IPSEC Tunnel trouble between two VRW200

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by mitokde, Jul 31, 2009.

  1. mitokde

    mitokde LI Guru Member


    First...a note of disappointment: Linksys tech support seems to say: "You have selected a product that is not supported via Linksys Chat." I am not sure why...is it not supported model any more?

    Anyway...the real problem I have is:

    I got 2 sites. Both use a VRW200 router with Firmware Version: 1.0.39 .
    The routers do their job nice on LAN and WAN and WLAN.

    I need to connect the 2 sites via VPN IPSEC tunnel to ensure resources can be shared...imagine as a mini branch office and a Small main office.

    QuickVPN works nice for both, that is how I can manage both routers from home, but we need more, a tunnel between the 2 networks.

    I set up the tunnel on both ends using exact same settings, except, the branch accepts connections from ANY and main office calls branch by FDQN using dyndns.

    In VPN summary of the Branch, the status is ANY, in the office it is T (Try to connect to Remote Peer.)
    The connection seems to be up for a while...not short, but less than a day even with this T status, but it never becomes C and it disconnects eventually.

    Pasting here details of VPN tunnel from main office (altered the IP adresses a little bit but consequently):
    000 "TunnelA": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
    000 "TunnelA": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 60s; rekey_fuzz: 100%; keyingtries: 5
    000 "TunnelA": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24; interface: eth0;
    000 "TunnelA": dpd: action:restart; delay:30; timeout:120;
    000 "TunnelA": newest ISAKMP SA: #304; newest IPsec SA: #305;
    000 "TunnelA": IKE algorithms wanted: 5_000-2-2, flags=strict
    000 "TunnelA": IKE algorithms found: 5_192-2_096-2,
    000 "TunnelA": IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024
    000 "TunnelA": ESP algorithms wanted: 3_000-2, flags=strict
    000 "TunnelA": ESP algorithms loaded: 3_000-2, flags=strict
    000 "TunnelA": ESP algorithm newest: 3DES_0-HMAC_SHA1; pfsgroup=<Phase1>
    000 #305: "TunnelA":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 1773s; newest IPSEC; eroute owner
    000 #305: "TunnelA" esp.c39ac5f0@ esp.f2a0f6d9@ tun.11da@ tun.11d9@
    000 #304: "TunnelA":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 26954s; newest ISAKMP; lastdpd=26s(seq in:432 out:0)

    Please anyone can help me to get a C into connection status?
  2. Sfor

    Sfor Network Guru Member

    The WRV200 has an issue with incorrect tunnel status reporting, when the other end is on DDNS. In such a case it always says T, when it schould say C.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice