1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV042+RV042 Dual Wan connection with VPN tunnel

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Alexander G. Bykov, Nov 24, 2007.

  1. Alexander G. Bykov

    Alexander G. Bykov LI Guru Member

    Hi all, I can't resolve the following task.

    Routers RV042 with firware version 1.3.10

    I have 2 offices and I need VPN session between them. One of offices has connection to 2 ISP (ADSL modem + static IP) and I use one of RV042 in SmartLink backup mode. Another office has static IP and single connection to ISP.

    At both of ends I use DDNS service for resolving router's WAN IPs.

    In office with Dual Wan I have VPN tunnel settings assigned to port WAN1. Until the primary WAN is up, everithing is OK. When it's down, router switches to Backup line (WAN2). As result I have internet connection but have no VPN between offices because VPN remains assigned to WAN1 which is down.

    I can't set up two identical VPN assigned to different WANs because of conflict in Remote Security Group (identical IP and masks).

    I did not find any info in forums about such task and troubles and I can't belive that I'm the fisrt who is trying to solve it.

    Thanks in advance for any recommendations.
     
  2. vpnuser

    vpnuser LI Guru Member

    You need a RV082, which supports VPN Backup.
     
  3. pablito

    pablito Network Guru Member

    Yes the RV082 will do this nicely. Beware that the RV016 *doesn't* have backup VPN. I made the mistake by upgrading and assumed it would have backup VPN. hint, firmware fix...

    The inability to setup conflicting subnets is my pet peeve with the RVs. In this mentioned scenario the subnets are conflicting but might be nice if it could be done considering only one is active at a time. There are other scenarios that the RVs won't let you setup for the same reason even though only one subnet is apparently in conflict (perfectly IPSEC legal) such as in a star/hub setup and should work without a problem if the interface would only let you configure it.
     
  4. Alexander G. Bykov

    Alexander G. Bykov LI Guru Member

    Pablito, thanks a lot, it works!!

    Step by step for reaching the goal (to whom it may need):

    1. Connect to inet with WAN1
    2. Configure and test VPN for WAN1
    3. Disable VPN for WAN1
    4. Connect to inet with WAN2
    5. Configure and test VPN for WAN2
    6. Enable VPN for WAN1
    7. Switch connection to WAN1

    After listed steps you can have 2 identical VPN for different interfaces.

    For editing settings you should disable VPN for active connection and edit VPN for passive one. In other case router will message you about subnets conflict.

    Goodluck to all :).
     
  5. pablito

    pablito Network Guru Member

    Very interesting work around! The only problem is that you can't activate both tunnels and let it work as a backup (it gives the conflict error). But at least it is a bit easier now to switch although not on auto pilot.

    Hint to Linksys: fix this interface problem, it isn't a true conflict. Think star/hub VPNs, we can't do it properly because of the nagging error message.
     
  6. Alexander G. Bykov

    Alexander G. Bykov LI Guru Member

    The very best side of such solution that it's REAL workaround which do permits to activate both VPN settings at the moment and to have REAL backup channel with VPN. In my configuration it works :).
    As you can see in my step by step instruction at the end both of VPNs are active and are waiting for activation of necessary WAN interface.

    May be need one clarification:
    ----------------------------------------
    1. Connect to inet with WAN1
    2. Configure and test VPN for WAN1
    3. Disable VPN for WAN1
    4. Disconnect inet with WAN1
    5. Connect to inet with WAN2
    6. Configure and test VPN for WAN2
    7. Enable VPN for WAN1
    8. Switch connection to WAN1

    BOTH OF VPN are active and are waiting for active WAN interface!!!
     
  7. piotr.dobrogost

    piotr.dobrogost LI Guru Member

    Is there a chance that would work in the Load Balance setup as well?
     
  8. Alexander G. Bykov

    Alexander G. Bykov LI Guru Member

    Don't think so, because we'll have REAL routing conflict in case of Load Balance with two active channels at the moment.
     
  9. piotr.dobrogost

    piotr.dobrogost LI Guru Member

    Unless RV042 would be smart enough to bind VPN traffic to only one wan connection even in the Load Balance setup.
     
  10. hambrrrglar

    hambrrrglar Addicted to LI Member

    Wondering if anyone got the dual vpn backup to work? Seems that there should be an automatic setting for this.
     
  11. msevestre

    msevestre LI Guru Member

    Hi !

    I'm exactly in the same case as first post of the thread (one office with 2 DSL lines linked to RV042 and the other office with a RV042 and only one main line... both connected thruogh VPN).

    WAN failure do the correct switch (then internet connection remains active) but VPN is lost in case of WAN2 use

    I was also wondering if a real solution was provided by Linksys or if I must use the workaround that was nicely explained above... ?

    Thanks

    Matt
     

Share This Page