1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[RV082] <-> [BESFX41] VPN Problem

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by jprochal, Jul 9, 2008.

  1. jprochal

    jprochal Addicted to LI Member

    I want to make VPn connection using RV082 and befsx41, but I can't establish connection. I attached my configuration and logs.

    RV082 <-> Internet <-> SMC 8014 -> BESFX41

    RV082 is directly connected to the internet over WAN1 port.

    BESFX41 is connected to comcast Router ( SMC8014 ). Configuration as below :


    SMC8014 :
    - Lan IP : 192.168.1.11
    - DMZ to 192.168.1.2
    - WAN IP : 76.16.43.XXX

    Linksys BESFX41 ( 1.45.3 ):

    - WAN IP : 192.168.1.2
    - Local IP 192.168.1.1
    - Remote Managment works.
    - Block WAN request : disabled

    Linksys RV082 :

    - WAN IP : 75.54.8.XXX
    - Remote Managment works.
    - Block WAN request : disabled

    On both linksys i set up the same vpn configuration :

    RV082 :
    - DES/MD5/1
    - Local group : 192.168.0.0 255.255.255.0
    - Remote group : 192.168.1.0 255.255.255.0
    - Remote gateway : Comcast IP address : 76.16.43.XXX

    BESFX41 :

    - DES MD5 ISAKMP PFS
    - Local group : 192.168.1.0 255.255.255.0
    - Remote group : 192.168.0.0 255.255.255.0
    - Remote Gateway : Linksys WAN1 Static IP. 75.54.8.XXX

    RV082 Logs :

    Initiating Main Mode
    Jul 9 07:51:15 2008 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
    Jul 9 07:51:16 2008 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet
    Jul 9 07:51:16 2008 VPN Log [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet
    Jul 9 07:51:17 2008 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet
    Jul 9 07:51:17 2008 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet
    Jul 9 07:51:17 2008 VPN Log [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet
    Jul 9 07:51:17 2008 VPN Log Main mode peer ID is ID_IPV4_ADDR: '192.168.1.2'
    Jul 9 07:51:17 2008 VPN Log We require peer to have ID '76.16.43.XXX', but peer declares '192.168.1.2'
    Jul 9 07:51:17 2008 VPN Log [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
    Jul 9 07:51:17 2008 VPN Log [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
    Jul 9 07:51:18 2008 VPN Log [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
    Jul 9 07:51:18 2008 VPN Log [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
    Jul 9 07:51:19 2008 VPN Log [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
    Jul 9 07:51:19 2008 VPN Log Main mode peer ID is ID_IPV4_ADDR: '192.168.1.2'
    Jul 9 07:51:19 2008 VPN Log No suitable connection for peer '192.168.1.2', Please check Phase 1 ID value
    Jul 9 07:51:27 2008 VPN Log Received informational payload, type INVALID_PAYLOAD_TYPE
    Jul 9 07:51:29 2008 VPN Log [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
    Jul 9 07:51:29 2008 VPN Log Main mode peer ID is ID_IPV4_ADDR: '192.168.1.2'
    Jul 9 07:51:29 2008 VPN Log No suitable connection for peer '192.168.1.2', Please check Phase 1 ID value

    BESfx41 :

    00:26:30
    00:26:30 IKE[1] Tx >> MM_I1 : 75.54.8.XXX SA
    00:26:30 IKE[1] Rx << MM_R1 : 75.54.8.XXX SA, VID
    00:26:30 IKE[1] ISAKMP SA CKI=[5beeaf00 988e4475] CKR=[a1d171c9 1f9e15f4]
    00:26:30 IKE[1] ISAKMP SA DES / MD5 / PreShared / MODP_768 / 3600 sec (*3600 sec)
    00:26:30 IKE[1] Tx >> MM_I2 : 75.54.8.XXX KE, NONCE
    00:26:30 IKE[1] Rx << MM_R2 : 75.54.8.XXX KE, NONCE
    00:26:30 IKE[1] Tx >> MM_I3 : 75.54.8.XXX ID, HASH
    00:26:34 IKE[8] **Check your ISAKMP Pre-share Key setting !
    00:26:34 IKE[8] Tx >> Notify : INVALID-PAYLOAD-TYPE
    00:26:40 IKE[1] Rx << MM_R2 : 75.54.8.XXX KE, NONCE
    00:26:40 IKE[1] Tx >> MM_I3 : 75.54.8.XXX ID, HASH
    00:26:53 IKE[1] Rx << MM_I1 : 75.54.8.XXX SA, VID
    00:26:53 IKE[1] Tx >> MM_R1 : 75.54.8.XXX SA
    00:26:53 IKE[1] ISAKMP SA CKI=[97650b7a 64f26968] CKR=[6742bd88 decf5e1]
    00:26:53 IKE[1] ISAKMP SA DES / MD5 / PreShared / MODP_768 / 3600 sec (*3600 sec)
    00:26:54 IKE[1] Rx << MM_I2 : 75.54.8.XXX KE, NONCE
    00:26:54 IKE[1] Tx >> MM_R2 : 75.54.8.XXX KE, NONCE
    00:26:55 IKE[1] Rx << MM_I3 : 75.54.8.XXX ID, HASH
    00:26:55 IKE[1] Tx >> MM_R3 : 75.54.8.XXX ID, HASH
    00:27:00

    Thank you for help !!
     
  2. d__l

    d__l Network Guru Member

    Unless you can set that SMC8014 to pass the public IP through to the SX41 or bridge it somehow so that it is "transparent" to packets from the internet, I don't think you will be able to get your VPN tunnel up.

    Also you might consider a more reliable firmware for the SX41 such as the old standby 1.4.7 or 1.52.15.
     

Share This Page