1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WRV200 VPN Tunnel to RV016

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by quazeye, Jan 19, 2008.

  1. quazeye

    quazeye LI Guru Member

    I have an RV016 with a static IP tunneling with a WRV200 with a dynamic IP and a registered dyndns.org hostname. I have not been successful tunneling with the Remote Security Gateway Type set as Dynamic IP + Domain Name(FQDN) on the RV016. I can establish the tunnel when I use IP Only/IP by DNS Resolved = host.dyndns.org. However, I imagine that tunnel will die once the WVR200 gets a new IP address. Has anyone ever got this tunneling to a dynamic IP thing to work as it should?

    Here are my tunnel settings if that helps.


    RV016 (firmware 2.0.17) Tunnel Config
    Tunnel No. = 1
    Tunnel Name = wdn-new-1
    Interface = WAN1
    Enable = y
    ----
    Local Security Gateway Type = IP Only
    IP address = 123.456.789.1
    Local Security Group Type = Subnet
    IP address = 198.168.0.0
    Subnet Mask = 255.255.255.0
    ----
    Remote Security Gateway Type = Dynamic IP + Domain Name(FQDN)
    Domain Name = xxxxxx.dyndns.org
    Remote Security Group Type = Subnet
    IP address = 192.168.1.0
    Subnet Mask = 255.255.255.0
    ----
    Keying Mode = IKE with Preshared Key
    Phase1 DH Group = Group2
    Phase1 Encryption = 3DES
    Phase1 Authentication = MD5
    Phase1 SA Life Time = 28800
    Perfect Forward Secrecy = off
    Phase2 Encryption = 3DES
    Phase2 Authentication = MD5
    Phase2 SA Life Time = 3600
    Preshared Key = xxxxx00000
    ----
    Aggressive Mode = on (shaded)
    Compress = off
    Keep-Alive = on
    AH Hash Algorithm = off
    NetBIOS broadcast = on
    NAT Traversal = off
    Dead Peer Detection (DPD) = off


    WRV200 Tunnel (firmware 1.0.32.2, Hostname: wdnrt01, Domain: xxxxxx.dyndns.org):
    Tunnel Entry = A
    VPN Tunnel = Enabled
    Tunnel Name = wdn-new-1
    Nat-Traversal = off
    ----
    LOCAL SECURE GROUP
    Type: Subnet
    IP Address: 192.168.1.0
    Mask: 255.255.255.0
    ----
    REMOTE SECURE GROUP
    Type: Subnet
    IP Address: 192.168.0.0
    Mask: 255.255.255.0
    ----
    REMOTE SECURE GATEWAY
    IP Address: 123.456.789.1
    ----
    KEY MANAGEMENT
    Method = Auto (IKE)
    Mode = Main
    ISAKMP Encryption Method = 3DES
    ISAKMP Authentication Method = MD5
    ISAKMP DH Group = Group 2: 1024-bits
    ISAKMP Key Lifetime(s) = 28800
    PFS = off
    IPSec Encryption Method = 3DES
    IPSec Authentication Method = MD5
    IPSec DH Group = The group is the same as ISAKMP. (Automatic)
    IPSec Key Lifetime(s) = 3600
    Pre-Shared Key = xxxxx00000
    Dead Peer Detection = on
    Detection Delay(s) = 30
    Detection Timeout(s) = 120
    DPD Action = Recover Connection
    If IKE failed... = off
    Anti-replay = on

    Now the RV016 help manual says "The type of Remote Security Gateway should match with the Local Security Gateway Type of VPN devices in the other end of tunnel." I'm thinking the WRV200 is incapable on any other local type than "IP Only", at least through the web interface. Can anyone back me up or have any other suggestions?

    Thanks in advance.

    -Quazeye McLovin
     
  2. vpnuser

    vpnuser LI Guru Member

    Try replacing

    Remote Security Gateway Type = Dynamic IP + Domain Name(FQDN)
    Domain Name = xxxxxx.dyndns.org

    with

    IP Only
    IP by DNS Resolved: xxxxxx.dyndns.org
     
  3. quazeye

    quazeye LI Guru Member

    Thanks. I have tried that and it DOES work. But as understand it once the dynamic IP on the WRV200 changes then the connection will be lost. I may be wrong. Do you have experience with this?

    Do you know if the keep-alive option actually re-resolves the domain name when it re-establishes the connection?

    -quazeye
     

Share This Page