[WRV200]No VPN reestablishment with FQDN setting.

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by office, Nov 19, 2006.

  1. office

    office LI Guru Member

    Hello Community!

    After many problems with PPPoE and 1.020, I got a beta FW( 1.0.24) from the support.

    I established a VPN tunnel between two WRV200 gateway's, GW1 has static IP, GW2 has dynamic IP (PPPoE).
    I'm using FQDN for Remote gateway setting in GW1.

    The problem is, if the GW2 gets a new IP, because of ISP dropping the connection, then the VPN tunnel will not reestablished.

    DPD, anti replay are on and recover connection is set in IPSEC menu on both side.

    The DNS (xxx.dyndns.org) of GW2 is registred and works fine, it will be proper actualised.

    After tunnel lost, if I will restart the TUNNEL in the VPN_SUMMARY menu OR the GW2 will be rebooted the connection will not be reestablished.

    See attch.: "log of gw1 tunnel restart.txt".

    But if I reboot the GW1 OR I update the Remote security gw in GW1 to the actual IP of the GW2, then the connection will be reestablished.

    See attch.: "log of gw1 after reboot of gw1.txt".

    Is something wrong in the GW settings or it is a FW issue?

    Thanks in advance: O.

    Attached Files:

  2. kspare

    kspare Computer Guy Staff Member Member

    sounds like when the dynamic router restarts and updates it's dynamic ip, the other router still has it's ip cached. This may be an issue to bring up with linksys but i'm just not sure. The reason why it works when yo ureboot is because it has done a dns lookup on it's ip and it's now working again.

    What you should do the next time the ip changes is leave the two routers alone and see how long it takes for them to come back.

    The alternative would be to allow that vpn tunnel to accept connections from anyone. There is some loss in some security there but it would work for you.
  3. office

    office LI Guru Member


    thanks for the answer.

    I'm going to set the Rem. GW setting of GW1 to ANY.

    If I leave the routers alone, then the connection will never be reestablished.
    See log about last days. At the end of the log file I tried to RESTART the tunnel from the VPN_SUMMARY menu.

    Attached Files:

  4. kspare

    kspare Computer Guy Staff Member Member

    They should eventually reconnect. However what we need to determine is if the routers dns cache expires. The next time it goes down, maybe on a weekend could you leave it for 48 hours to see if it re connects? You may have found a bug! If the router doesn't do a dns lookup eachtime it tried to connect this will never work.

    Let us know how it goes.
