1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV042 to RV042 (gw2gw VPN)

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by digit2006, Oct 11, 2006.

  1. digit2006

    digit2006 LI Guru Member

    I currently have 2 RV042's one at work, one at home. I have a direct fiber connection via PPOE to home and the same provider with a direct fiber line via PPOE @ work. I am able to get the 2 connected successfully and ping machines. I am even able to view all the machines on my work LAN at home under the same workgroup. The problem I run into is timing out. I can click on the computer name in the network list but when I try and view a share it says the network share is no longer available. My current MTU setting is 1450...

    Couple of questions:

    Q1: What is a recommended phase 1 and phase 2 group to use and what is a recommended phase 1 and phase 2 SA lifetime?

    Q2: Will dead peer detection (DPD) work in this case to reconnect when needed?

    Q3: Is there a way to use the home RV042 as a router via VPN to use the work RV042 as my remote gateway for DHCP? If so, are there any advantages?
     
  2. digit2006

    digit2006 LI Guru Member

    I just telnetd into my home RV042 and got the following for IPSEC in ifconfig:

    ipsec0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
    UP NOTRAILERS RUNNING MULTICAST MTU:16260 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:10
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)


    I noticed the PPTP connection had an MTU:1390...

    ipsec2 Link encap:point-Point Protocol
    inet addr:xxx.xxx.xxx.xxx Mask:xxx.xxx.xxx.xxx
    UP NOTRAILERS RUNNING MULTICAST MTU:1390 Metric:1
    RX packets:286 errors:0 dropped:0 overruns:0 frame:0
    TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:10
    RX bytes:27886 (27.2 kb) TX bytes:1352 (1.3 kb)



    Can I just telnet back in and run the following in shell? Or will that cause big problems?

    Code:
    ifconfig ipsec0 mtu 1450
    Thanks,

    Digit
     
  3. digit2006

    digit2006 LI Guru Member

    I was looking through more logs on the work RV042 and found this entry a few times:

    Code:
    Oct 11 05:47:33 2006	     Failed nat control 	    SIOCADNAT - File exists
    Would that be killing my network sharing over the VPN?

    At this point I can run putty over the vpn and use the web interface of both RV042's. Could it be a firewall issue?

    Thanks,

    Digit
     
  4. digit2006

    digit2006 LI Guru Member

    I finally got it to work... :thumbup:

    I had to set my local security group type to IP Range instead of subnet for both local and remote group setups. I also had to make my phase 1 SA (28800) longer then my phase 2 SA (3600). Lastly, I had to set my ipsec1 mtu to 1394 using telnet/shell.

    Just as a reference:

    PPPOE mtu is 1454 on both ends
    netbios and DPD are enabled in the advanced+ settings
    both RV042's are using firmware version beta 1.3.7.10

    Hope that helps others!

    Thanks,

    Digit
     

Share This Page