cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
817
Views
0
Helpful
7
Replies

FV042 VPN Autoconnect

tahequivoice
Level 2
Level 2

How do I get one of these to automatically bring up the VPN tunnel without the end user having to login and click connect?  I got the VPN working Dynamic to ASA static, but it doesnt come up on its own when I try to access something over VPN.

7 Replies 7

jasbryan
Level 6
Level 6

Do you have DPD turned on? Not sure since it's connected to ASA55xx since usually if you were connected to another small business router it generally will come back up. You can try adding this feature under advanced settings.

Jasbryan

DPD and keepalives are on. I have a constant ping up, and try to access something on the VPN network and the router just inst bringing the tunnel up on its own. It did it one time, but hasn't since.

Make sure key lifetime are exactly the same , instead of matching phase 1 & 2 of the ASA55xx. Match them on the RV042. Phase 1 usually 28800 and phase 2 is 3600. Also try the tunnel with PFS on and PFS off.

Jasbryan..

OK this is really strange. I turned PFS off, and the tunnel connected automatically, but I can no longer pass traffic. If I turn it back on, I can't bring the tunnel up.   I ran a debug on the ASA for icmp and the packets are reaching the server I am testing to, and returning back to the VPN, but the Mac is not seeing them.   Before the VPN worked but had to manually connect it. Now it automatically connects, but doesn't work. Strange little device.

Yeah sounds similar to issue i had between an ASA and SA which i had to get assistance from Tac they ran a few commands and found the problem. If you haven't done so open a case with tac and if need be call Small Business Support center and open a case with us(1-866-606-1866) very little setting changes we can make on our device usually settings changes are done on ASA side.

Jasbryan

I finally got it working. It was the PFS settings.  PFS needs to be enabled for it to automatically connect, and I had to add it to the ASA side as well.   I got the little bugger finally working so I can write up a doc for our tech so they can configure these for customers.

Fantastic,

Yeah both side needs to match identical for everything to work perfectly.

Jasbryan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: