1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV042 <-> RV016 Gateway to Gateway VPN

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Billsey, Oct 10, 2008.

  1. Billsey

    Billsey LI Guru Member

    I replaced one of my RV042s with an RV016 today and my gateway to gateway VPN doesn't connect any more... The parameters are exactly the same as before with the two RV042s. Is there something different with the RV016 that I'm missing?

    Here's the configuration:

    DSL line with DHCP has RV042
    Phase2 Enc/Auth/Grp: DES/MD5/1
    Local Group: 192.168.7.0 255.255.255.0
    Remote Group: 172.20.0.0 255.255.0.0
    Remote Gateway: x.y.z.248 (public IP)

    The local group is using Dynamic IP + E-mail Addr (USER FQDN) gateway type
    The remote group is using IP Only gateway type

    They're both using the same preshared key (10 characters, a mix of numbers and letters using both upper and lower case)

    Advanced shows Aggressive Mode, Keep-Alive and Dead Peer Detection (Interval 30 seconds, but I also tried the default 10 seconds)

    Excerpt from log file on local end:
    Oct 7 01:19:47 2008 VPN Log [Tunnel Negotiation Info] Responder Cookies = 4ef3 5e65 b58a 3e75
    Oct 7 01:20:10 2008 VPN Log Informational Exchange is for an unknown (expired?) SA
    Oct 7 01:37:56 2008 VPN Log initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+AGGRESSIVE to replace #842
    Oct 7 01:37:56 2008 VPN Log [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet
    Oct 7 01:37:56 2008 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Quick Mode 2nd packet
    Oct 7 01:37:56 2008 VPN Log [Tunnel Negotiation Info] Inbound SPI value = cea45eba
    Oct 7 01:37:56 2008 VPN Log [Tunnel Negotiation Info] Outbound SPI value = 3436867f
    Oct 7 01:37:56 2008 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Quick Mode 3rd packet
    Oct 7 01:37:56 2008 VPN Log [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
    Oct 7 01:37:56 2008 VPN Log Dead Peer Detection Start, DPD delay timer=10 sec timeout=10 sec

    Matching excerpt from log file on remote end:
    May 3 01:41:30 2006 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
    May 3 01:41:30 2006 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
    May 3 01:41:30 2006 Connection Accepted UDP a.b.c.45:500->x.y.z.248:500 on ixp1
    May 3 01:41:30 2006 VPN Log [Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 1st packet
    May 3 01:41:30 2006 VPN Log Aggressive mode peer ID is ID_USER_FQDN: 'name@domain.com'
    May 3 01:41:30 2006 VPN Log Responding to Aggressive Mode from a.b.c.45
    May 3 01:41:30 2006 VPN Log [Tunnel Negotiation Info] >>> Responder Send Aggressive Mode 2nd packet

    Anyone have any ideas as to what's going wrong? I'm guessing there's something left over that makes the RV042 expect the other RV042 at the other end, and rejects because it's the RV016 instead, but it could always be something entirely different. :frown:

    Could it have something to do with the NTP server not working? (I see the time is off by a couple of years)
     
  2. Billsey

    Billsey LI Guru Member

    After some diagnostics, I pretty much determined that the problem was with a bad port on the RV016, and the kind folks at Linksys concurred. We've got a replacement on the way...
     

Share This Page