RV042 & Cisco VPN Concentrator

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by BADSBRD, Sep 12, 2005.


    BADSBRD Network Guru Member

    I am trying to setup an IPSec tunnel between a RV042 and my Cisco Concetrator. My concentrator is behind a PIX and its address is NATed. This is confusing the RV042 as it will only authenticate the external address. In the RV042 log I see the following: We require peer to have ID A.A.A.A, but peer declares B.B.B.B.

    A.A.A.A is the external address
    B.B.B.B is inside my DMZ

    Is there a workaround for this? Anyone have a solution or suggestion?


  2. jm23hh

    jm23hh Network Guru Member

    Have you forwarded the IPSec/IKE ports from yout PIX to the concentrator?

    Have you tried to change the NAT-T options in the concentrator's group settings? Perhaps you also have to deal with port 4500 or 10000 on your PIX for this...

    The RV042 has no explict NAT-T setting, so the ony way would be to manipulate from the concentrator's side.

    From a SW-Client side of view (Sentinel), the only way for me to get around possible NAT-issues on the RV for me was to configure the RV for group authentication as a VPN "server" endpoint. Perhaps the RV can't handle NAT-(T) as a HW-Client endpoint at all.


    JASONC Network Guru Member

    I had the same problem

    I called linksys on this, and they told me i was out of luck. the only thing differant was i was using a netopia modem/router. I had to bridge the two devices so that the linksys would have an external IP.

    BADSBRD Network Guru Member

    We are most likelt going to move the concentrator to the outside of the FW. Linksys was no help at all. They kept saing they wanted me to move the concentrator to the ouside so they could isolate the problem. This was after I told them what the problem was. Its obvious the RV042 doesn't handle NAT-T, I wish they would just admit it instead of trying to recreate my network.
  5. jm23hh

    jm23hh Network Guru Member

    For testing purposes this might be a good advice, in a final setup it might be better for security reasons to put the concentrator "on the side" of the PIX and have a LAN-LAN router with a switch in front of it - handling the forwarding of VPN traffic to the concentrator and the unencrypted to the firewall. As you know the concentrator is no firewall and may probably be nuked easier than the PIX.

    But do you really think the "well known" Linksys support will really help you out? They have to commit to the NAT-T issue i.m.o. FIRST.


    BADSBRD Network Guru Member

    Well, considering the first moron I talked to had no idea what a PIX Firewall was, I shouldn't have expected an answer.
  7. axiomq

    axiomq Guest

    RV042 just isn't compatable with Cisco gear

    I just ran into a similar issue with this RV042 router. We use Cisco concentrators at the office for vpn'ing into with a token key. Thus we have to use the Cisco 3000 vpn client software.

    When upgrading my router from an older Linksys (BEFSR81) to this new RV042 connecting to the office is now impossible. Even after 12 hours of being on the phone with Linksys support over 3 days. No dice. My conclusion is that the Linksys RV042 router is crap. It doesn't allow for IPSec passthrough like its supposed to.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice