cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7365
Views
0
Helpful
8
Replies

VPN Tunnel from RV042 to RV042 (ports blocked?)

garretjames
Level 1
Level 1

I am having trouble connecting two RV042 together using a gateway to gateway connection.

I have two static IPs, one at each location.

I am for sure I have each connection configured properly.  But just in case here is how I have it configured.

On Router A: <-- Static IP: 97.89.210.94 & Local IP: 10.1.2.1

     Local Group Setup

          Local Security Gateway Type: IP Only

          IP: 97.89.210.94

          Local Security Group Type: Subnet

          IP: 10.1.2.0

          Subnet Mask: 255.255.255.128

     Remote Group Setup

          Remote Security Gateway Type: IP Only

          IP: 97.89.210.98

          Remote Security Group Type: Subnet

          IP: 10.1.4.0

          Subnet Mask: 255.255.255.128

     IPSec Setup

          Keying Mode: IKE with Pre Shared Key

          Phase 1 DH Group: Group 1

          Phase 1 Encryption: DES

          Phase 1 Authentication: MD5

          Phase 1 SA Life Time: 28800

          Phase 2 DH Group: Group 1

          Phase 2 Encryption: DES

          Phase 2 Authentication: MD5

          Phase 2 SA Life Time: 3600

On Router B: <---- Static IP: 97.89.210.98 & Local IP: 10.1.4.1

          Local Group Setup

          Local Security Gateway Type: IP Only

          IP: 97.89.210.98

          Local Security Group Type: Subnet

          IP: 10.1.4.0

          Subnet Mask: 255.255.255.128

     Remote Group Setup

          Remote Security Gateway Type: IP Only

          IP: 97.89.210.94

          Remote Security Group Type: Subnet

          IP: 10.1.2.0

          Subnet Mask: 255.255.255.128

     IPSec Setup

          Keying Mode: IKE with Pre Shared Key

          Phase 1 DH Group: Group 1

          Phase 1 Encryption: DES

          Phase 1 Authentication: MD5

          Phase 1 SA Life Time: 28800

          Phase 2 DH Group: Group 1

          Phase 2 Encryption: DES

          Phase 2 Authentication: MD5

          Phase 2 SA Life Time: 3600

Both have the same pre shared key typed in.

I think the problem may lie in my ISP.  Do you know what ports are needed to make the connection?  When I click the connect button it just says waiting and never connects.

I did a NMap scan from outside the network and here are the results of the scan of Network A

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2010-05-13 10:17 CDT
Interesting ports on 97-89-210-94.static.slid.la.charter.com (97.89.210.94):
(The 1649 ports scanned but not shown below are in state: closed)
PORT     STATE    SERVICE
80/tcp   open     http
135/tcp  filtered msrpc
136/tcp  filtered profile
137/tcp  filtered netbios-ns
138/tcp  filtered netbios-dgm
139/tcp  filtered netbios-ssn
443/tcp  open     https
445/tcp  filtered microsoft-ds
447/tcp  open     ddm-dfm
593/tcp  filtered http-rpc-epmap
4444/tcp filtered krb524

Nmap run completed -- 1 IP address (1 host up) scanned in 7.958 seconds

Any help on this issue will be much appreciated.

Thanks.

8 Replies 8

Hi,

Is this an IPsec VPN Site-to-Site connection between both units?

If this is so, the ports you need to open are:

UDP 500 --> ISAKMP

ESP

UDP 4500 --> sometimes (NAT-T)

Make sure you have those ports opened.

Federico.

Yes IPSec VPN site to site.

Do all my other settings correct?  And do you know if it's common for ISPs to block those ports?

Do you think that is a possible problem?

Thanks again.

I don't see a problem with your settings and though its not common to block those ports, I've seen it happen several times..

Check with your ISP.

Also, do you get any errors on either side?

Federico.

No, when I click the connect button.  It just says connecting then after about 30 seconds it just goes back to the ocnnect button, as if nothing happened.

Garret,

Have you checked with the ISP at both sites?

What is the status of the tunnel on both ends?

Federico.

Yes,

It works.  It was not the port.  It seemed to be the MAC address on one of the VPN Routers.

Now I have a different problem, let me know fi you can help with this.

Another location that needs to be tied into these networks is on AT&T DSL.  The other two(that I know have connected) are on cable.

I am not sure how to get the Netopia to let the RV042 handle the public static IP.

Here is the link to the manual.  If you have not worked with these just let me know, I should most likely post a new thread anyway.

http://www.netopia.com/support/hardware/3347w.html

Thanks for all your help Federico.

Garret,

If the public IP is on the DSL device, there are two options:

1. Leave the public IP on the DSL and create a static NAT to redirect VPN traffic to the RV042 (will have to check if the DSL modem supports this capability (depends on the model)

2. Set the DSL as a bridge so that the public IP can be given to the RV042 directly.

Do you manage this DSL modem?

Federico.

Yes, I manage the DSL modem.  I tried the bridge, but for some reason, the RV042 would not correctly connect to WAN1 with the correcnt PPPoE settings.  I am going to try and call AT&T tomorrow.  I have not tried the NAT way yet, but I really just want a bridge, that way I can have the RV042 handle everything.

Thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: