 2691 via ospf.
OSPF is running between 1811w and 3550A.
1811
1811w# sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
[Code].....
Continued from [URL] which appears to have been closed by a moderator with a reference to Cisco small business website, but the registration there doesn't work, all buttons are inactive etc.
I just need to know what to do with this RV042. I have two modems, a cable and an ADSL. Both are configure correctly, in bridge mode. Both work fine when connected to WAN1, but when connected to WAN2 they never go online (dont' get IP address). The connect lights are on but they never go online.
Firmware Version: 1.3.13.02-tm
I was able to install the RV042 router to my ATT DSL line (WAN1 port-INTERNET) and it gets an external IP address automatically and the Internet works. When I connect my Comcast Internet to WAN2 port INTERNTE/DMZ) it doesn't get an IP address. and the Internet goes down and the WAN2 port ip address says 0.0.0.0.I've tried releasing/ renewing and it still says 0.0.0.0.Everything else is set as the default.
View 1 Replies View RelatedI have a problem with my WAN ports. I can´t obtain a ip adress from my ISP. I´ve tried factory reset. Upgrade to lateset firmware. Clone MAC adress from my PC. Nothing is working.
But when I plug the WAN port into my Old router it receives an adress directly. When I plug the ISP connection directly into my pc or the old router it´s working as well.
I am using the latest firmware: RV0XX-v4.1.0.02-tm.bin
And My ISP has an interface with an ADSL modem SmartAX with DHCP.
i've just purchased cisco rv042. i want to connect to my ISP using modem (bridged). i tried to config pppoE on the router with my isp acount and connecting it to the modem. the issue is my router doesnt get any ip from the modem(aztech tnn 600e).
* the dhcp on the modem is working properly. i checked by connecting a computer to it, the ip was assigned. and another test i did, i connected the rv042 on "assign ip automatically and it got ip from the modem (worked well when the modem is bridged ot bridged).
I am seeing a lot of the following showing up in the WLC trap log:
Decrypt errors occurred for client <CLIENT-MAC> using WPA2 key on 802.11b/g interface of AP 00:17:0f:81:ad:90
we are using WLC runninn 7.0.98 and ACS 4.0
I´ve implemented 2 Cisco ISE v1.1 in HA to run MAB and 802.x Authentication / Authorization. Using Local ISE DB and Active Directory as an External Identity Source for wireless and wired users and devices. This was working fine 2 weeks ago after finishing installation.
My NAD devices are a Core SW 6500 for wired users (there are no access SW, just the Core for the whole network, its a small office) and a WLC 2405 for Wireless Users.[code].....
Getting this error on the data center 2581 (12.4(24)T) from a GRE/IPSEC tunnel, remote branch is 2811 running 12.4(25d)
%CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=
The tunnel has been up and working okay for months, nothing has changed on the config and the key is correct. Traffic is following but remote users are complaining of performance issues. A wireshark shows checksum errors and lots of packet resends. Remote ISP has checked the circuit and says its clean.The data centre router has quite a few tunnels but only 1 causing this issue. From the head end router -
sh crypto ips sa | b x.x.x.x
current_peer x.x.x.xport 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 15129, #pkts encrypt: 15129, #pkts digest: 15129 #pkts decaps: 13346, #pkts decrypt: 13346, #pkts verify: 13346 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 1, #recv errors 1992
Can a VPN module go bad like this? I've tried disabling the branch onboard engine and using software but it doesn't work.
I can't open www.tv3.lt, because is writen, that CONNECTION IS NOT ENCRYPTED. Al the time it was OK. What the matter.
View 1 Replies View RelatedI am getting error messages for clients:
11 Mon Jun 14 09:11:56 2010 Decrypt errors occurred for client 00:13:ce:54:57:3c using WPA key on 802.11b/g interface of AP 00:16:9c:91:97:c0 12 Mon Jun 14 09:11:56 2010 Decrypt errors occurred for client 00:16:6f:91:d8:60 using WPA2 key on 802.11b/g interface of AP 00:16:9c:91:97:c0
These are only occuring for clients that are disconnecting....
They can reconnect after a WLC reboot....
We have swapped APs.....
I have seen this error in other forums but it says not to worry about it. There has to be a connection between this and clients getting disconnected. We have anywhere between 10-50 clients on the system at any one time.Is this a client issue (nic firmware, version) or is this an error in the controller??
AIR-WLC2106-K9
IOS ver: 6.0.196.0
we see a strange message in our WLC logs, which occurs quite often (>10 times a day):Decrypt errors occurred for client [MAC-Adress] using WPA key on 802.11b/g interface of AP [MAC-Adress]The MAC-Adresses of the affected clients are varying as well as the APs reporting the error.The clients are Notebooks, Cisco IP-Phones and Nokia-DualBand-Phones.
Even more frequently we see the following message in the log:
%ETHOIP-3-PING_TRANSMIT_FAILED: ethoip_ping.c:227 send_eoip_ping: Failed to tx Ethernet over IP ping rc=5.
We use TKIP as Encryption and EAP-Fast as well as LEAP as Authentication (Cisco ACS).The WLC is an 2106, the APs are 1242AG. We don't recognize any problems placing calls or talking over these phones. It's just these messages in the log that concern me.
Whenever i open any web page. just before its address at address bar shows a symbol which says " This website does not supply Identity Information. Your connection to this website is not encrypted
View 1 Replies View RelatedI am running win xp and I am very intrested in encrypting my internet connection using exp.8 and firefox 4. what do i have to do to get the ball rolli ng?
View 1 Replies View RelatedI've got an office network that I would like to add a NAS drive to in a Windows 7 environment.
However, I want to make sure the NAS is both encrypted and password protected on the network to make sure someone doesn't just walk off with our company data (by taking the whole NAS with un-encryped info) or logging on through our network.
What would be your recommendation for a NAS setup that would offer total data encryption, great security from non-authorized people on the network, and 100% Windows 7 compatibility?
If i use PPTP or OpenVPN does this encrypt my entire connection to the internet or just web browsing?
View 7 Replies View RelatedI am setting up an offsite storage server for work at my home which will sync a few times a day to grab data and i wanted to ask about options for encryption or if i should worry about it.i am going to be initially dumping about 1-1.5T worth of data, with then maybe a couple of gigs a day added of new stuff.i am going to use server 2008 r2 as i am also doing a read only DC/AD for this system to give me and offsite controller just incase also.
I was thinking encryption for one more level of safety just incase something happened to the server, like theft or something but not sure what could reliably handle that much data ? System is only a dual core e7500 with 8G of ram, i have 2x500G SATA in raid 1 for the OS and 4 x 1T drives in raid 6 with 2 more coming.
I'm trying to setup a GDOI based IPsec connection between a cisco AS901 (advanced Metro lic - asr901-universalk9-mz.152-2.SNI ) and a 7606-S.What I see is that the ASR901 is capable of decrypting the IPsec packet but I cannot encrypt the ICMP packet back, so the question is if the AS901 can support IPsec in software. What I could not find in the docs on CCO. [code]
View 1 Replies View RelatedThis has to be the most weirdest issue I have seen since the past year on my ASA. I have an ASA 5540 running the 8.4(2) code without any issues until I stumbled upon this problem last week and I have spent sleepless nights with no resolution! So, take a deep breath and here is a brief description of my setup and the problem:
A Simple IPSEC tunnel between my ASA 5540 8.4(2) and a Juniper SSG 140 screen OS 6.3.0r9.0(route based VPN)
The tunnel comes up without any issues but the ASA refuses to encrypt the traffic but decrypts it with GLORY! below are some debug outputs, show outputs and a packet tracer output which also has an explanation of my WEIRD NAT issue:
My setup - ( I wont get into the tunnel encryption details as my tunnel negotiations are **** perfect and comes up right off the bat when the ASA is configured as answer only)
CISCO ASA - IPSec networking details
LOCAL NETWORK - 10.2.4.0/28
REMOTE NETWORK - 192.168.171.8/32
JUNIPER SSG 140 - IPSec networking details
PROXY ID: LOCAL NETWORK - 192.168.171.8/32
REMOTE NETWORK - 10.2.4.0/28
HOST NAME# sh cry ipsec sa peer <JUNIPER SSG PEER>
peer address: <JUNIPER SSG PEER>
[code]...
As you can see, there is no echo reply packet at all as the packet is not being encapsulated while it is being sent back. I have been going mad with this. Also, this is a live production multi tenant firewall with no issues at all apart from this ****** ip sec tunnel to a juniper!!
Also, the 192.168.10.0/24 is another IP Sec tunnel remote network to this 10.2.4.0/28 network and this IP SEC tunnel has a similar Juniper SSG 140 screen os 6.3.0r9.0 at the remote end and this woks like a charm without any issues, but the 171 is not being encrypted by the ASA at all.
I have configured 2 RV042 VPN with different ISP. Tunnel connected successfully and i can ping each other router but i can access clients which are connected to router. I have added rules also in firewall.
View 1 Replies View RelatedI've installed a RV042 and my terminals cant even ping each other. They have Internet, but they cannot ping each other, or open network shares. It is not a dns problem becouse it does not work with the IP.
View 1 Replies View RelatedI have a problem with the router Linksys RV042, I made a backup of it that contains a file with the extention .exp Now we have buy a new Rv042 made by cisco and the backup file is .config the question is how I convert the .exp file to a .config file so I can Restore the backup in to the new router?
View 1 Replies View RelatedI have a Linksys RV042 10/100 4-Port VPN Router with Firmware Version 1.3.13.02 and l have noticed that the Router keeps rebooting on average every couple of hours.We have it setup for Load Balancing 2 ADSL Services.
View 3 Replies View RelatedI have been able to put two Linksys routers in series no problem but this doesn't seem to work with an RV042.I have a number of customers that need to connect to a private email network via a router based VPN, but since VPN traffic is not filtered in the firewall, I would like to use an older Linksys router to manage the VPN(s) and have it pass data in through the filters of an RV042 on the DMZ port.I am getting stuck on the very frist part of this. Although I can connect to both the RV042 and LinkSys directly (by adjusting my subnet), I cannot ping the Linksys when it is connected through the DMZ port even if I disable the RV042 Internet port.
I know both the Internet and DMZ ports work on the RV042. I suspected that perhaps the RV won't pass through private IPs and tried known available pubic IPs instead of the 192.168.2.x subnet, but still no ping.What would be limiting the RV in this case? Is is possible to setup the RV to work in series with another router? Is there any other way to filter VPN traffic?
Using these routers for VoIP phones, the manufacturer says that SIP ALG must be disabled. I cannot find a setting for this.
View 1 Replies View RelatedI have a RV042 VPN Router inside an ASA 5505 running version 7.2. I am attempting to connect from the outside to the RV042. I have read for 2 days now and tried everything I have found and had no success. I can connect from inside the network to the RV042 so I know that is setup correctly. I have found links on several posts to the official Cisco support documents but they make no sense to me. This is my first experience with a Cisco Firewall.
We also have a security camera network that we access externally and I have successfully set up the port forwarding for this. Here is my current running configuration. The inside ip address of the RV042 is 192.168.168.25. I had port 1723 forwarded, opened GRE, and have setup PPTP inspection. I have deleted the port forwarding at this point.
Result of the command: "show running-config"
: Saved
ASA Version 7.2(3)
hostname suite
domain-name hivermont.com
enable password vwiH3D2KQdqR57As encrypted names
interface Vlan1 name if inside
security-level 100
ip address 192.168.168.1 255.255.255.0
ospf cost 10
[code].....
I am setting up an RV042 for my small business office and I am trying understand how it needs to be configured.
-For WAN1 I have a Wildblue Satellite Modem connected IP 70.66.93.4
-For WAN2 I have a Cradlepoint CTR35 Router with a verizon AirCard Connected IP 192.168.0.1
(Verizon has a 5GB download limit and wildblue has a 17GB download limit but it drops out in poor weather)The LAN is IP 172.16.0.1 Subnet Mask 255.255. 255. 0Should I set the RV042 up as a gateway or as a router?
I have a setup with a Cisco RV042 router connected as follows: Broadband Motorola Surfboard -> Cisco RV042 -> Wireless Router [code] The Surfboard has a wireless N network, though the other wireless router runs on G for compatibility reasons.
The problem I am having is that I have a printer connected to a Windows computer on the wireless N router (with a static IP address), and I need computers on the G network to be able to use the shared printer. The printer is shared, though not through Home group.
On the other computers in the house (on the G network), I cannot see the server in the list of computers on the network, and I cannot seem to manually add the printer by typing in the IP address.
how can I get other computers to detect the server connected to the printer, or what IP address/port/URL do I specify to connect to a shared printer on that PC?
i am trying to make a simple Site to SiteVPN between two offices, one has Cisco ASA and one has RV042 router.when traffic initiated from ASA side, i keep getting this message in Debug and tunnel wont come up
.
[IKEv1]: Group = A.A.A.139, IP = A.A.A.139, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.Apr 26 00:15:53 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
whereas if traffic initiated from RV042 side, i keep getting this message in debug and tunnel wont come up.
[code]....
I have two Windows Boxes connected to RV042 ; each has its own static IP assigned to it and each runs bunch of virtual machines , for which I had configured port forwarding .My hosting company claims that my server(s) are listening on IP 192.168.0.1 on a public interface (i.e., one that uplinks to their network). They see this same IP on two different MACs my uplink interface. I am not really sure how it is possible since 192.168.0.1 was assigned to router itself.
View 7 Replies View RelatedWhat is the WAN to LAN Throughput of RV042 router with QoS and SPI enable?
Will the RV042 router able to support a 60Mbps down 3Mbps up Internet connection with QoS enable and SPI enable without slowing down the connection?
I would like to the the RV042 for a one to one NAT, but I need it to NAT to an address that is not on it's local subnet. I have it routing properly to the address, but web interface only allows adding an IP on the local subnet. Is there a way around that?
View 1 Replies View Related
