cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1128
Views
0
Helpful
8
Replies

Cisco RV042G WAN Interface issue

TStream111
Level 1
Level 1

Hi,
I'm looking to get this vpn router connected up for site-to-site  vpn.  This wasn't originally setup by me, but all the configuration  looks correct and it was apparently working at some point.  The problem  is, on the WAN interface I can't seem to ping my public IP or any IP on  the subnet.  I can't ping the gateway either.  All other public IPs on  this subnet are responding fine.

Here is some errors I'm seeing in the log.

(g2gips3)  #1: ERROR: asynchronous network error report on eth1 for message to  122.XXX.XXX.XXX port 500, complainant 131.XXX.XXX.205: No route to host  [errno 148, origin ICMP type 3 code 1 (not authenticated)]

NSD FAIL WAN[1] 

WAN connection is up : 131.XXX.XXX.205/255.255.25

5.248 gw 131.XXX.XXX.201 on eth1
8 Replies 8

Tom Watts
VIP Alumni
VIP Alumni

Hi Jay, if this is an untouched configuration that randomly stopped working then I would make a check list to ensure everything lines up.

-Site A and B verify the numbers

-The LAN subnets and masks did not change

-The WAN subnets and masks did not change

-There is no introduction of no new networking equipment on either side

-If everything checks out, nothing appears to change, perform a reboot for both routers at Site A and B

-If the tunnel still does not establish, you may want to delete both sides and rebuild them

-If this continues to fail, you may have to take more drastic troubleshooting, such as erasing a configuration or default reset the router and reconfigure to test for software defect

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Thanks. 

The router I'm connecting to is not accessible by me as it's held by another company.  I did redo the configuration on this router, but still having the same issue.  I did get them to create a new tunnel on a different public IP, but still the same.  Using the diagnostics option on the router itself, I'm a little confused that the public ip is not pingable.  I disabled the firewall on the device as a test with no change.

This router is connecting to a switch, which then connects to an Allied Telesis router.  I'm wondering if I'm missing something on the AT router it needs to pass through.  Do I only need to forward port 500?

Jay,

Is the AT router bridged completely? If it has a firewall it will block pings and other inbound traffic to the RV042G.

- Marty

Yes it is. The other public ips in the same subnet all respond fine, I'm using them for web servers.  I can ping them fine.  The router i'm connecting to is a cisco 1941.

I've added some attachments of the WAN interface and vpn setup.

Jay,

Under Firewall, do you have Block WAN Request enabled? This will stop the router from replying to ping requests.

Enable Remote Management on the same page and set the port to 8080. From the LAN behind the RV042G, open www.yougetsignal.com and open the Port Forwarding test. Check port 8080 and it should be open. You can change the Remote Management port to 80, 443, etc. and run the same test to see if the traffic is reaching the router. If it is not the test will time out or show that the port is closed.

Please reply with the results.

- Marty

No, I have that disabled.  As per the attached screenshot.firewall.PNG

Remote Management is enabled, but the port it talks on will be blocked by the AT currently.  I access the router through LAN.  I will open the port on the AT and check.

Jay,

If you cannot ping the router from the WAN side then either the AT router or the ISP is blocking the traffic. If you need to do something on the AT to allow Remote Management, then it is not bridged. Bridged means that it allows ALL traffic to pass to the RV042G without interference.

- Marty

Ok thanks.  I will need to look into some config on my AT router and see if I can bridge it with the RV042G.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: