03-05-2012 07:47 AM
How do I get one of these to automatically bring up the VPN tunnel without the end user having to login and click connect? I got the VPN working Dynamic to ASA static, but it doesnt come up on its own when I try to access something over VPN.
03-05-2012 08:06 AM
Do you have DPD turned on? Not sure since it's connected to ASA55xx since usually if you were connected to another small business router it generally will come back up. You can try adding this feature under advanced settings.
Jasbryan
03-05-2012 08:11 AM
DPD and keepalives are on. I have a constant ping up, and try to access something on the VPN network and the router just inst bringing the tunnel up on its own. It did it one time, but hasn't since.
03-05-2012 08:44 AM
Make sure key lifetime are exactly the same , instead of matching phase 1 & 2 of the ASA55xx. Match them on the RV042. Phase 1 usually 28800 and phase 2 is 3600. Also try the tunnel with PFS on and PFS off.
Jasbryan..
03-05-2012 12:04 PM
OK this is really strange. I turned PFS off, and the tunnel connected automatically, but I can no longer pass traffic. If I turn it back on, I can't bring the tunnel up. I ran a debug on the ASA for icmp and the packets are reaching the server I am testing to, and returning back to the VPN, but the Mac is not seeing them. Before the VPN worked but had to manually connect it. Now it automatically connects, but doesn't work. Strange little device.
03-05-2012 02:03 PM
Yeah sounds similar to issue i had between an ASA and SA which i had to get assistance from Tac they ran a few commands and found the problem. If you haven't done so open a case with tac and if need be call Small Business Support center and open a case with us(1-866-606-1866) very little setting changes we can make on our device usually settings changes are done on ASA side.
Jasbryan
03-05-2012 02:10 PM
I finally got it working. It was the PFS settings. PFS needs to be enabled for it to automatically connect, and I had to add it to the ASA side as well. I got the little bugger finally working so I can write up a doc for our tech so they can configure these for customers.
03-05-2012 02:16 PM
Fantastic,
Yeah both side needs to match identical for everything to work perfectly.
Jasbryan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: