Cisco VPN :: RV042 Tunnel Inactivity Disconnect
Oct 16, 2011
I have VPN Gateway to Gateway VPN tunnels set from my central office to four remote sites. The tunnels have always been problematic. Started out with five Linksys RV042 v2 devices these had problems with handshake, sometimes would disconnect during this process and had to click disconnect button on either device and this wouold force the tunnel to rebuild. Recently upgrade central device to a Cisco RV042 v3 device. Good news is that this seems to have corrected the handshake issue but now each of the remote sites are having problems during periods of inactivity losing tunnel. The staff at the remote site indicate that they have to close out application and restart router to rebuild the tunnel.
All tunnels are Gateway to Gateway static IP addresses. They all will connect and behave as expected until they reach a certian period of inactivity. I have searched all over Cisco, Linksys, and Google have seen problems similar but no consistant or logical solutions so I thought since I am slowly upgrading my network from my initial equipment which was truely purchased based on cost alone to adding more Cisco equipment. However since this is among the first of my upgrade moves and the improved equipment is creating more problems than my older less expensive equipment I needed a solution to the problem before submitting additional PO's to upgrade switches and firewall products.
View 2 Replies
ADVERTISEMENT
Dec 12, 2011
I am using a Cisco ASA 5510. Our tunnels always drop due to inactivity, which is a security issue I understand, and it only takes some "interesting traffic" to bring it back up. My problem is that it looks like the interesting traffic has to originate from my side of the tunnel, when our clients send traffic and the tunnel is down due to inactivity it does not come back up. Is there a setting that I am overlooking that will make it come back up no matter who sends traffic? Or, is there a way to make it stay up through inactivity?
View 4 Replies
View Related
Mar 3, 2011
we bought a router for our company RV042, so far good
What i did:
1. i created QuickVPN clients, droped in certificate which exported from router
******NOTE********All company's laptops are running: Windows 7pro 32bits****************
The users are connecting sucesefully to router and using resources from server etc...
But, when they press disconnect on quickVPN it shows disconnected, but when i log in into router, i still see that they are connected (not disconnecting),
and the problem is they cannot connect to router second time if i don't manually disconnect them from rv042 router....
Only sometimes the clients disconnect properly from router, but it is very very rare...
Question1: Where I should look for the problem in router rv042 or client laptops?
Question2: Does the 64bit windows7 pro OS can connect to RV042router?
I have latest quickvpn software and latest router firmware.
View 10 Replies
View Related
Jun 2, 2011
Currently I have a VPN tunnel setup between our company locations. Location A has Linksys RV016 and Location B has RV082. Everything has been working with no problems for the past 2 years with only minor disconnect issues in the VPN tunnel between the locations.
For the past 2 weeks I have been running into issues with the Tunnel. Users in Location B are reporting problems with losing connection to applications that are hosted in Location A. At first I start with doing a ping to router address in Location B and I get "request timed out". Next I login to router in Location A and under VPN I notice that the VPN tunnel is not disconnect (I see disconnect button). Once I click on Disconnect the screen refreshes and that seemed to restablish connecting with router in Location B. The drop connection has been been going on for the past 2 weeks and only happens once a day specifically between 1 PM and 3 PM EST. I have been reading all over the internet and no luck at all. The VPN tunnel settings are the same on both routers and under Advanced options both Keep Alive and Dead Peer Detection (DPD) are checked.
View 1 Replies
View Related
Dec 12, 2012
I am using 5 Cisco 5505 ASA builed site to site VPN. site B,C,D,E all site to site VPN to site A with only IKEv2 IPSEC configurartion.
Reading from Site A ASDM. Monitoring VPN always can read all four site are connected. But, I found that Site D and E the login time during reset time to time with few hours.
1) I would like to know the login time during reset is normal or not?
2) any setup or configuration can fine tune the site to site VPN. Make VPN tunnel more stable?
3) any menthod can monitor site to site VPN is health or not?
View 2 Replies
View Related
Jul 5, 2012
we are trying to establish VPN tunnel between ASA5550 and RV042. The tunnel is connected but I cannot access any resources that are behind ASA5550. I can ping the servers but that is about it.
View 1 Replies
View Related
Jun 6, 2011
I have a two RV042 VPN Router, I successfully connected the IPSEC tunnel. I cannot route Traffic in the tunnel. See the diagram.
MAIN Network
10.252.x.x
-------------->
FIREWALL
a.a.a.1
INTERNET
RV042a WANa <<------------------------------->> WANb RV042b
a.a.a.2 b.b.b.b
In this manner the network of b.b.b.b wil connect to the Main Network 10.252.x.x, unfortunately I can't pass traffic to RV042b going to RV042a. Everytime I trace the route, the traffic goes outside the Internet not to RV042a.
View 1 Replies
View Related
Nov 27, 2012
I don't know if this is in the right section, but I cannot set up a vpn tunnel between an asa 5510 and a cisco rv042 router. I believe the problem is because i need to set up a nat exempt rule on the rv042 route but don't know how.
View 1 Replies
View Related
Sep 13, 2012
configure ip-sec vpn tunnel between ASA5525x and RV042
View 5 Replies
View Related
Dec 16, 2011
how to establish tunnel between rvs 4000 and rv042 ?
View 2 Replies
View Related
Dec 14, 2011
here's my setup :
office 1 :
rv042 hw3
ISP:Obtain an IP automatically
office 2 :
rv042 hw3
ISP:PPPoE
VPN tunnel between both rv042, everything's fine but when i try to ssh from office 2 to an office 1's server, my connection drops.
When it drops, i can still ping pc in office 1, this is really strange!if i change the office 2 ISP to another provider (obtain an IP automatically) everything's ok !
i try to use another PPPoE ISP for office 2 and it's doing the same thing!I've also tried other rv042 in both locations with the same setup and it's doing the same thing, so it's not a router issue.
i've tried older firmware and it's doing the same thing, so it's not a firmware issue!
View 3 Replies
View Related
Jun 27, 2012
I have configured a VPN tunnel between two remote locations using static IP addresses on two RV042 routers. The tunnel seems to work but the problem is that when the two hosts attempt to ping each other only one can successfully ping. One PC with IP address 192.168.1.100 can ping across the network but the second PC with IP address 192.168.2.100 cannot. These are laptops seperate from the intranet used to test the tunnel. Someone had suggested NAT may be the issue so I enabled NAT Transverse on the routers but still no luck. The following is the results from a ping test.
PC 1
ping 192.168.2.1
Pinging 192.168.2.1 with 32 bytes of data:
Reply from 192.168.2.1: bytes=32 time=116ms TTL=63
[Code] ......
View 1 Replies
View Related
Aug 5, 2011
We have 4 RV 042 routers and cisco router at HQ, we have Site to Site VPN tunnels in between, All branch offices are connected to HQ via S2S VPN tunnels
10.10.1.0/ 24 HQ
10.10.2.0/24 Branch 1
10.10.3.0/24 Branch 2
10.10.4.0/24 Branch 3
10.10.5.0/24 Branch 4
now lets say i am branch 1, i can access 10.10.1.0/24 network but cant access 10.10.5.0/24 network, means i dont have branch to branch connection, it should be through HQ, means my RV042 at brnach should fwd all traffic to HQ for another branches also. Under VPN tunnel if i try to configure remote destination 10.10.0.0/21 its not allowing me it says network overlaping with local network, how i can sole it, I know how to do in cisco, we can permit those networks in access lists.
View 1 Replies
View Related
Sep 15, 2011
I was hoping that the latest firmware would fix my (2) 'bugs', but it did not. We are using the RV042s at our remote medical clinics as an end-point VPN router to our Nortel 1700 VPN router, replacing our old Nortel Contivity 100s.When I try and do a reset when connected remotely via the WAN interface, the RV042 hangs and will only reset by re-powering.
View 1 Replies
View Related
Jul 18, 2012
I have a client that needs to establish a IPsec tunnel to a large organization. They will not forward any traffic to an IP using private reserved IPs. However I am not finding another way to accomplish this. I tried ipsec to the router and using a second IP to a 1:1 Nat but it will not pass the traffic and would seem really insecure from the public internet. 1:1 Nat does work from the public internet but not over the tunnel.I have an RV042 a /29 block of IPs. I am at a loss of how I can accomplish what they want without allowing a private IP.
View 1 Replies
View Related
Feb 18, 2013
I have an RV042 VPN tunnel with an RV082.The RV042 has a public IP Address obtained by PPPoE, the RV082 has a public IP Address obtained via Static IP.The problem I see is a really slow performance. Both internet conections are idle and the performance is about 2 or 3 kbyte/s My question are if I should I enable any of this:
- Agresive mode
- NAT Traversal
- IP Compresion
- Dead Pear Detection
How can I troubleshot this slow performance?
View 2 Replies
View Related
Jan 9, 2012
I have a remote location that has a Linksys/Cisco RV042 router [URL] that allows PPTP connections based on username and password combinations. There are no intermediary routers between this device and the internet - only a DSL modem. A secondary WAN connection is not present.
I am able to dial into this VPN using the Windows XP and Windows 7 dialers from any of my local free-wifi locations(e.g. Starbucks). I WAS able to connect to this VPN connection from my house when my home router was a Buffalo brand router.
I have replaced the Buffalo router with a 2620(non-XM) that is connected in ROaS fashion to a 2950 switch. I need some guidance on what in my config is not allowing me to connect to this remote site.
Home network info: Local subnets : 192.168.x.x
Remote network info: Local subnet : 10.214.x.x
The Windows XP dialer client indicates that the username and password challenge is where the connection fails. It ultimately gives me the error code 619. I have performed a Wireshark packet capture of an attempt to connect from ip 192.168.10.11. This packet capture shows multiple "Configuration Request" packets being exchanged between the two endpoints, but does not ever show an exchange of authentication.
My nat translation table shows an entry for both a GRE tunnel as well as port 1723 between 192.168.10.11 and the WAN port of the RV042 when attempting to establish this VPN.
I have attached my 2620 configuration for your review.
View 1 Replies
View Related
Dec 7, 2011
i have 2 rv042 with a vpn tunnel between them.the problem is that i can't access https over the VPN !if i telnet 192.168.10.1 443 through the VPN, it's not working either. if i telnet 192.168.10.1 443 in my 192.168.10.0 network it's working so it's reall the VPN tunnel the problem.
View 1 Replies
View Related
Jan 14, 2011
Setup is two dynamic IP locations
1. first location RV042 is the gateway attached to ADSL modem
2. second location RV042 is behind BT home hub gateway - for now the BTHH DMZ is enabled to the RV042
Followed the user manual config for two dynamic IP but it seems that the RV042 behind the BTHH obviously has a different IP than the resolved IP and is causing problems with connection.
This from the log file:
Jan 14 15:04:16 2011 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
Jan 14 15:04:16 2011 VPN Log [Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 1st packet
Jan 14 15:04:16 2011 VPN Log Aggressive mode peer ID is ID_IPV4_ADDR: '192.168.95.139'
Jan 14 15:04:16 2011 VPN Log No suitable connection for peer '192.168.95.139', Please check Phase 1 ID value
Jan 14 15:04:16 2011 VPN Log initial Aggressive Mode packet claiming to be from 81.156.xxx.xx on 81.156.xxx.xx
But no connection has been authorized,check peer ID Is there some way of making the RV042 behind the BTHH properly identifiable to the other end?
View 1 Replies
View Related
Sep 13, 2011
I configured ASA5520 and RV042 for site-to-site IPSec VPN tunnel.Tunnel get connected, but no ping, no traffic between both end network.
Network:
=======
192.168.113.0/24----------192.168.113.6 -ASA--------public, static IP address------Cisco 2821--------Internet
192.168.10.0/24-----------192.168.10.1 -RV042-----public, static IP address------Cisco 2821--------Internet
ASA5520 config:
----------------------
name 192.168.10.0 VPN
!
interface GigabitEthernet0/1
nameif NET
security-level 100
ip address 192.168.113.6 255.255.255.0
[code]....
View 5 Replies
View Related
Jul 18, 2011
Im able to create a gateway tunnel with two rv042 routers in different locations ( i can see the tunnel connected in the router) but the quick vpn utility is not working , i also tried to use the pptp as server as an alternative( im able to connect using windows connection to the pptp server but whenever I browse any of the four ip's allowed for the pptp server \10.0.0.200-204 it takes me to the documents of the local computer....I attached the configuration for one of the routers it is the same as the other end , just the information is flipped.
Message was edited by: Adrian Torres
View 7 Replies
View Related
Feb 15, 2013
We had an issue the other day where doing backups through the firewall (don't ask) caused the "control" session to timeout while the backups were still going on over the "data" connection. This broke the backup about two hours into the job. My first thought was that the backup solution vendor should implement some kind of tcp keepalive for the control connection. A packet capture showed they indeed were -- after 2 hours! Ah ha! Busted! How could they choose such a poor choice of TCP keepalive timer for their application that would not be compatible with the 60 minute inactivity timer that so many firewall vendors use (Cisco, Juniper, Checkpoint and Fortinet all use a default 60 minute inactivity timer for TCP)?
Well, a colleague of mine pointed out that there is actually an old RFC that covers this. RFC 1122. It says:
Keep-alive packets MUST only be sent when no data or acknowledgement packets have been received for the connection within an interval. This interval MUST be configurable and MUST default to no less than two hours.
Now I know that RFC is old (October 1989), but that's all I could find. Is there something that supercedes that? Maybe common sense perhaps? I understand not wanting to fill up your connection table because of mis-behaving applications, but I'm just looking for ammunition to use against the backup solution vendor. Surely they're going to point to this RFC.
ASA(config)# timeout conn ?
configure mode commands/options:
0:0:0 | <0:5:0> - <1193:0:0> Idle time after which a TCP connection state
will be closed, default is 1:00:00
<0-0> Specify this value to never time out
View 1 Replies
View Related
Jun 4, 2011
how to tweak my laptop so that the wireless access does not get disabled after a short period (approx 15 min) of inactivity. It's really annoying to have to reconnect every time this happens.
Using an Atheros AR9285 wireless card in an Asustek N61Jv laptop.
View 2 Replies
View Related
Mar 28, 2012
default inactivity connection time out for A3(1.0) So by defult any tcp connection(http or https) will be timed out in an hour. [code]Was this change in the A4(2.0) code or is it still the same? I heard a TAC engg say that default inactivity timeout for http and https are now 5 mins that is 300 seconds.
View 3 Replies
View Related
Feb 6, 2011
My laptop does not recognize wireless OR the LAN anymore. IT says "Unidentified Network" My laptop connects to the network but the network doesn't connect to the internet. Before I got it and added a password it worked fine! Except it said Limited Connectivity" Here are the system settings for my laptop (I don't think wifi works for my PC either):
Manufacturer: TOSHIBA
Model: Satellite A215
Windows Vista
Rating 3.0
Processor: AMD Turion (tm) 64 x2 Mobile Technology TL-52 1,60 GHz
Memory: 894 MB
System Type: 32-bit Operating System
[code]...
View 11 Replies
View Related
Apr 15, 2012
I hadn't used this device (version 1) for a couple of years. After that much time and many changes in my home network, once again I need it to connect a printer. I pushed the reset button and followed the initial setup directions. So far so good.
Then I followed directions for using it on my network. Also good. I can access the bridge's web server and I can send jobs to the printer.
My problem is, after a period of inactivity (say, over night) I can no longer access the printer or the bridge. The only way I have found to get them back is to power-cycle the bridge. Some data ...
My router is a WRT320N. It manages DHCP and reserves a fixed IP address for the bridge.The bridge connects to a wireless network managed by an Apple Airport Extreme 802.11. It is connected directly to the router. Yes, I have two WiFi networks. No, I have not yet tried the bridge on the router's network.The LEDs on the bridge are the same, accessible or not.The printer is an OKI c3400n.
View 3 Replies
View Related
May 27, 2013
i have 2 1260 Access points one is in root mode , one is wgb mode. Authentication is EAPFAST. There are 5 devices connected via WGB bridge to the rest of the network.
- If clients are sending some data , then WGB AP announces this client mac via IAPP to root AP and rest of the network sees them correctly
- If clients are "passive" , then after WBG AP announces them to root AP , they timeout after 6 minutes on root AP and obviously they are not pingable from the rest of the network. The only way to restore connectivity is to ping that device from WGB AP, then WGB AP announces via IAPP to root AP , then and only then they become visible from the rest of the network.
My question is related to this 6 minute timeout on root AP . Is it normal behaviour ?
View 5 Replies
View Related
Jan 18, 2012
I am using InnoMedia MTA6328-1Be2S from Reliance and D-link DIR-600 for sharing internet connection. I have a strange problem here after using internet for sometime..I will not be able to use internet unless I shut down and restart both Innomedia and D-link.I tried changing configurations in D-link but with no luck. I lost the connection no matter I am using wireless or wired mode.I do not know how to login to InnoMedia MTA6328-1Be2S as well.
View 1 Replies
View Related
Nov 26, 2012
ASA 8.2(5), uauth absolute timeout is disabled and inactivity timeout is set to 48 hours:
timeout xlate 48:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:00:00 absolute uauth 48:00:00 inactivity
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
Users still get kicked out every 8 hours and they have to reauth. This is a logging message:
%ASA-5-109012: Authen Session End: user 'john', sid 839, elapsed 28801 seconds
View 1 Replies
View Related
Jan 9, 2011
i have a 7201 router with NPE-G2. i have a design which i have the option to send all the traffic through a GRE tunnel or a L2TPV3 tunnel.which method is more CPU consumption ?
View 1 Replies
View Related
Sep 23, 2012
I'm in process of purchasing a new Cisco routers for our branches that will be used primary to enable IPSec virtual tunnel interfce with "tunnel mode ipsec ipv4". does the default IOS IP Base supports this feature? or i need to purchase DATA license or SECURITY license?
View 4 Replies
View Related
Oct 17, 2012
I am using a Cisco RV110W (Firmware 1.2.09) in a branch and I would like to create a VPN Tunnel to another site that has a Cisco RV042 (firmware v4.2.1.02)
What would be the correct Configuration? the current configuration I am using is
in the RV042 i am using
Check Enable
Local Group Setup
Local Security Gateway Type : IP Only
IP Address : RV042 Pulbic IP address
[Code].....
View 3 Replies
View Related
Jul 24, 2012
Environment :linksys wrt300n v1.1 which can have ddwrt-mega. Willing to tunnel all lan's outbound traffic through an ssh tunnel.
View 2 Replies
View Related
