1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to VPN RVS4000 to RV042

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by elstar, Jun 30, 2007.

  1. elstar

    elstar LI Guru Member

    I am not having much success with this config
    1 x RV042 (firmware 1.3.8.2) at site1 and
    2 x rvs4000 at site 2
    with a VPN Tunnel between
    RVS4000 (1) (firmware 1.0.15) and RV042 WAN1 and
    RVS4000 (2) (firmware 1.0.13) and RV042 WAN2

    I have a RV042 with two ADSL Connections in Load Balance mode
    WAN1 has a NATed modem to connect to the interet
    WAN2 has a internet ip address via a bridged ADSL modem
    On the RV042 I have a tunnel defined as follows
    Tunnel No 2
    interface WAN2
    Local Group Setup
    Local Security Gateway Type: IP Only
    IP Address 165.227.70.25
    Local Security Group Type: Subnet
    IP address 10.0.2.0
    Subnet Mask 255.255.255.0
    Remote Group Setup
    Remote Security Gateway Type: IP Only
    ip address 203.111.70.189
    Remote Security Group Subnet
    IP Address 192.168.102.0
    Subnet Mask 255.255.255.0
    IPSEC Setup
    Keying Mode: IKE with Preshared key
    Phase1 DH Group: Group1
    Phase1 Encryption 3DES
    Phase1 Authentication: MD5
    Phase1 SA Life Time: 28800 Secs
    Perfect Forward Secrecy: ticked
    Phase2 DH Group: Group1
    Phase2 Encryption 3DES
    Phase2 Authentication: MD5
    Phase2 SA Life Time: 3600 Secs
    Preshared Key: MYFusmAuston678
    In Advanced
    I have just the one tick in Dead Peer Detection (DPD) Interval 10 seconds

    I have 2 RVS4000 which I have been trying to connect to the RV042 via VPN
    On the RVS4000 on internet address 203.111.70.189
    I have a VPN tunnel defined
    Local Security Group
    Subnet
    192.168.102.0
    subnet mask 255.255.255.0

    Remote Security Group
    Subnet 10.0.2.0
    Subnet Mask 255.255.255.0
    Remote Security Gateway
    ip address 165.227.70.25
    Key Management
    Auto IKE
    Encryption 3DES
    Authentication MD5
    PFS Enabled
    Pre-Shared Key: MYFusmAuston678
    Key Life Time: 28800 sec
    In the Advanced Page
    Phase1
    Operation mode: Main]Local Identity
    Remote Identity: Remote IP Address
    Encryption 3DES
    Authentification MD5
    Group 768-bit
    Key Life Time 28800 Sec
    Phase 2:
    Encryption 3DES
    Authentication MD5
    PFS Enable
    Group 768-Bit
    Key Life Time 28800 Sec.
     
  2. ifican

    ifican Network Guru Member

    I have not used an RV but many here have, though if it is doing true load balancing it would be doing asynchronous routing and that in itself would break any vpn. Try just connecting one wan link on the RV, checking settings and vpning to it. Then do the other, if they work independently you'll know its load balancing breaking the tunnels.
     
  3. Toxic

    Toxic Administrator Staff Member

    your phase2 on the first and last setups are different.

    Local Group Setup
    Local Security Gateway Type: IP Only
    IP Address 165.227.70.25
    Local Security Group Type: Subnet
    IP address 10.0.2.0
    Subnet Mask 255.255.255.0
    Remote Group Setup
    Remote Security Gateway Type: IP Only
    ip address 203.111.70.189
    Remote Security Group Subnet
    IP Address 192.168.102.0
    Subnet Mask 255.255.255.0
    IPSEC Setup
    Keying Mode: IKE with Preshared key
    Phase1 DH Group: Group1
    Phase1 Encryption 3DES
    Phase1 Authentication: MD5
    Phase1 SA Life Time: 28800 Secs
    Perfect Forward Secrecy: ticked
    Phase2 DH Group: Group1
    Phase2 Encryption 3DES
    Phase2 Authentication: MD5
    Phase2 SA Life Time: 3600 Secs
    Preshared Key: MYFusmAuston678
    In Advanced
    I have just the one tick in Dead Peer Detection (DPD) Interval 10 seconds

    I have 2 RVS4000 which I have been trying to connect to the RV042 via VPN
    On the RVS4000 on internet address 203.111.70.189
    I have a VPN tunnel defined
    Local Security Group
    Subnet
    192.168.102.0
    subnet mask 255.255.255.0

    Remote Security Group
    Subnet 10.0.2.0
    Subnet Mask 255.255.255.0
    Remote Security Gateway
    ip address 165.227.70.25
    Key Management
    Auto IKE
    Encryption 3DES
    Authentication MD5
    PFS Enabled
    Pre-Shared Key: MYFusmAuston678
    Key Life Time: 28800 sec
    In the Advanced Page
    Phase1
    Operation mode: Main]Local Identity
    Remote Identity: Remote IP Address
    Encryption 3DES
    Authentification MD5
    Group 768-bit
    Key Life Time 28800 Sec
    Phase 2:
    Encryption 3DES
    Authentication MD5
    PFS Enable
    Group 768-Bit
    Key Life Time 28800 Sec.
    Edit/Delete Message

    I hope for your sake you have used fake IP addreses!
     

Share This Page