1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cisco Router + RV042 + ISA

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by JayGeeeker, Nov 20, 2008.

  1. JayGeeeker

    JayGeeeker Addicted to LI Member

    Here is what I am trying to do:

    RV042 VPN into Cisco router - No problem works like a charm
    RV042 VPN passed Cisco Router into ISA 2006 Server - Kills me.

    Main Office:

    Cisco Router 1720 68.X.X.26 -.30 for external and 10.X.X.1 for Internal
    ISA Server 10.X.X.2 for external and 192.X.X.1 for internal

    Cisco Router is on 12.3 IOS which should allow for auto NAT Transversal

    I have configured the RV042 to connect to the public ip address of 68.X.X.30 which forwards onto 10.X.X.2 which is my ISA server.

    I need to be able to VPN into both networks from my branch office which is where the RV042 comes into play. How can I allow this to happen?

    Errors I am receiving are something about peer is wrong. The rv042 expects th 10.x.x.2 instead of the 68.x.x.30

    thanks for your help.
     
  2. ifican

    ifican Network Guru Member

    to be clear are you trying to create 1 vpn to the cisco router, then another vpn from the same rv042 to the isa server?
     
  3. JayGeeeker

    JayGeeeker Addicted to LI Member

    Correct

    This branch needs access to both subnets.
     
  4. JayGeeeker

    JayGeeeker Addicted to LI Member

    And the actual error is "We require peer to have ID '68.X.X.30', but peer declares '10.X.X.2'"
     
  5. ifican

    ifican Network Guru Member

    Interesting concept, instinctively i want to say this is not going to work but i will have to give it some thought. Let me talk it over with my team and see if we can come up with anything.
     
  6. JayGeeeker

    JayGeeeker Addicted to LI Member

    Thanks please let me know. I think the problem will be with the Cisco router not the RV042.
     
  7. ifican

    ifican Network Guru Member

    Actually that part should not be much of an issue, the issue is going to be making the rv042 handle it correctly and here is why. You are already sourcing an ipsec tunnel from your external ip. You now need to source a tunnel from your local preferred subnet to your remote protected subnet. If you had a router inside the rv you can pass it through to the isa server and make it work. However making the rv042 source a tunnel from the inside ip is going to be hard if not impossible. So a side thought, why cant you make a tunnel from the rv042 to isa server and remote connect from the isa to anything in the middle if need be?
     
  8. JayGeeeker

    JayGeeeker Addicted to LI Member

    I would like to keep both tunnels on my rv042 external side. I am only getting stuck at Main Mode 6th Packet:
    Entries from my log:
    Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet
    Nov 21 01:19:16 2008 VPN Log Main mode peer ID is ID_IPV4_ADDR: '10.X.X.2'
    Nov 21 01:19:16 2008 VPN Log We require peer to have ID '68.X.X.30', but peer declares '10.X.X.2'

    If I can just get passed this it should work, which is why I think it is my Cisco Router that is causing the problem because i have this entry on my cisco router:
    ip nat inside source static 10.X.X.2 68.X.X.30

    Hope this additional info helps.
     
  9. ifican

    ifican Network Guru Member

    Yes, but the issue is you are trying to use 68 as the endpoint, but your endpoint on the other side is terminated inside the protected network. Which means you have to source your tunnel from the protected side. And hence why you are seeing that error. I dont have access to an rv042 so i have to try to understand what its settings look like and what its capabilities are. Just remember that your protected networks have no idea they go through a tunnel. And your external endpoint ip's have no direct access to your protected networks. So yes you can create a tunnel from inside both subnets, but trying to make it work outside ............. ?
     
  10. JayGeeeker

    JayGeeeker Addicted to LI Member

    OK please let me know what you come up with.
     

Share This Page