1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WRV 200 to RV042 IPSec VPN problems

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Sfor, Sep 18, 2007.

  1. Sfor

    Sfor Network Guru Member

    RV042 to WRV200 IPSec VPN problems.

    Here is the story. I've made a triangle shaped VPN network with two WRV200 (1.0.33 and 1.0.34) and one RV042 (1.3.8).

    Yesterday, I've initiated the VPN tunnels from the RV042 side. It was working fine, but the tunnels died at night. Now, I'm unable to restart VPN tunnels from any WRV200.

    Here are the log entries each attempt to restart a tunnel generates:
    It always stops at this point with "Try to connect to Remote Peer" condition on the VPN summary page.

    It does appear I can restart the tunnel from RV042, but any WRV200 does not want to do so.
  2. ifican

    ifican Network Guru Member

    I would venture to guess that your wrv200 ip ranges are 10.96.2.x and .3.x? If this is the case i am thinking that for whatever reason the RV is getting confused. If these are the ip ranges what happens if you change it to a differet nat range 172 or 192?
  3. Sfor

    Sfor Network Guru Member

    Erm... What ranges are you referring to?

    The LAN IP subnets are for WRV200 and for the RV042.

    As for the WAN IP, I can not change it. WAN IP's are set by DHCP according to the registered MAC by the same Internet provider. They are in different subnets, but still in the same WAN. The traffic does not go through the Internet. It's quite a good solution, as I can get up to 100Mbit connection between both routers.

    Anyways, the WRV200 WAN IP is, while RV042
  4. ifican

    ifican Network Guru Member

    In the log you posted the rv complains of peer id sayin that it required peer to be Basically saying the tunnels was set to 3.41 and now the wrv is saying that it is 2.246.
  5. Sfor

    Sfor Network Guru Member

    Yes, but why the negotiation stops at this point. WRV200 was complaining yesterday, as well. Yet, the negotiation was not stopped.

    The only difference is the negotiation was started by RV040 yesterday.
  6. ifican

    ifican Network Guru Member

    Well what is happening is during phase1 main mode negotiation the routers have to verify the identity of the peer, this is failing and why the tunnel is not comming up. It should not work the other way either if you are seeing the same error.
  7. Sfor

    Sfor Network Guru Member

    Well. I've changed the WAN mode to static IP in the RV042, yesterday. It was working ever since, but another problem emerged.

    The maximum transfer over VPN is just 0.5Mbit/s. According to my ISP I should have 50-100Mbit/s connection. Between two WRV200 devices in the same WAN segment I'm getting 13Mbit/s transfers. So, I've contacted the Linksys support and I was told to try the 1.3.9 firmware.

    By the way. There is no information about the maximum VPN transfers available, in case of the RV042. The WRV200 is advertised as 30Mbit/s capable with 3DES encryption, but there is no indication about RV042 abilities.
  8. Sfor

    Sfor Network Guru Member

    When I bought the RV042 it was fitted with some older firmware version. The result was dropping the VPN connection every few minutes. I believe it was caused by WAN IP lease DHCP renew. With the the problem was gone. After the upgrade everything was working less then a day. The connection went down over night and I was unable to bring it back.

    The 1.3.9 firmware works for more than 2 days, already. The VPN works much better, so far. But, I changed the WAN setting to static IP.

    I do have some problems with too slow VPN traffic. So, I'm going to do some experiments, next week. I have to exclude the ISP fault from the equation. So, I decided to take my WRV200 with me, and to connect it to the same Ethernet segment as the RV042 is. I will be able to test the speed without ISP routing service involved in the process.

Share This Page