1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WR200 to WRV200 VPN Problems

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by TheProf, Jun 19, 2007.

  1. TheProf

    TheProf Network Guru Member

    If anyone can help, it will be greatly appreciated.

    I have 2 WRV200's and cannot for the life of me get them to establish a VPN connection. I need an IPSec LAN to LAN connection.

    Both ends have fixed IP adresses.

    Both ends are running the latest production release software (1.0.32.2)

    Both ends see each other but will not establish an IPSec connection.

    The PSK is the same (case sensitive).

    Both are connecting to the internet through a D-Link ADSL modem that allows full IP passthrough, has no firewall etc.

    They just won't establish the connection. ISP at both ends ar business ISP's, that do not throttle the VPN connection.

    I've spent hours trying toget this sorted. As I said earlier, *any* help will be appreciated.

    Andy.
     
  2. ifican

    ifican Network Guru Member

    what do the logs say? If they are not establishing a connection then some setting is off, your best bet at this point is to review the log to get an idea where it is hanging up.
     
  3. Baro

    Baro LI Guru Member

    I have no issues

    I have two WRV200 routers connected via an IPSEC VPN tunnel. They have been working flawlessly for over a month now.

    I had an earlier issue but I found out that it is because I had multiple IPSEC tunnels configured to accept the same kind of connection, so the router got confused and worked intermitently.

    If you have more than one tunnel configured on each end, try to disable the unneeded ones.

    BTW, I have the same firmware version.
     
  4. DocLarge

    DocLarge Super Moderator Staff Member Member

    Set both routers to "static ip" instead of "obtain ip automatically." I've mentioned this problem to the developers but it's still there. For some reason, the vpn will work fine on a cable modem connection, but when you put the wrv200 on an adsl connection, the vpn tunnels will only work if you set the router to "static ip" *shrug* Hey, it just works this way :)

    Jay
     
  5. Sfor

    Sfor Network Guru Member

    I've envountered a bug in the 1.0.32.2 firmware. The IPSec VPN tunnel was not working after each router reset. It was necesary to disable the tunnel, then to enable it again, after each reset.

    After changing the firmware to 1.0.33 the problem is gone.
     
  6. TheProf

    TheProf Network Guru Member

    Thanks for the replies everyone. I shall try all of the suggestions this weekend (June 24th), and keep you all posted as things progress. :) In the mean time, if you think of anything else that could help, then please post them. Andy.
     
  7. TheProf

    TheProf Network Guru Member

    Thanks

    Thanks Doc , the static IP setup worked, though I had to frig the gateway to an ip address 1 octet lower than the given IP address of the router, as it would not accept the IP address of the router as the gateway (even though on DHCP it gives this as the gateway). Maybe this is the problem with the ADSL connection. On my NTL cable at home, the Gateway is different from my IP. I know with one end I can regrade connection to an 8-IP NO NAT connection free of charge. The other end is owned by Pipex. I see a MAC request coming on for Pipex.

    Andy
     
  8. Chachap

    Chachap Guest

    IPsec VPN between WRV200 and WRV200

    This config works with dynamic IP: (Firmware 1.0.33 beta) (at least since 2 hours :) )

    (remember to add local routes to access the remote Network throu the tunnel)


    ###########################################
    Router1

    VPN Passthrough
    IPSec Passthrough: Disabled
    PPTP Passthrough: Enabled
    L2TP Passthrough: Enabled

    IPSec VPN

    Tunnel Entry: Tunnel A
    VPN Tunnel: Enabled
    Tunnel Name: ATunnel
    NAT-Traversal: Disabled
    ________________________________________
    Local Secure Group
    Type: Subnet
    IP Adress: 192.168.1.0
    Mask: 255.255.255.0
    ________________________________________
    Remote Secure Group
    Type: Subnet
    IP Adress: 192.168.2.0
    Mask: 255.255.255.0
    ________________________________________
    Remote Secure Gateway
    Type: Any

    (This Gateway accepts request from any IP Address!)

    ###########################################
    Router2

    VPN Passthrough
    IPSec Passthrough: Enabled
    PPTP Passthrough: Enabled
    L2TP Passthrough: Enabled

    IPSec VPN

    Tunnel Entry: Tunnel A
    VPN Tunnel: Enabled
    Tunnel Name: ATunnel
    NAT-Traversal: Disabled
    ________________________________________
    Local Secure Group
    Type: Subnet
    IP Adress: 192.168.2.0
    Mask: 255.255.255.0
    ________________________________________
    Remote Secure Group
    Type: Subnet
    IP Adress: 192.168.1.0
    Mask: 255.255.255.0
    ________________________________________
    Remote Secure Gateway
    Type: FQDN
    router1.dyndns.org


    ###########################################
    Both Routers:

    Key Management
    Key Exchange Method: Auto(IKE)
    Operation Mode: Main
    ISAKMP Encryption Method: 3DES
    ISAKMP Authentication Method: MD5
    ISAKMP DH Group: Group 2: 1024-bits
    ISAKMP Key Lifetime (s): 57600
    PFS: Enabled
    IPSec Encryption Method: 3DES
    IPSec Authentication Method: MD5
    IPSec DH Group: The group is the same as ISAKMP.
    IPSec Key Lifetime(s): 36000
    Pre-Shared Key:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    ________________________________________
    Tunnel Options
    Enabled: Dead Peer Detection
    Detection Delay(s): 30
    Detection Timeout(s): 120
    DPD Action: Recover Connection
    Enabled: If IKE failed more than 5 times, block this unauthorized IP for 60 seconds
    Enabled: Anti-replay
     
  9. draught

    draught LI Guru Member

    well...the config above works fine...for a couple of hours!
    every morning i have to manually restart the router where the secure gateway is configured! after rebooting the router the tunnel works fine for the rest of the day.

    is there any solution for my problem? is there anybody else who has this problem?
     
  10. Baro

    Baro LI Guru Member

    I have a very similar configuration. It works for about 5-8 days before I have to reset the routers on both ends.
     
  11. Baro

    Baro LI Guru Member

    Is there a reason why you changed the default value of ISAKMP Key Lifetime from 28800 to 57600?

    Thank you
     

Share This Page