RV042 Gateway 2 gateway VPN problems

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by jdall, Jan 21, 2007.

  1. jdall

    jdall Network Guru Member

    Please, I need some help...

    I'm trying to connect two RV042 devices back2back using VPN - but I just can't get it going.

    The setup (both running firmware):

    PC#1 - - RV042#1 - - RV042#2 - - PC#2

    - LAN port config: static ip: sn: gw:
    - WAN1 port config: static ip: sn: gw:
    - firewall enabled, router mode
    - vpn tunnel gw2gw mode
    - local group: ip only, ip addr, subnet, ip
    - remote group: ip only, ip addr, subnet, ip
    - IPSec: factory default (IKE preshared key)

    - LAN port config: static ip: sn: gw:
    - WAN1 port config: static ip: sn: gw:
    - firewall enabled, router mode
    - vpn tunnel gw2gw mode
    - local group: ip only, ip addr, subnet, ip
    - remote group: ip only, ip addr, subnet, ip
    - IPSec: factory default (IKE preshared key)

    Now, at the VPN summary page on both, the status is 'waiting for connection'

    On #1 I hit connect, wait until the button reappers (status is still 'waiting for connection'). Checking the VPN log, the initial VPN message has been send a few times, then... nothing.

    Checking the VPN log on #2, nothing at all has been received.

    I turned off the firewall on both, then on #1 I went to the diagnostics page, to ping the other wan port - no packets got through. Also tried from #2 - with the exact same result.

    Should I not be able to ping the WAN port from the diag page, when firewall is disabled?

    I've tried any possible combination of the 4 RV042 devices, I have at hand - same result.

    I've tried to replace a known working internet gateway device with each of the three others - I doesn't look like any of the devices are in a non-working condition.

    I've tried to restore the configuration to facory default, using the web interface and the reset switch. Then configured from scratch.
    I've tried to reset, switch on/off power.

    I've tried just about anything I can think of. All with no success.

    This VPN issue has puzzled me for almost a day now - I just can't believe it can be that difficult!

    Please... anyone... suggestions are very welcome.
  2. deenx

    deenx Network Guru Member

    is your both RV042 behide another gateway? or.......
  3. jdall

    jdall Network Guru Member

    No, the setup is only involving the initially mentioned two RV042 and two PC's - just to keep things simple ;)
  4. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    RV042 #1
    LAN settings:
    There are no gateway settings in the LAN settings so I'm assuming this is in your WAN settings. See note below.

    WAN settings:
    You do not need/want a default gateway in this simple point-to-point network. If you're going to setup a default gateway, make it the other RV042 . Keep it simple though and leave any gateway settings blank. You are going to confuse the routing of your traffic that should be going to the VPN..sending it in the clear to your default g/w instead.

    RV042 #2
    same notes as above.

    Just curious...where is the .254 address in your config? If that's your inside PC then that's your problem (as mentioned!). *none* of your packets are going to go to the VPN...they're being bounced back to your inside PC. Having your g/w on a common subnet with your LAN interface doesn't work anyway and for the same reason. Even if the aforementioned address isn't your PC the packets will never route as you try to send them back to a gateway on the "inside" of your RV042.

    ...anyway, sorry about the hasty reply. Please fix your setup and I can guarantee you you'll get come action on the VPN stuff. I'm going out the door now but will check back in about 6 hours.

  5. jdall

    jdall Network Guru Member

    Hello Eric.

    Yeah, you are right - just a typo - my bad.

    Actually, the gateway address IS the other RV042. But I'll try and blank it.

    Well, .254 is our internet gateway, which I obviously don't have in this setup, i.e. it shouldn't be mentioned at all. Again, my bad.

    Don't mention it. I really appreciate your reply - it gives me some hope that this will end up working.
    I will not be able to test it, though, before the upcoming weekend, because all the routers (except one) are in use (used the new subnet feature in to get something going, now that I wasn't able to get the VPN connection running. No worries - the connection is using a semi-protected lan; I just want the VPN because I'm being paranoid)

    What about the WAN pinging issue? Can you tell me what I've missed? Is it the gateway issue that's messing things up?

    Again, great many thanks for your reply.

  6. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    Pinging the other RV042's WAN interface will not work by default since the default setting in the "Firewall" tab has the radio button "Block WAN Request" checked. I believe this is true whether you have the Firewall enabled or not.

    Uncheck the button and it should work. The gateway settings won't mess anything up since the WAN interfaces on the two RV042s are on a common subnet and therefore the RV042 would not send the packets to its default gateway.

  7. jdall

    jdall Network Guru Member

    Hello Eric,

    I've just checked - with firewall and blocking enabled, when disabling the firewall, the 'Block WAN Request' option is set to disabled. I assume this is what in fact happens functionally in the router. But maybe that's not the case!?

    I'll try and disable blocking before disabling the firewall.

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice