Solved: RV042 vpn - stops passing traffic but stays connected

jollymon · ‎07-20-2009

We have two RV042 boxes with a VPN tunnel connecting them. No problems initiating the tunnel or passing traffic initially. However, after "some" period of time (seemingly random amounts of time) the VPN will stop passing traffic. Someone then needs to go into web admin and disconnect/reconnect the VPN at which point it is ok again. This is now happening multiple times a day. FW ver is 1.3.12.6 on both sides - and static ip addresses from ISP on both sides as well. Any ideas on how to resolve this?

Thanks,
Drew

ciscodavew · ‎07-20-2009

Drew,

Sorry I don't have a solution for you but your message almost made me cry. We are having the same problem, but with static-to-dynamic gateway-to-gateway VPNs. I was hoping that the problem would go away if I could make the dynamic side static. It now seems that I'll be looking for other alternatives. I wish you luck and thank you for bringing this shortcoming to my attention.

View solution in original post

ciscodavew · ‎07-20-2009

Drew,

Sorry I don't have a solution for you but your message almost made me cry. We are having the same problem, but with static-to-dynamic gateway-to-gateway VPNs. I was hoping that the problem would go away if I could make the dynamic side static. It now seems that I'll be looking for other alternatives. I wish you luck and thank you for bringing this shortcoming to my attention.

jollymon · ‎07-20-2009

I found this thread which shows that a number of other folks are also having the same problem. There are a few suggestions that may help until a firmware update is released, which is also discussed. http://www.linksysinfo.org/forums/showthread.php?t=56229&page=3

I hope to try the IPsec tweaks tonight, and have had a constant ping going since this morning, without any known problems.

-drew

Te-Kai Liu · ‎07-31-2009

Cisco has posted RV042 firmware 1.3.12.19-tm, which fixed an intermittent VPN connection issue.

MFPrice22 · ‎08-08-2009

Uhhh, the link to this new firmware version does not work. (the link to the new firmware documentation works, just trying to tease us aren't you? :-)

Te-Kai Liu · ‎08-09-2009

I checked the firmware download link, which is working fine. The firmware can be downloaded for free but you have to register at cisco.com first.

http://tools.cisco.com/support/downloads/go/Model.x?mdfid=282414010&mdfLevel=Model&treeName=Routers&modelName=Cisco%20RV042%204-port%2010%2F100%20VPN%20Router%20-%20Dual%20WAN&treeMdfId=268437899

jollymon · ‎08-09-2009

Thanks, I have downloaded and installed the new firmware on both routers but have not been able to test to see if the original issue has been fixed. Should be able to try it next week and will post results.

ciscodavew · ‎08-13-2009

I'm eagerly awaiting the results of your testing. It will be quite a chore for me to install the new firmware at my remote locations, so I'm waiting for some feedback before proceeding. I've only seen one reference to the VPN issue (at the linksysinfo.org forums) since the new firmware has been available and it was not positive. I have managed to stave off multiple connection drops per day by staggering the Phase 1 and Phase 2 SA lifetimes on each end of the connection. In other words, I have the SA Life Times set to 43200 (phase 1) and 3600 (phase 2) on the dynamic IP side and 42780 and 3556 on the static side. Now the relatively fewer "drops" I get are at completely random intervals and cannot be predicted ahead of time based on SA lifetimes.

I've considered using manual key exchange for a couple of VPNs to potentially clear this problem up once and for all (since IKE may always be fubar on these routers), but that opens up a completely different can of worms that I'd rather not contemplate just yet.