05-13-2010 08:55 AM
I am having trouble connecting two RV042 together using a gateway to gateway connection.
I have two static IPs, one at each location.
I am for sure I have each connection configured properly. But just in case here is how I have it configured.
On Router A: <-- Static IP: 97.89.210.94 & Local IP: 10.1.2.1
Local Group Setup
Local Security Gateway Type: IP Only
IP: 97.89.210.94
Local Security Group Type: Subnet
IP: 10.1.2.0
Subnet Mask: 255.255.255.128
Remote Group Setup
Remote Security Gateway Type: IP Only
IP: 97.89.210.98
Remote Security Group Type: Subnet
IP: 10.1.4.0
Subnet Mask: 255.255.255.128
IPSec Setup
Keying Mode: IKE with Pre Shared Key
Phase 1 DH Group: Group 1
Phase 1 Encryption: DES
Phase 1 Authentication: MD5
Phase 1 SA Life Time: 28800
Phase 2 DH Group: Group 1
Phase 2 Encryption: DES
Phase 2 Authentication: MD5
Phase 2 SA Life Time: 3600
On Router B: <---- Static IP: 97.89.210.98 & Local IP: 10.1.4.1
Local Group Setup
Local Security Gateway Type: IP Only
IP: 97.89.210.98
Local Security Group Type: Subnet
IP: 10.1.4.0
Subnet Mask: 255.255.255.128
Remote Group Setup
Remote Security Gateway Type: IP Only
IP: 97.89.210.94
Remote Security Group Type: Subnet
IP: 10.1.2.0
Subnet Mask: 255.255.255.128
IPSec Setup
Keying Mode: IKE with Pre Shared Key
Phase 1 DH Group: Group 1
Phase 1 Encryption: DES
Phase 1 Authentication: MD5
Phase 1 SA Life Time: 28800
Phase 2 DH Group: Group 1
Phase 2 Encryption: DES
Phase 2 Authentication: MD5
Phase 2 SA Life Time: 3600
Both have the same pre shared key typed in.
I think the problem may lie in my ISP. Do you know what ports are needed to make the connection? When I click the connect button it just says waiting and never connects.
I did a NMap scan from outside the network and here are the results of the scan of Network A
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2010-05-13 10:17 CDT
Interesting ports on 97-89-210-94.static.slid.la.charter.com (97.89.210.94):
(The 1649 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
80/tcp open http
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds
447/tcp open ddm-dfm
593/tcp filtered http-rpc-epmap
4444/tcp filtered krb524
Nmap run completed -- 1 IP address (1 host up) scanned in 7.958 seconds
Any help on this issue will be much appreciated.
Thanks.
05-13-2010 11:31 AM
Hi,
Is this an IPsec VPN Site-to-Site connection between both units?
If this is so, the ports you need to open are:
UDP 500 --> ISAKMP
ESP
UDP 4500 --> sometimes (NAT-T)
Make sure you have those ports opened.
Federico.
05-13-2010 12:52 PM
Yes IPSec VPN site to site.
Do all my other settings correct? And do you know if it's common for ISPs to block those ports?
Do you think that is a possible problem?
Thanks again.
05-13-2010 01:10 PM
I don't see a problem with your settings and though its not common to block those ports, I've seen it happen several times..
Check with your ISP.
Also, do you get any errors on either side?
Federico.
05-13-2010 08:49 PM
No, when I click the connect button. It just says connecting then after about 30 seconds it just goes back to the ocnnect button, as if nothing happened.
05-14-2010 07:06 AM
Garret,
Have you checked with the ISP at both sites?
What is the status of the tunnel on both ends?
Federico.
05-14-2010 02:17 PM
Yes,
It works. It was not the port. It seemed to be the MAC address on one of the VPN Routers.
Now I have a different problem, let me know fi you can help with this.
Another location that needs to be tied into these networks is on AT&T DSL. The other two(that I know have connected) are on cable.
I am not sure how to get the Netopia to let the RV042 handle the public static IP.
Here is the link to the manual. If you have not worked with these just let me know, I should most likely post a new thread anyway.
http://www.netopia.com/support/hardware/3347w.html
Thanks for all your help Federico.
05-14-2010 03:15 PM
Garret,
If the public IP is on the DSL device, there are two options:
1. Leave the public IP on the DSL and create a static NAT to redirect VPN traffic to the RV042 (will have to check if the DSL modem supports this capability (depends on the model)
2. Set the DSL as a bridge so that the public IP can be given to the RV042 directly.
Do you manage this DSL modem?
Federico.
05-16-2010 03:12 PM
Yes, I manage the DSL modem. I tried the bridge, but for some reason, the RV042 would not correctly connect to WAN1 with the correcnt PPPoE settings. I am going to try and call AT&T tomorrow. I have not tried the NAT way yet, but I really just want a bridge, that way I can have the RV042 handle everything.
Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: