1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Gateway2gateway VPN on RV0xx

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by cfinic, Nov 2, 2007.

  1. cfinic

    cfinic LI Guru Member

    Hey guys, I'm getting ready to setup a Gateway2Gateway VPN using the RV042 & the RV016. We have our main office in Chicago using a fractional T1 w/ Static IP (768Mbps) Will be upgraded to a full T1 when we switch offices. The other office is a small home office with the following Dual WAN setup:

    Cable Modem (w/DynDNS) >> WRT150N >> RV042 << DSL

    The reason that I have the WRT150N on the connection is to run my Bosses Home internet & VoIP. the cable comes in at their basement then there's a line running to the office/garage that we run all the computers off of.

    I'd just like to know what do I have to do to setup the VPN here and in Chicago (I'm traveling out there on Tuesday to get it all setup)

    Note: we had it setup with the MultiTech SOHO routers, but they both crapped out within a week of each other (after about 2 years of having them/3 months of activity)
     
  2. cfinic

    cfinic LI Guru Member

    No ideas? No suggestions? I've posted twice on here and gotten no response :angry:
     
  3. cfinic

    cfinic LI Guru Member

    Well, so far what have done is setup 2 DDNS one for the cable and one for the DSL. I have both registered in the RV042 and have the VPN setup for WAN1. Because the RV042 is technically behind 2 different routers I have it setup with static PIs
    WAN1 (Cable)> WRT150N> 192.168.1.11
    WAN2 (DSL)> Quest Router/Modem> 192.168.0.11

    Then I have both Router's DMZ pointing directly at the RV042

    I tried the DDNS's and then brought up the Remote management page.

    All I have to do is wait until I can put in the RV016 and check to see if the VPN is working properly...Knowing Linksys (and VPNs for that matter) I'm going to have to fool with it for a while.
     
  4. cfinic

    cfinic LI Guru Member

    Ok seriously guys I need help.

    I have both routers setup, and I have the gateways setup as such:

    IL:
    [​IMG]

    Both ends say waiting for connection. I thought I had everything setup right.
     
  5. cfinic

    cfinic LI Guru Member

    Really? Nothing? No one has ever setup a VPN using the RVxxx routers on a gateway to gateway? Thanks for the help anyway. :thumbdown:
     
  6. DocLarge

    DocLarge Super Moderator Staff Member Member

    Sorry for the late response. I've been out getting certifed on CCNA (I passed; yay me!!) and just caught your post. The others (Toxic, Kspare, Eric_Stewart) have been away on some things also, so we're not ignoring you...

    I've connected my Linkys gear (wrvs4400n, wrv200, wrv54g) to a RV042 Toxic has without any issues and I believe he's connected his RV042 to Eric's RV042 also (while I've been connected to him). Therefore, it can be done.

    If I remember correctly, Toxic has a DHCP connection, but I can't confirm that. I'll ask him and see if he can chime in...

    On your remote group setting, what other option do you have other than "IP by DNS resolved?"

    Jay
     
  7. pablito

    pablito Network Guru Member

    What does your log say about it? Always read the log for hints about problems.
    You are showing aggressive mode, you don't need that unless you add some more options. Turn that off. Make sure that the DNS is actually resolving the hostname. It is always easier to first setup with the tried and true basics: 3DES and at least Group 2. Netbios broadcast can be turned off until you get it setup and then only if you really need that noisy non standard option.
     
  8. cfinic

    cfinic LI Guru Member

    Congrads on the CCNA (I'd like to get it myself one day)

    The domain is being resolved to the correct address, as far as I can tell.

    Here are the alternative settings and what I changed, I also turned off all of the advanced options:

    [​IMG]

    Thanks for the help guys:biggrin:

    EDIT: I have IP by DNS and IP only, those are the 2 options; I figured that because I don't want to be manually typing in the IP address every time the cable provider decides we need a new IP address.
     
  9. ca_picker

    ca_picker LI Guru Member

    I don't know how much this will translate because it's a slightly different setup, but since you don't seem to be getting what you're after, I figure it may help:

    I have a Gateway-to-gateway tunnel between a Netgear FVS318 and an RV042. The Netgear connection is dynamic IP; the RV042 side is static. I use DynDNS for the Netgear side. The tunnel setup on the RV042 is "IP by DNS Resolved" and IP + Domain Name (FQDN) Authentication". In that setup, for the domain name entry, I use the domain that goes into DynDNS (this is in both the 'IP by DNS Resolved" and "Domain name" boxes).

    On the Netgear side, there are fewer options, but I basically just use the DynDNS name as the "Local IPSec identifier".


    I have 3 other Gateway-to-Gateway tunnels which are all RV042<->RV042, static on both ends and they just use the IP Only method so that may not apply. Obviously other things to double check are that the P1 & P2 proposals on both ends are exactly the same...I have had that bite me a couple of times, it's amazing how much "3DES" looks just like "DES" when you're making a quick scan through :mad:

    Oh also make sure the Subnet #s do not conflict, i.e. the tunnel should be a separate subnet from your RV042's main net.
     
  10. cfinic

    cfinic LI Guru Member

    Well the 2 networks that I'm connecting, one is 10.xxx.xxx.xxx and the other one is 192.168.xxx.xxx so I hope it wouldn't be a subnet issue (255.255.255.0). I'm not sure what to put in for the domain name on the "IP + Domain Name (FQDN) Authentication" I didn't setup a domain so it would be whatever the default for the RVxxx is.
     
  11. cfinic

    cfinic LI Guru Member

    Also, on a side note I am able to connect via "PPTP/ VPN Client Access" to both routers.
     
  12. cfinic

    cfinic LI Guru Member

    That is client to gateway not gateway to gateway though.

    Here's the log that I get when I press the connect button:
    Nov 13 09:29:19 2007 VPN Log Initiating Main Mode to replace #4360
    Nov 13 09:29:19 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
    Nov 13 09:29:19 2007 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
    Nov 13 09:29:19 2007 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet
    Nov 13 09:29:19 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet
    Nov 13 09:29:19 2007 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet
    Nov 13 09:29:20 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet
    Nov 13 09:29:26 2007 VPN Log Initiating Main Mode
    Nov 13 09:29:26 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
    Nov 13 09:29:26 2007 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
    Nov 13 09:29:26 2007 VPN Log [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
    Nov 13 09:29:26 2007 VPN Log [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
    Nov 13 09:29:26 2007 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
    Nov 13 09:29:26 2007 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet
    Nov 13 09:29:26 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet
    Nov 13 09:29:26 2007 VPN Log [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
    Nov 13 09:29:27 2007 VPN Log [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
    Nov 13 09:29:27 2007 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet
    Nov 13 09:29:27 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet
    Nov 13 09:29:27 2007 VPN Log [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
    Nov 13 09:29:27 2007 VPN Log Main mode peer ID is ID_IPV4_ADDR: 'xxx.xxx.xxx.xxx'
    Nov 13 09:29:27 2007 VPN Log [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet
    Nov 13 09:29:27 2007 VPN Log [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
    Nov 13 09:29:27 2007 VPN Log [Tunnel Negotiation Info] Initiator Cookies = 80d1 c151 bbb0 f737
    Nov 13 09:29:27 2007 VPN Log [Tunnel Negotiation Info] Responder Cookies = 1ec2 8d2a b999 6b8d
    Nov 13 09:29:30 2007 VPN Log Phase 1 message is part of an unknown exchange
    Nov 13 09:29:37 2007 VPN Log Retransmitting in response to duplicate packet; already STATE_MAIN_R3
    Nov 13 09:29:37 2007 VPN Log Discarding duplicate packet; already STATE_MAIN_I3

    then it keeps repeating:
    Nov 13 11:18:37 2007 VPN Log Initiating Main Mode to replace #4471
    Nov 13 11:18:37 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
    Nov 13 11:18:37 2007 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
    Nov 13 11:18:37 2007 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet
    Nov 13 11:18:37 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet
    Nov 13 11:18:38 2007 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet
    Nov 13 11:18:38 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet
    Nov 13 11:18:48 2007 VPN Log Discarding duplicate packet; already STATE_MAIN_I3
    Nov 13 11:19:48 2007 VPN Log Initiating Main Mode to replace #4472
     
