Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Tunnel: 1841 to Linksys WRVS4400N

I am attempting to connect two offices via IPSec tunnel, my side is using an 1841 with AdvSec package (and existing IPSec tunnels on a different interface) and the other office is using a Linksys WRVS4400N VPN router.

I've got both sides configured properly for the tunnel and can see Phase 1 IKE, but Phase 2 fails. Has anyone successfully used these devices to peer? I am using mostly default values for the setup...3DES, SHA1, DH group 2 etc.

Thanks is advance for the help.

5 REPLIES
Cisco Employee

Re: Tunnel: 1841 to Linksys WRVS4400N

The tunnel should work fine between two different VPN Vendors as far as they follow the RFC.

Can you post a copy of current configuration along with "deb cry is" and "deb cry ipsec" outputs, so we can see what is going on.

Regards,

Arul

Community Member

Re: Tunnel: 1841 to Linksys WRVS4400N

Got the tunnel up and talking, the issue was a misconfiguration on the Linksys VPN router. Now that they are talking the Cisco SDM shows the tunnel status as "up", yet I cannot ping any of the hosts on the destination network. When I use the SDM diagnostic tool, it comes back with:

"A ping with data size of this VPN interface MTU size and 'Do not Fragment' bit set to the other end VPN device is failing. This may happen if there is a lesser MTU network which drops the 'Do not fragment' packets."

I did a search on Google and found a forum post from someone with the same problem...but the last post was from the user, saying "issue resolved it was a routing problem" with no specifics.

Has anyone run into this before?

Cisco Employee

Re: Tunnel: 1841 to Linksys WRVS4400N

Glad you got the first part working :-)

As far as the traffic is concerned, are you saying that you are not able to even send a ping packet with 100 bytes across the tunnel. It may or may not be a MTU Issue and could be a misconfiguration on the ASA or Linksys. When you try to ping a remote host across the tunnel, what do you see under encrypts and decrypts? Can you post a copy of your configuration along with "show crypto ipsec sa" outputs and also the source and destination IP Addresses of your traffic.

Regards,

Arul

** Please rate all helpful posts **

Community Member

Re: Tunnel: 1841 to Linksys WRVS4400N

As of now, I am unable to ping any host in the destination network (192.168.6.0 /24). Nor am I able to ping the inside interface on the destination router (192.168.6.1). The other side, however, is able to ping the inside interface on my router (192.168.3.1). But they cannot ping any hosts inside my network.

When I run a "sh crypto eng connection active" I can see the encrypt/decrypt happening for each ping they send to my router, but nothing at all when I try to send a ping out.

A "sh crypto isa sa" shows MM_NO_STATE for the tunnel.

On a side note: I also set up a client VPN group on this router. They can connect successfully and ping the router (192.168.3.1) but cannot access any inside hosts either. Pings fail, as do any other method of accessing inside hosts when connected successfully via VPN.

I'm sure that I have overlooked something here.

I will post the config shortly.

Thanks!

Community Member

Re: Tunnel: 1841 to Linksys WRVS4400N

Here is the config that I am currently running. Thanks in advance for any advice or help!

431
Views
0
Helpful
5
Replies
CreatePlease to create content