1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV042 to RV042 problems

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by jtruelove, Sep 17, 2007.

  1. jtruelove

    jtruelove LI Guru Member

    I have 2 new RV042 and I am trying to get them connected site-to-site.

    I can get the VPN tunnel established between the 2 devices but have problems accessing devices on the other side.

    Corporate LAN is
    Branch Office is 192.168.1.x

    The corporate LAN in the range is connected to Cisco 4006 switch Sup3 switch/router.

    Once the tunnel is connected from the remote VPN I can ping the LAN interface of the Corp. VPN LAN but nothing else on that subnet or any other subnet in the range.

    I have called Linksys support (twice) and they have not been able to help me, that's a whole different story all together.

    I am running the latest firmware of in Gateway mode.

    I have tried using all zero's for the local and remote group but that did not work, static routes, and router mode.

    Does anyone have any suggestions that can help me ?

  2. Sfor

    Sfor Network Guru Member

    I'm using RV042 (with the same firmware as yours) and two WRV200 in a triangle shaped VPN network. Everything is working quite fine.

    Can you post some details about your VPN tunnel settings? I found the simplest way to do so is to copy/paste them from the VPN-Summary-Detail page.
  3. jtruelove

    jtruelove LI Guru Member

    Sure, here is more detail.

    I have the VPN policy setup with the same IPSec setttings. I am using subnet grouping for both local and remote security.

    I have attached 2 files with the VPN tab on both devices.

    It shows that the tunnel is connected and I can ping the LAN interfaces
    on each end, just nothing else. For example, is also on the Corp. LAN that the RV042 is connected and the remote can't ping it.


    Attached Files:

  4. Sfor

    Sfor Network Guru Member

    It looks quite fine, to me. The difference is I'm using 3DES/MD5 instead of DES/MD5/1.
  5. Sfor

    Sfor Network Guru Member

    This means the traffic from you is reaching the target, but the answer is heading to the Cisco 4006 probably. You need to add a routing rule to the Cisco 4006 in order to poin the traffic to 192.168.1,x to the RV042.

    I'll bet the Cisco 4006 is directing traffic to the internet, instead to the RV042.

    In order for the computers to answer your pings, they have to have the RV042 set as a gateway, or the Cisco 4006 have to route the traffic to the RV042.
  6. jtruelove

    jtruelove LI Guru Member

    I changed it to 3DES/MD5, still no luck.

    I just hard reset the Corp. VPN, now off to remote site to hard reset it and reconfigure.

    I will see if that helps any.
  7. Sfor

    Sfor Network Guru Member

    More informations about the LAN is needed, I believe.

    The key factor is how the RV042 and Cisco 4006 are connected to the LAN. Most important is what device is the DHCP server (if any, and with what settings). And what settings the corporate LAN devices you are trying to access have.
  8. jtruelove

    jtruelove LI Guru Member

    The RV042 and the 4006 are on the same VLAN.

    The 4006 is running HSRP and has a gateway of 98.254.
    The RV042 is configured with 98.1, I just changed it to this address after hard reset.

    DHCP server will hand out the information according to VLAN.
    Devices on VLAN 60 - have a gateway of and so on.

    I have another device that is on VLAN 98 or subnet It's address is and has a gateway of

    The Corp. RV042 can ping the devices but the remote can not when connected with the VPN tunnel.
  9. Sfor

    Sfor Network Guru Member

    The remote LAN has a different subnet then the corporate LAN. The ping goes through the tunnel then to the targetted device. The answer goes to the gateway, because the LAN the answer is adressed to is outside of the local LAN mask. The problem is to direct the answer back to corporate RV042. So, as the result, the answer to pings goes to instead of

    It is necesary to route the answer to 98.1 from 98.254, or to change the DHCP to set the RV042 98.1 as the gateway, then route all traffic (with exception of the remote LAN) from the RV042 to 98.254

    The data you wish to get to your remote LAN have to bound corporate RV042, before going through the VPN tunnel.
  10. jtruelove

    jtruelove LI Guru Member

    I understand what you are saying but this presents a new problem.

    The remote office has a subnet of which is also connected to a Cisco 2811 router that is connected to Sprint's MPLS network.

    It's kinda of a WAN but looks more like a LAN.

    If I go changing default gateways or placing static routes in the 4006 this will cause problems for the MPLS circuit. Receive traffic in MPLS but send out VPN cable modem connection.

    I was wanting to have a MPLS circuit and a cable modem as a backup/load balanced or better yet certain traffic goes across the MPLS unless a failure occurs. All other type of traffic goes across the RV042.

    How can I use the RV042 for this type of configuration ?
    Can I change these devices to routers and use RIP or static routes ?
    I did try some of that and was not able to get things to work.

    I attached a drawing of what we have / would like.
    I changed external ips.

    I know things just got a whole lot more difficult.

    Thanks for your help, it's much appreciated.

    Attached Files:

  11. ifican

    ifican Network Guru Member

    I believe Sfor is correct however we still do not have enough information, your network goes all over the place and without having a better idea of how it all connects it really hard to guess. However it sounds like a static route in the 4006 would at least fix the 192.168 routing issue and it will not have any effect on your overall network traffic. The static route at the 4006 simply tells it to send anything destined for the 192.168 network to the rv042, unless that happens the traffic as stated tries to exit your default route.
  12. jtruelove

    jtruelove LI Guru Member

    I hope I can clear things up.

    The MPLS network is straight forward and clean. Corp. 2811 to Remote 2811, one subnet at remote site. That part has been working for some time now without any problems.

    Trying to get this backup link with load balancing is what is making it more difficult.

    The network already has a route in the 4006. It's running EIGRP and the remote 2811 is also running EIGRP across Sprint's MPLS network.
    The gateway for the route points back to the MPLS router at the corp. network.
    If I add a static route, I believe I would run into problems ???

    Traffic comes in via MPLS network and goes to 4006 via 2811,
    4006 directs it to end device,
    end device processes data then points it back to 4006,
    4006 static route sends it to VPN
    right ???

    I am open for suggestions, does anyone have a diagram of something similar ?

    Any other information that I can provide, please let me know.

    Thanks for help.
  13. Sfor

    Sfor Network Guru Member

    Since the 4006 router is placed behind 2811 router it can not direct data back to the RV042.

    If you want to direct traffic to the RV042 and then through the VPN you have to make a routing rule in the 2811 router, I believe.

    Another problem is, you can not have both channels running at the same time. The connection has to go through RV042 VPN or through MPLS network. Certainly not both. The exception would be to use RV042 in a Load ballance mode.
  14. jtruelove

    jtruelove LI Guru Member

    That is what I would like to do. Use the RV042 in a load balanced mode, sorta.

    If I use access list(s) and access rules on the RV042, I would like to direct certain traffic to the MPLS network unless there is a failure.

    Otherwise all other traffic would goes across the RV042 again unless their was a failure.

    I can changed things around at the remote site if needed, just not sure how to go about it. Corp. site would be more difficult to change.

    I guess worse case would be to just use the cable connection as a backup to the MPLS network.

    I can't be the first to attempt something like this or I wouldn't think I would be.

  15. Sfor

    Sfor Network Guru Member

    With the backup connection I see one possible problem. Both RV042 have to switch to the backup connection in the same time.

    The backup dual WAN mode will switch between WAN ports, so all the traffic will go through one WAN port or the other. I see no way to direct just some of the traffic through the backup connection. It's all or nothing solution, I believe.

    As for the load ballance setting. It's much more nimble. I know a bit too little about it to be sure what the router will do in this mode.
  16. ifican

    ifican Network Guru Member

    Ok a couple more questions for me, is your picture accurate as to what is now going on?

    At the Corp you have 4006, RV, 2950 Router (is this a router different model number or is it a 2950 switch?).

    Is the only IGP running eigrp between the 2811's?

    Are the RV's at both sites connect lan side to their respective internal networks and already have a wan connection out? (relates to first question)
  17. jtruelove

    jtruelove LI Guru Member


    The picture is pretty much correct, i have been testing different configurations.

    Corp side has the following:

    Internet->RV02->4006 which also connected to 2811 router for MPLS.

    Remote side has the following:
    Internet->Cable Modem->RV042->2950 switch which is also connected to 2811 router for MPLS.

    Yes, EIGRP only, running on 2811 routers and 4006.

    Yes, both RV's are connected to LAN side with Internet connections out.
    The VPN tunnel gets established between the RV's with no problems.

    I am starting to believe that the only way I will get this to work is with EIGRP routers not an RV042. Which means I would need to get something like a 1700 or 1800 series router or other device.
    The dual wan option seemed interesting.

    I guess I could try something like RIP on the routers and the RV's to see if that would work.

    I need a way that the route can become dead thus using the other route(s), like a routing protocol.

    I did get a PC to use the VPN connection with static routes on the PC but that won't work. Route goes down, no connection. Not to mention it's messy.

    Thanks for you help.

Share This Page