1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help!!! Site to site RV016

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by cfinic, Mar 1, 2008.

  1. cfinic

    cfinic LI Guru Member

    So we're moving offices, the only thing I've changed on the VPN is the new static IP. Now when I try to connect the VPN kicks back an error.

    Here's how the VPN is setup.
    Chicago:
    Static IP
    Has internet ID of 10.x.x.x

    Colorado:
    DHCP w/ DDNS account (confirmed working)
    Behind another Linksys router which is connected to the cable.

    The Colorado Log:
    Mar 1 08:43:17 2008 VPN Log Initiating Main Mode to replace #12
    Mar 1 08:43:17 2008 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
    Mar 1 08:43:17 2008 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
    Mar 1 08:43:17 2008 VPN Log Received Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-03]
    Mar 1 08:43:17 2008 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet
    Mar 1 08:43:17 2008 VPN Log [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet
    Mar 1 08:43:17 2008 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet
    Mar 1 08:43:17 2008 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet
    Mar 1 08:43:17 2008 VPN Log [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet
    Mar 1 08:43:17 2008 VPN Log Main mode peer ID is ID_IPV4_ADDR: '192.168.1.11'

    Mar 1 08:43:17 2008 VPN Log We require peer to have ID 'x.x.x.x', but peer declares '192.168.1.11'

    Mar 1 08:43:19 2008 VPN Log Initiating Main Mode
    Mar 1 08:43:19 2008 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
    Mar 1 08:43:19 2008 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
    Mar 1 08:43:19 2008 VPN Log Received Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-03]
    Mar 1 08:43:19 2008 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet
    Mar 1 08:43:19 2008 VPN Log [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet
    Mar 1 08:43:19 2008 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet
    Mar 1 08:43:19 2008 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet
    Mar 1 08:43:19 2008 VPN Log [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet
    Mar 1 08:43:19 2008 VPN Log Main mode peer ID is ID_IPV4_ADDR: '192.168.1.11'
    Mar 1 08:43:19 2008 VPN Log We require peer to have ID '75.70.110.246', but peer declares '192.168.1.11'
    Mar 1 08:43:22 2008 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
    Mar 1 08:43:22 2008 VPN Log Received Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-03]
    Mar 1 08:43:22 2008 VPN Log Ignoring Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-02]
    Mar 1 08:43:22 2008 VPN Log Ignoring Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-00]
    Mar 1 08:43:22 2008 VPN Log [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
    Mar 1 08:43:22 2008 VPN Log [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
    Mar 1 08:43:22 2008 VPN Log [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
    Mar 1 08:43:22 2008 VPN Log [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
    Mar 1 08:43:22 2008 VPN Log [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
    Mar 1 08:43:22 2008 VPN Log Main mode peer ID is ID_IPV4_ADDR: '192.168.1.11'
    Mar 1 08:43:22 2008 VPN Log No suitable connection for peer '192.168.1.11', Please check Phase 1 ID value
     
  2. Toxic

    Toxic Administrator Staff Member

    have you tried rebooting the routers?
     
  3. cfinic

    cfinic LI Guru Member

    Yes, I have restarted both, I didn't create a backup, reset to factory default, then restore the settings...

    It comes up with the same log error that the VPN is expecting IP x.x.x.x and comes up with the 192.168.1.11, which is the router's address behind the residential router WRT150N (which is setup to allow all VPN pass through)

    Like I said, it appears to be the Colorado side causing the issue, but the only thing that I changed was the IP address of the Chicago router.
     
  4. cfinic

    cfinic LI Guru Member

    Ok, so here's what I'm assuming the setup is:

    10.x.x.1 Chicago RV016 (10.y.y.2) --> 10.y.y.1 ISP/business Router (Static IP) --> Internet <-- (Dynamic IP) WRT150N 192.168.1.1 <-- (192.168.1.11) RV016 192.168.2.1

    I have NAT turned "on" on the WRT150N and the ISP/IT guy said he had it turned "on" on the ISP/business router.
     
  5. cfinic

    cfinic LI Guru Member

    Mar 5 12:08:56 2008 VPN Log Main mode peer ID is ID_IPV4_ADDR: '192.168.1.11'
    Mar 5 12:08:56 2008 VPN Log No suitable connection for peer '192.168.1.11', Please check Phase 1 ID value
    Mar 5 12:09:06 2008 VPN Log [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
    Mar 5 12:09:06 2008 VPN Log Main mode peer ID is ID_IPV4_ADDR: '192.168.1.11'
    Mar 5 12:09:06 2008 VPN Log No suitable connection for peer '192.168.1.11', Please check Phase 1 ID value

    this is where I believe the error is, I just can't figure out why its not connecting when I didn't really change anything (just the IP address of the Chicago router)
     
  6. cfinic

    cfinic LI Guru Member

    Ok so I was reading on a Cisco forum (via Google) and I decided to try Aggressive mode as suggested in the form post: http://www.astaro.org/showthread.php?t=11463

    This is the error I'm getting now.

    Mar 5 12:17:32 2008 VPN Log [Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 1st packet
    Mar 5 12:17:32 2008 VPN Log Aggressive mode peer ID is ID_IPV4_ADDR: '192.168.1.11'
    Mar 5 12:17:32 2008 VPN Log No suitable connection for peer '192.168.1.11', Please check Phase 1 ID value
    Mar 5 12:17:32 2008 VPN Log initial Aggressive Mode packet claiming to be from x.x.x.x on x.x.x.x but no connection has been authorized,please check peer ID

    What am I missing here?
     
  7. cfinic

    cfinic LI Guru Member

    Ok (because you guys have been so helpful, I will keep you informed)

    This is how it is setup now:

    LAN IP 10.86.x.x {Il RV016} Public IP 10.50.x.x --> LAN IP 10.50.x.x {Business router} Static IP --> Internet <-- Static IP {Business Router} LAN IP 10.1.x.x <-- Public IP 10.1.x.x {Co RV016} LAN IP 192.168.x.x

    I get the same message from both sides:

    Mar 5 16:05:59 2008 VPN Log Aggressive mode peer ID is ID_IPV4_ADDR: '10.1.10.11'
    Mar 5 16:05:59 2008 VPN Log No suitable connection for peer 'RV016 Public IP', Please check Phase 1 ID value
    Mar 5 16:05:59 2008 VPN Log initial Aggressive Mode packet claiming to be from "Static IP" on "Static IP" but no connection has been authorized,please check peer ID

    Again, I have NAT and all forward options on that I could find on our gateway... Seriously can anyone help me with this PLEASE!!!
     
  8. cfinic

    cfinic LI Guru Member

    Again, because you guys have been so helpful I will continue to inform you of the updates.

    I contacted my ISP for the Colorado Location. Even though NAT, DMZ, all the options were turned on it still wouldn't connect. They turned the Cable modem/router into just a Modem, I entered in the Static IP information and it connected right away (Well on the Colorado Side anyway) now I have to contact the Chicago ISP and do the same thing.
     
  9. cfinic

    cfinic LI Guru Member

    Anyone?
     

Share This Page