1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can't Establish VPN tunnel on RV082 to RVS4000

Discussion in 'Networking Issues' started by toplok, Nov 25, 2007.

  1. toplok

    toplok LI Guru Member

    Can't Established Gateway to Gateway VPN Tunnel
    Please check my configuration if you can see errors..
    Thanks

    Site A: (a.a.a.com)

    WAG200G (V1.01.05) - connected through provider with PPPoA authentication and DDNS (a.a.a.com)
    - Lan IP: 192.168.1.1
    - DHCP enabled starting (192.168.1.100)

    RVS4000 (V1.1.14)
    - Lan IP: 192.168.0.12
    - WAN IP: 192.168.1.100 (from DHCP of WAG200G)

    VPN Configuration
    - Tunnel Name: ourtunnel
    - IPSec VPN Tunnel: Enabled
    - Local Group Setup
    -- Local Security Gateway Type: IP Only
    -- IP Address: Auto (shows local IP Address 192.168.1.100)
    -- Local Security Group Type: Subnet
    -- IP Address: 192.168.0.0
    -- Subnet mask: 255.255.255.0
    - Remote Group Setup
    -- Remote Security Gateway Type: IP Only
    -- IP by DNS resolved: b.b.b.com
    -- Remote Security Group Type: Subnet
    -- IP Address: 192.168.2.0
    -- Subnet mask: 255.255.255.0
    IP SEC SETUP
    Keying Mode: IKE with preshared key
    Phase 1
    Encryption: 3DES
    Authentication: MD5
    Group: 768 bit
    Key Lifetime: 28800 sec.
    Phase 2
    Encryption: 3DES
    Authentication: MD5
    Perfect forward secrecy: Enabled
    Preshared key: 12345678
    Group: 768 bit
    Key Lifetime: 3600 sec.



    Site B: (b.b.b.com)

    WAG200G (V1.01.05) - connected through provider with PPPoA authentication and DDNS (b.b.b.com)
    - Lan IP: 192.168.3.1
    - DHCP enabled starting (192.168.3.2)

    RV082 (V1.3.7)
    - Lan IP: 192.168.2.1
    - WAN IP: 192.168.3.2 (from DHCP of WAG200G)

    VPN Configuration
    - Tunnel Name: ourtunnel
    - IPSec VPN Tunnel: Enabled
    - Local Group Setup
    -- Local Security Gateway Type: IP Only
    -- IP Address: Auto (shows local IP Address 192.168.2.1)
    -- Local Security Group Type: Subnet
    -- IP Address: 192.168.2.0
    -- Subnet mask: 255.255.255.0
    - Remote Group Setup
    -- Remote Security Gateway Type: IP Only
    -- IP by DNS resolved: a.a.a.com
    -- Remote Security Group Type: Subnet
    -- IP Address: 192.168.0.0
    -- Subnet mask: 255.255.255.0
    IP SEC SETUP
    Keying Mode: IKE with preshared key
    Phase 1
    Encryption: 3DES
    Authentication: MD5
    Group: 768 bit
    Key Lifetime: 28800 sec.
    Phase 2
    Encryption: 3DES
    Authentication: MD5
    Preshared key: 12345678
    Group: 768 bit
    Key Lifetime: 3600 sec.
     
  2. pablito

    pablito Network Guru Member

    Do you have NAT-T setup in advanced options on both ends? I assume that the routers have DMZ setup pointing to the RVs.
     
  3. toplok

    toplok LI Guru Member

    Both WAG200G are NAT enabled and DMZ are pointing to RV's... some says the WAG200G should be in Bridge mode.. but If I'll do it I can't get my PPPoA authentication to the provider since RV's dont have PPPoA authentication...

    please help guysss
     
  4. toplok

    toplok LI Guru Member

    Btw, my WAG200G DHCP is giving 1 IP only to the RV (WAN) and RV's are configured DHCP relay to a DHCP server on the local network.
     
  5. Toxic

    Toxic Administrator Staff Member

    only thing I can suggest that maybe causing an issue is the IP address 192.168.0.0 on the RVS4000, are you able to change this to 192.168.4.0? I have seen in the past some routers not supporting the 192.168.0.x ip address naming.
     
  6. toplok

    toplok LI Guru Member

    Thank you for the information. I will try to change my local IP naming when it is off hours.
     
  7. toplok

    toplok LI Guru Member

    I change the 192.168.0.x to 192.168.4.x still the same.. here are some logs on the vpn.

    Dec 2 20:54:16 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Aggressive Mode 1st packet
    Dec 2 20:54:16 2007 VPN Log initiating Aggressive Mode #1, connection "ips0"
    Dec 2 20:54:16 2007 VPN Log STATE_AGGR_I1: initiate
    Dec 2 20:55:24 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Aggressive Mode 1st packet
    Dec 2 20:55:24 2007 VPN Log initiating Aggressive Mode #2 to replace #1, connection "ips0"
    Dec 2 20:55:24 2007 VPN Log STATE_AGGR_I1: initiate
    Dec 2 20:56:34 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Aggressive Mode 1st packet
    Dec 2 20:56:34 2007 VPN Log initiating Aggressive Mode #3 to replace #2, connection "ips0"
    Dec 2 20:56:34 2007 VPN Log STATE_AGGR_I1: initiate
    Dec 2 20:57:48 2007 VPN Log Ignoring Vendor ID payload [4f4540454371496d...]
    Dec 2 20:57:48 2007 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
    Dec 2 20:57:48 2007 VPN Log Ignoring Vendor ID payload [4a131c8107035845...]
    Dec 2 20:57:48 2007 VPN Log Received Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-03]
    Dec 2 20:57:48 2007 VPN Log Ignoring Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-02]
    Dec 2 20:57:48 2007 VPN Log Ignoring Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-00]
    Dec 2 20:57:48 2007 VPN Log [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
    Dec 2 20:57:48 2007 VPN Log [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
    Dec 2 20:57:48 2007 VPN Log [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
    Dec 2 20:57:48 2007 VPN Log [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
    Dec 2 20:57:48 2007 VPN Log [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
    Dec 2 20:57:48 2007 VPN Log Main mode peer ID is ID_IPV4_ADDR: '192.168.1.101'
    Dec 2 20:57:48 2007 VPN Log [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet
    Dec 2 20:57:48 2007 VPN Log [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
    Dec 2 20:57:48 2007 VPN Log [Tunnel Negotiation Info] Initiator Cookies = 3e32 2746 bb9b bbf5
    Dec 2 20:57:48 2007 VPN Log [Tunnel Negotiation Info] Responder Cookies = b6d3 e376 6038 cdc
    Dec 2 20:57:48 2007 VPN Log malformed payload in packet
     
  8. DocLarge

    DocLarge Super Moderator Staff Member Member

    Try setting your WAG200's to bridge. In your RV082 and RV4000, choose the "PPPoE" option and use the username/password combination you'd normally input on the WAG200G's. You also might have to enter the ISP provided information statically.

    I've done this before when setting up a vpn tunnel between a WRV54G and a WAG54G. The WRV54G had a links ADSL2MUE that I had to put into bridge mode; I set the
    WRV54G to use "PPPOE" for the translation because it (WRV54G) doesn't do PPPoA and my vpn tunnels ran without any problem...

    Jay
     

Share This Page