RV120W QuickVPN "gateway not responding"

Unanswered Question
Jan 2nd, 2012
User Badges:

I am trying to install a Cisco VPN Router RV120W behind this router. I have setup the Cisco and can access the internet from the device. I also setup the Actiontec router with the DMZ host as the Cisco router. When I try to connect to the VPN tunnel however I connect but receive an "Gateway is not responding" error message after 30sec. Is there anything else I need to setup on the actiontec router to allow VPN passthough or something like that?Thank you for your help. I have listed a brief description of network below.



Actiontec Lan IP: 192.168.1.1

Cisco Wan IP: 192.168.1.2

Cisco Wan SN: 255.255.255.0

Cisco Wan Gateway: 192.168.1.1

Cisco WAN DNS: 192.168.1.1

               71.250.0.12

Cisco Lan IP: 192.168.20.1


Edit: I have also tried this connection from a Windows 7 Pro with Firewall enabled and also Windows XP with the same error.


Quick VPN log:


2011/12/30 00:05:58 [STATUS]OS Version: Windows 7

2011/12/30 00:05:58 [STATUS]Windows Firewall Domain Profile Settings: ON

2011/12/30 00:05:58 [STATUS]Windows Firewall Private Profile Settings: ON

2011/12/30 00:05:58 [STATUS]Windows Firewall Private Profile Settings: ON

2011/12/30 00:06:10 [STATUS]OS Version: Windows 7

2011/12/30 00:06:10 [STATUS]Windows Firewall Domain Profile Settings: ON

2011/12/30 00:06:10 [STATUS]Windows Firewall Private Profile Settings: ON

2011/12/30 00:06:10 [STATUS]Windows Firewall Private Profile Settings: ON

2011/12/30 00:06:10 [STATUS]One network interface detected with IP address 192.168.2.149

2011/12/30 00:06:10 [STATUS]Connecting...

2011/12/30 00:06:10 [DEBUG]Input VPN Server Address = XXXXXXXXXXXXXXXX

2011/12/30 00:06:10 [STATUS]Connecting to remote gateway with IP address: XXXXXXXXXXXXXX

2011/12/30 00:06:10 [WARNING]Server's certificate doesn't exist on your local computer.

2011/12/30 00:06:12 [STATUS]Remote gateway was reached by https ...

2011/12/30 00:06:12 [STATUS]Provisioning...

2011/12/30 00:06:21 [STATUS]Success to connect.

2011/12/30 00:06:21 [STATUS]Tunnel is configured. Ping test is about to start.

2011/12/30 00:06:21 [STATUS]Verifying Network...

2011/12/30 00:06:27 [WARNING]Failed to ping remote VPN Router!

2011/12/30 00:06:30 [WARNING]Failed to ping remote VPN Router!

2011/12/30 00:06:33 [WARNING]Failed to ping remote VPN Router!

2011/12/30 00:06:36 [WARNING]Failed to ping remote VPN Router!

2011/12/30 00:06:39 [WARNING]Failed to ping remote VPN Router!

2011/12/30 00:06:44 [WARNING]Ping was blocked, which can be caused by an unexpected disconnect.

2011/12/30 00:06:47 [STATUS]Disconnecting...

2011/12/30 00:06:50 [STATUS]Success to disconnect.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mpyhala Mon, 01/02/2012 - 11:22
User Badges:
  • Gold, 750 points or more

Hi Andrew,


QuickVPN needs ports 443, 500, 4500 and 60443 to be open. You could forward those ports on the Actiontec to 192.168.1.2 and see if that works. I have had a few customers report that they were able to connect this way. Officially we only support connections were the Cisco router has a routable WAN IP address.


Please keep us updated.

bonner101 Mon, 01/02/2012 - 12:10
User Badges:

Thanks i will try that today and get back to you. Could I use the regular Cisco VPN Client to connect to this router?

mpyhala Mon, 01/02/2012 - 12:38
User Badges:
  • Gold, 750 points or more

Andrew,


The Cisco VPN client is not supported with the RVxxx routers. The only SMB routers that will work with Cisco VPN client is the SA500 series. Also, if you have both QuickVPN and Cisco VPN installed on the same PC it can cause QuickVPN to not connect. Try removing Cisco VPN if that is the case.

bonner101 Mon, 01/02/2012 - 13:02
User Badges:

Thanks for the info with the client software. I did have Cisco VPN on 1 of the machines an removed it. I set the port forwarding on the actiontec with the ports you provided but still get the same result. Is there a way to show the running config on these routers? it may help with troubleshooting.

mpyhala Mon, 01/02/2012 - 13:25
User Badges:
  • Gold, 750 points or more

Andrew,


Make sure that Remote Management is enabled on the RV120W using port 443. Make sure that the Actiontec or any other device are not listening on 443. Check the PCs that you are connecting from to see if they have any antivirus/firewall software installed. This can cause the 'Remote Gatway is not responding" error because it blocks the ping response from the router.


After you try to connect, log into the RV120W using Remote Management and see if the status is "Connected" for the QuickVPN client. If it is, some software on the PC is probably blocking the ping reply and it will never connect until the software is removed or disabled.

bonner101 Mon, 01/02/2012 - 13:27
User Badges:

Also, what address is it failing to ping when it says "gateway is not responding"?

mpyhala Mon, 01/02/2012 - 14:00
User Badges:
  • Gold, 750 points or more

Andrew,


I believe that the QuickVPN software pings the LAN IP of the remote router at the final stage of the connection. If something on the PC blocks that reply, you will get "not responding" message. Since the router responded, it thinks that the connection is established. The QuickVPN software never gets the response so it shows "gateway not responding".

bonner101 Mon, 01/02/2012 - 14:19
User Badges:

I have verified that I can access the remote management of the VPN router.

I have also verified that i can ping the router and devices behind the VPN router can ping my WAN IP.

Also the VPN Client status on the router shows "Online" and shows my remote IP as connected.

I also put one of my computers in my DMZ and tried to connect from that PC with the same result.

Any other ideas?

bonner101 Mon, 01/02/2012 - 14:27
User Badges:

Heres my log file on the router. maybe there is something in here that will help.


2012-01-02 16:05:17: [rv120w][IKE] INFO:  Adding IPSec configuration with identifier "andrew"

2012-01-02 16:05:17: [rv120w][IKE] INFO:  Adding IKE configuration with identifier "andrew"

2012-01-02 16:05:28: [rv120w][IKE] INFO:  Configuration found for XXX.XXX.XXX.XXX[500].

2012-01-02 16:05:28: [rv120w][IKE] INFO:  Received request for new phase 1 negotiation: 192.168.1.2[500]<=> XXX.XXX.XXX.XXX[500]

2012-01-02 16:05:28: [rv120w][IKE] INFO:  Beginning Identity Protection mode.

2012-01-02 16:05:28: [rv120w][IKE] INFO:  Received Vendor ID: MS NT5 ISAKMPOAKLEY

2012-01-02 16:05:28: [rv120w][IKE] INFO:  Received unknown Vendor ID

2012-01-02 16:05:28: [rv120w][IKE] INFO:  Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02



2012-01-02 16:05:28: [rv120w][IKE] INFO:  Received unknown Vendor ID

2012-01-02 16:05:28: [rv120w][IKE] INFO:  For XXX.XXX.XXX.XXX[500], Selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02



2012-01-02 16:05:28: [rv120w][IKE] INFO:  NAT-D payload does not match for 192.168.1.2[500]

2012-01-02 16:05:28: [rv120w][IKE] INFO:  NAT-D payload does not match for XXX.XXX.XXX.XXX[500]

2012-01-02 16:05:28: [rv120w][IKE] INFO:  NAT detected: ME PEER

2012-01-02 16:05:28: [rv120w][IKE] INFO:  Floating ports for NAT-T with peer XXX.XXX.XXX.XXX[4500]

2012-01-02 16:05:28: [rv120w][IKE] INFO:  ISAKMP-SA established for 192.168.1.2[4500]-XXX.XXX.XXX.XXX[4500] with spi:9ae0da340ccf34ea:3c006f3d5dd3ff10

2012-01-02 16:05:28: [rv120w][IKE] INFO:  Sending Informational Exchange: notify payload[INITIAL-CONTACT]

2012-01-02 16:05:28: [rv120w][IKE] INFO:  Responding to new phase 2 negotiation: 192.168.1.2[0]<=>

XXX.XXX.XXX.XXX[0]

2012-01-02 16:05:28: [rv120w][IKE] INFO:  Using IPsec SA configuration: 192.168.20.0/24<->192.168.2.105/32

2012-01-02 16:05:28: [rv120w][IKE] INFO:  Adjusting peer's encmode 61443(61443)->Tunnel(1)

2012-01-02 16:05:29: [rv120w][IKE] INFO:  IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel

XXX.XXX.XXX.XXX->192.168.1.2 with spi=140369601(0x85ddec1)

2012-01-02 16:05:29: [rv120w][IKE] INFO:  IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel 192.168.1.2->

XXX.XXX.XXX.XXX with spi=242863264(0xe79cca0)

2012-01-02 16:05:56: [rv120w][IKE] INFO:  an undead schedule has been deleted: 'pk_recvupdate'.

2012-01-02 16:05:56: [rv120w][IKE] INFO:  Purged IPsec-SA with proto_id=ESP and spi=242863264(0xe79cca0).

2012-01-02 16:05:56: [rv120w][IKE] INFO:  Purged ISAKMP-SA with proto_id=ISAKMP and spi=9ae0da340ccf34ea:3c006f3d5dd3ff10.

2012-01-02 16:05:56: [rv120w][IKE] WARNING:  no phase2 found for "andrew"

2012-01-02 16:05:56: [rv120w][IKE] INFO:  IPSec configuration with identifier "andrew" deleted sucessfully

2012-01-02 16:05:56: [rv120w][IKE] WARNING:  no phase2 bounded.

2012-01-02 16:05:56: [rv120w][IKE] INFO:  Purged IPsec-SA with spi=140369601(0x85ddec1).

2012-01-02 16:05:56: [rv120w][IKE] INFO:  Purged IPsec-SA with spi=40659400(0x26c69c8).

2012-01-02 16:05:56: [rv120w][IKE] INFO:  Purged IPsec-SA with spi=65011983(0x3e0010f).

2012-01-02 16:05:56: [rv120w][IKE] INFO:  Purged ISAKMP-SA with spi=9ae0da340ccf34ea:3c006f3d5dd3ff10.

2012-01-02 16:05:56: [rv120w][IKE] INFO:  an undead schedule has been deleted: 'purge_remote'.

2012-01-02 16:05:56: [rv120w][IKE] INFO:  IKE configuration with identifier "andrew" deleted sucessfully

2012-01-02 16:05:57: [rv120w][IKE] ERROR:  sainfo identifier not found ("andrew")

2012-01-02 16:05:57: [rv120w][IKE] ERROR:  Failed to Delete the IPSec configuration with identifier "andrew"

topix1993 Wed, 01/08/2014 - 08:39
User Badges:

i have the  same issue, did you solve your problem?

Actions

This Discussion