I'm having trouble making a VPN connection between an ASA5505 and a RV082.
My VPN tunnel is working perfectly when it's the RV082 which initiate the VPN connection.
But if I configure the ASA with "VPN originate only mode" [crypto map outside_map 20 set connection-type originate-only] (which means, it's the ASA which originate the VPN connection), the VPN tunnel is not established and I can get the following error message in the RV082 System log:
Cannot respond to IPsec SA request because no connection is known for xx.xx.xx.247/32===192.168.30.1:4500...xx.xx.xx.xx:4500===192.168.5.100/32
Looks like the RV082 is referencing your connection to the private ip address that's infront or a different private ip address. Since the tunnel settings inside the RV082 isn't responding because it doesn't match. I don't understand where the (192.168.30.1) coming from since it's not in your diagram.
Cannot respond to IPSec SA request because no connection is known for xx.xx.xx.247/32===192.168.30.1:4500...xx.xx.xx.xx:4500===192.168.5.100/32
I imagine the problem is coming from the router in front of the RV082- since it's giving out a private ip address to the RV082. We don’t support this type of connection since the RV082 doesn’t hold the routable public ip address. Since we’re not the gateway router I can assume this is the reason why it’s working one way and not the other.
As you know when dealing with IPSec vpn tunnel for a tunnel to establish both side have to be identical or match when sending IPSec SA request. When the ASA is sending the IPSec SA request something is different and your connection isn’t matching therefore RV082 is replying with unknown connection error. Very few options on the RV082 we can change, I would look at different configuration options on your ASA. What I was saying about the private ip address on the RV082 – Since it’s private you are just adding another step in the connection process of the IPSec tunnel, with this type of setup many customers run into trouble especially when you have to different model routers. Supported configuration for SBSC products is when the RV082 holds the routable public ip address. Connection process is simpler when you’re the Gateway device.
Added note: In the link you provided with Site to Site ASA (Main error was ignoring vendor payload) this generally happens when the router is behind another device and doesn't hold the routable public ip address. In the ASA you change the vendor payload to specify actual public address. Generally is done
config>#crypto map ipsec-isakmp
I would repost this over on support forms for ASA and let those guys better direct you on what exactly needs to be done.
Hello, This article will describe how to configure PPTP VPN on the new
RV340/345 routers from the Small Business series. RV340/345
Configuration The first step is to enable the PPTP Server: Go to VPN ->
PPTP Server Change PPTP Server: from Off to On Selec...
Article ID:5748 Use TheGreenBow VPN Client to Connect with RV34x Series
Router Introduction A Virtual Private Network (VPN) connection allows
users to access, send, and receive data to and from a private network by
means of going through a public or share...
Article ID:5728 Configure a Teleworker VPN Client on the RV34x Series
Router Objective The Teleworker VPN Client feature minimizes the
configuration requirements at remote locations by allowing the device to
work as a Cisco VPN hardware client. When the T...