VPN Tunnel from RV042 to RV042 (ports blocked?)

Unanswered Question
May 13th, 2010

I am having trouble connecting two RV042 together using a gateway to gateway connection.

I have two static IPs, one at each location.

I am for sure I have each connection configured properly.  But just in case here is how I have it configured.

On Router A: <-- Static IP: 97.89.210.94 & Local IP: 10.1.2.1

     Local Group Setup

          Local Security Gateway Type: IP Only

          IP: 97.89.210.94

          Local Security Group Type: Subnet

          IP: 10.1.2.0

          Subnet Mask: 255.255.255.128

     Remote Group Setup

          Remote Security Gateway Type: IP Only

          IP: 97.89.210.98

          Remote Security Group Type: Subnet

          IP: 10.1.4.0

          Subnet Mask: 255.255.255.128

     IPSec Setup

          Keying Mode: IKE with Pre Shared Key

          Phase 1 DH Group: Group 1

          Phase 1 Encryption: DES

          Phase 1 Authentication: MD5

          Phase 1 SA Life Time: 28800

          Phase 2 DH Group: Group 1

          Phase 2 Encryption: DES

          Phase 2 Authentication: MD5

          Phase 2 SA Life Time: 3600

On Router B: <---- Static IP: 97.89.210.98 & Local IP: 10.1.4.1

          Local Group Setup

          Local Security Gateway Type: IP Only

          IP: 97.89.210.98

          Local Security Group Type: Subnet

          IP: 10.1.4.0

          Subnet Mask: 255.255.255.128

     Remote Group Setup

          Remote Security Gateway Type: IP Only

          IP: 97.89.210.94

          Remote Security Group Type: Subnet

          IP: 10.1.2.0

          Subnet Mask: 255.255.255.128

     IPSec Setup

          Keying Mode: IKE with Pre Shared Key

          Phase 1 DH Group: Group 1

          Phase 1 Encryption: DES

          Phase 1 Authentication: MD5

          Phase 1 SA Life Time: 28800

          Phase 2 DH Group: Group 1

          Phase 2 Encryption: DES

          Phase 2 Authentication: MD5

          Phase 2 SA Life Time: 3600

Both have the same pre shared key typed in.

I think the problem may lie in my ISP.  Do you know what ports are needed to make the connection?  When I click the connect button it just says waiting and never connects.

I did a NMap scan from outside the network and here are the results of the scan of Network A

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2010-05-13 10:17 CDT
Interesting ports on 97-89-210-94.static.slid.la.charter.com (97.89.210.94):
(The 1649 ports scanned but not shown below are in state: closed)
PORT     STATE    SERVICE
80/tcp   open     http
135/tcp  filtered msrpc
136/tcp  filtered profile
137/tcp  filtered netbios-ns
138/tcp  filtered netbios-dgm
139/tcp  filtered netbios-ssn
443/tcp  open     https
445/tcp  filtered microsoft-ds
447/tcp  open     ddm-dfm
593/tcp  filtered http-rpc-epmap
4444/tcp filtered krb524

Nmap run completed -- 1 IP address (1 host up) scanned in 7.958 seconds

Any help on this issue will be much appreciated.

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Thu, 05/13/2010 - 11:31

Hi,

Is this an IPsec VPN Site-to-Site connection between both units?

If this is so, the ports you need to open are:

UDP 500 --> ISAKMP

ESP

UDP 4500 --> sometimes (NAT-T)

Make sure you have those ports opened.

Federico.

garretjames Thu, 05/13/2010 - 12:52

Yes IPSec VPN site to site.

Do all my other settings correct?  And do you know if it's common for ISPs to block those ports?

Do you think that is a possible problem?

Thanks again.

Federico Coto F... Thu, 05/13/2010 - 13:10

I don't see a problem with your settings and though its not common to block those ports, I've seen it happen several times..

Check with your ISP.

Also, do you get any errors on either side?

Federico.

garretjames Thu, 05/13/2010 - 20:49

No, when I click the connect button.  It just says connecting then after about 30 seconds it just goes back to the ocnnect button, as if nothing happened.

Federico Coto F... Fri, 05/14/2010 - 07:06

Garret,

Have you checked with the ISP at both sites?

What is the status of the tunnel on both ends?

Federico.

garretjames Fri, 05/14/2010 - 14:17

Yes,

It works.  It was not the port.  It seemed to be the MAC address on one of the VPN Routers.

Now I have a different problem, let me know fi you can help with this.

Another location that needs to be tied into these networks is on AT&T DSL.  The other two(that I know have connected) are on cable.

I am not sure how to get the Netopia to let the RV042 handle the public static IP.

Here is the link to the manual.  If you have not worked with these just let me know, I should most likely post a new thread anyway.

http://www.netopia.com/support/hardware/3347w.html

Thanks for all your help Federico.

Federico Coto F... Fri, 05/14/2010 - 15:15

Garret,

If the public IP is on the DSL device, there are two options:

1. Leave the public IP on the DSL and create a static NAT to redirect VPN traffic to the RV042 (will have to check if the DSL modem supports this capability (depends on the model)

2. Set the DSL as a bridge so that the public IP can be given to the RV042 directly.

Do you manage this DSL modem?

Federico.

garretjames Sun, 05/16/2010 - 15:12

Yes, I manage the DSL modem.  I tried the bridge, but for some reason, the RV042 would not correctly connect to WAN1 with the correcnt PPPoE settings.  I am going to try and call AT&T tomorrow.  I have not tried the NAT way yet, but I really just want a bridge, that way I can have the RV042 handle everything.

Thanks.

Actions

This Discussion