  13. cfinic

    cfinic LI Guru Member

    Logs still saying the same thing. Just as a note the setup is like this:

    Comcast ISP>> Motarola Surfboard Cable modem>> WRT150N>(DMZ)> Wan 1 RV042 Wan 2<< Quest DSL modem. Still unable to connect, VPN is setup on WAN 1 and the RV016 shows the correct DNS resolution. Any Ideas (admin/Mods on vacation again?)
     
  14. puchito

    puchito Guest

    hi, i have a familiar problem, i can connect the vpn between 2 x rv016, but i cant ping between de pcs of bouth networks.
    rv016 a - 192.168.200.0/255.255.255.0 and rv016 b - 192.168.201.0/255.255.255.0
    any ideas??
     
  15. gscudjoe

    gscudjoe Guest

    I've been trying to setup Gateway-to-Gateway VPN with two RV042 to no avail. I have to also enable port forwarding on both gateway for remote access to some workstations behind each gateway. A step-by-step guide from anyone would be heaven sent.
    thanks in anticipation
     
  16. vpnuser

    vpnuser LI Guru Member

    I found the appendix I and J of the user guide of RVL200 quite helpful. It can be downloaded from linksys.com.
     
  17. cfinic

    cfinic LI Guru Member

    Well I tried looking up the manual, but "the file may be missing or corrupted" as my Adobe Reader is saying.

    See Mods, not just me with this issue... A little more help on this ¿por favor?

    I thought at first it might be because its behind the WRT150N but then I realized I am able to make a client to gateway connection to the location so it can't be that.

    HELP!!!! PLEASE!!!!
     
  18. cfinic

    cfinic LI Guru Member

    bump, Anyone? Anyone?

    I tried downloading the Beta firmware for both, but they are non-downloadable in the download section (I find them click the link but nada) please is anyone has sucessfully completed this task please let em know what I'm doing wrong...but the lack of respoce from this forum is very disheartening...
     
  19. pablito

    pablito Network Guru Member

    Are you setting both ends with NAT-T (NAT traversal)? You are passing phase 1 but not phase 2. We don't know your settings so hard to say. Why have a device in front of the RV when the RV is a firewall and can sit on the actual WAN?
    Lots of possible answers.
    And yes many of us have setup gateway to gateway VPNs, we wouldn't buy an RV otherwise.
     
  20. cfinic

    cfinic LI Guru Member

    The settings are stock except the VPN setup (which is listed on page 1) and the log is listed above. What all would I need to list about my settings to help understand what's going on.

    And thank you for replying, its good to know someone's listening.
     
  21. cfinic

    cfinic LI Guru Member

    I think I may have figured out what it is. Looking at the most recent log it says the remote gateway is 192.168.1.xxx which is the static IP I have it setup for behind the WRT150N. I couldn't locate any NAT on the WRT150N so I'm guessing that's where the problem is originating. I will have to mess with this when my bosses are not here, so the week of the 25th looks like my best bet.
     
  22. pablito

    pablito Network Guru Member

    I asked for the settings because what is shown on the first page is wrong and I told you they were.
    So, like I said, turn off aggressive mode and turn on NAT traversal. Now that you noticed the private IP in the logs (that you didn't show us), that is why. RTFM.
     
  23. cfinic

    cfinic LI Guru Member

    [​IMG]

    Here's the current settings that I have and it still won't connect, I went through and read th manual (again) and didn't see anything that I didn't catch the first time. I searched for something that I may have missed but I'm still :confused:
     
  24. pablito

    pablito Network Guru Member

    And the settings for the other side?
     
  25. cfinic

    cfinic LI Guru Member

    Basically the top 2 boxes reversed for the other side, but it appears to be working, I guess it was turning on the NAT traversal that did it... although they weren't working last night. Thanks pablito.
     

Share This Page