RV320 Easy VPN Config and VLAN Access

jeremyn · ‎11-06-2013

Hello all,

I have a RV320 router with the Easy VPN configured and I am able to connect via the client. My issue is that once I connect, I cannot access any resources in any vlans. Can anyone point me in the right direction? I have the admin guide but it doesn't offer much detail.

The ipconfig for the vpn connection looks like this:

IPv4 Address. . . . . . . . . . . : 172.16.100.100

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . : 172.16.100.101

I can ping the router's management ip address (on another vlan), but nothing else.

Tom Watts · ‎11-06-2013

Hi Jeremy, is the firewall of the other computers you're trying to access disabled?

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

jeremyn · ‎11-07-2013

No, the firewalls are not disabled. ICMP (ping) responds when attempting across vlans. It does not work when connected via vpn. Nor does anything else for that matter.

The mask on my connection seems odd to me. Should it be configured as a /24 instead, or this a default for vpn connections?

Tom Watts · ‎11-07-2013

Jeremy, please disable the firewalls.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

jeremyn · ‎11-08-2013

I'll try this next chance I get. This is a site I visit about once every other month. I'll post the results back here when I know more.

Thanks

jeremyn · ‎12-08-2013

Hey Tom,

I finally got back on site. I now have remote access enabled, and the VPN was working temporarily, however now I can't connect at all via Cisco VPN Client. Oddly enough, I had to enable HTTPS on the outside interface to allow remote management. My understanding is that the checkbox would take care of that.

Here's the relevant client logs with the destination ip removed:

144 14:59:30.000 12/08/13 Sev=Info/4 IKE/0x6300004B

Discarding IKE SA negotiation (I_Cookie=CDA66B11F9AF1DF8 R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING

145 14:59:30.001 12/08/13 Sev=Info/4 CM/0x63100014

Unable to establish Phase 1 SA with server "<##.##.##.##" because of "DEL_REASON_PEER_NOT_RESPONDING"

Cisco RV320 Log:

2013-12-08, 15:06:56	Kernel	kernel: [ACCESS_RULE]: IN=eth1 SRC= DST= DMAC= SMAC= LEN=52 TOS=0x00 PREC=0x00 TTL=122 ID=20127 DF PROTO=TCP SPT=2148 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0

I've tested the following:

1. Rebooted Router.

2. Recreated a VPN Easy Connect group with preshared key.

Any other ideas, thoughts? The VPN stopped responding completely before today, and the reboot successfully allowed connections, briefly, before returning to the current state.

Thanks,

JN

jeremyn · ‎12-08-2013

Ok a little more progress. Testing with a Sprint Mifi, the VPN now authenticates. Either my home router or comcast is somehow blocking the vpn connection.

I'm still unable to access any resources, going to have the company disable the firewall on a desktop tomorrow and test. I will report back here.

Thanks,

JN

jeremyn · ‎12-10-2013

Had a desktop disable it's firewall today, no joy. The gateway incremented by 1 as well, which is really odd in the virtual ip space. Here's what I get as output

IPv4 Address. . . . . . . . . . . : 172.16.100.101

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . : 172.16.100.102

Configuration:

Virtual IP Range

172.16.100.100 - 129

Easy VPN

Group No 1

Tunnle Name: Omitted

Min Password Complexity Enabled
Password: Omitted

Interface: WAN1

Enabled:

Full Tunnel

Ip address 192.168.10.0 /24

Extended Auth: local db

Ideas?

Thanks,

JN