Cisco Router - WRVS4400N VPN to WRVS4400N VPN

FloatingPoint · ‎10-16-2011

Hello,

I'm having a heck of a time connecting the WRVS4400N VPN to another WRVS4400N VPN. both of the routers have the current firmware version

V2.0.2.1: Router 1 is below, and router 2 has the matching configuration with as it should be the local group being that routers local information and the remote crew set up being router ones information. the status is up on both of the routers, but I'm unable to ping the remote gateway or any device behind it.

I've tried many different configurations but still having no luck. Does anybody have any idea or has anyone had this particular problem and been able to fix it. Any help would be greatly appreciated.

Router 1

1 Tunnel_1 Up 3DES/SHA-1 10.1.1.0 / 255.255.255.0 10.2.2.0 / 255.255.255.0 55.55.55.55

Local Group Setup

Local Security Gateway Type: IP Only

IP address: 24.24.24.24

Local Security Group Type: Subnet

IP address: 10.1.1.0

Subnet Mask: 255.255.255.0

Remote Group Setup

Local Security Gateway Type: IP Only

IP address: 55.55.55.55

Local Security Group Type: Subnet

IP address: 10.2.2.0

Subnet Mask: 255.255.255.0

IPSec Setup

Keying Mode: IKE with Preshared Key

Phase 1:

Encryption: 3DES

Authentication: SHA1

Group: 1024-bit

Key Lifetime: 29900 sec

Phase 2:

Encryption: 3DES

Authentication: SHA1

Perfect Forward Secrecy: Enable

Preshared Key: anything

Group: 1024-bit

Key Lifetime: 3600 sec

Status: Up

riroe · ‎10-17-2011

Under the Firewall settings on the WRVS4400N do you have "Block WAN Requests" disabled? If not please disable this option.

THANKS

Rick Roe

Cisco Small Business Support Center

FloatingPoint · ‎10-17-2011

Thank you so much riroe for the reply.

I have "Block WAN Requests" disabled on both sides and was able to ping the WAN from the Internet, but I can't ping my remote LAN via the tunnel.

mpyhala · ‎10-17-2011

Hello,

If you go to Administration-> Diagnostics, can you ping the LAN IP of the remote router? If so, check the LAN devices at each end for Firewall or Antivirus software that will block any traffic from an unknown (untrusted) network. You may need to create a rule in that software to allow connections from the remote LAN subnet.

FloatingPoint · ‎10-17-2011

Thanks mphyala for the reply.

I'm unable to ping the LAN via the Router Diagnostics of the remote. Both of the computers Antivirus software is Microsoft SE that's not blocking VPN access. I even tested the routers by turning off both router firewalls and WAN ping blocking, reset to factory defaults, changed the IP's but still no luck. Windows 7 needs to have the firewall on other wise it closes ports. Both computers are running Win7; one 32 bit and the other 64 bit.

Even without a rule I should have been able to ping the gateway address because it's not part of the computer, but part of the router.

FloatingPoint · ‎10-18-2011

Here’s what the problem was for me. My ISP cable modem needed to have DHCP Server enabled and Pass Through set (Advanced Gateway - Pass Through) for the Cisco Router and it was. However, for some reason the LAN address was also in the Advanced Gateway - Pass Through. After removing the LAN from Pass Through the tunnel worked and I was able to ping the remote gateway.

Hopefully this will help someone else. It’s really hard to find fixed issue information anywhere on the Net about this.