Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

RV180 to RVS4000 Site-to-Site VPN Tunnel?

Could someone help me with the configuration for a site-to-site VPN tunnel between an RV180 and RVS4000?

I am pretty sure these two devices should be able to establish a VPN tunnel between each other, but I cannot seem to get it working.  I have configured what is labeled as the Phase 2 IPSec Setup on the RVS4000 as a new IKE policy on the RV180.  I have configured what is labeled as the Phase 1 IPSec Setup on the RVS4000 as VPN policy that uses the IKE policy, but no connection.   Is this the correct way to think about it?  Are there other considerations?  Are there any gotch'yas?

Here's a couple of notes regarding my setup:

- Main office upgraded to RV180 (upgraded to get faster NAT throughput)

- Remote offices still run RVS4000's

- RVS4000 at main to remote RVS4000's site-to-site VPN has been working perfectly for years

- WAN connection is by domain name, not IP address (dyndns in use)

- RVS4000 setup generally looks like this

- Local Group Setup

- Local Security Gateway Type:  IP Only

- Local Security Group Type:  Subnet

- IP Address:  192.168.aaa.1

- Subnet:  255.255.255.0

- Remote Group Setup

- Remote Security Gateway Type:  IP Only

- IP by DNS Resolved:  xxxxx.dyndns.org

- Remote Security Group Type:  Subnet

- IP Address:  192.168.bbb.1

- Subnet:  255.255.255.0

- IPSec Setup

- Keying Mode:  IKE with Preshared Key

- Phase 1

- Encryption:  3DES

- Authentication:  MD5

- Group:  1536 bit

- Key lifetime:  28800 seconds

- Phase 2

- Encryption:  3DES

- Authentication:  SHA1

- Perfect Forward Secrecy:  Enabled

- Preshared Key:  xxxxxxxxxx

- Group:  1536 bit

- Key lifetime:  28800 seconds

- Aggressive Mode:  Disabled

- NetBios Broadcast:  Enabled

Everyone's tags (4)
6 REPLIES
Silver

RV180 to RVS4000 Site-to-Site VPN Tunnel?

Looks ok, try enabling Agreesive mode on one end to see if that helps. you could try having a look at some examples of Ipsec tunnels over here:

http://www.linksysinfo.org/index.php?forums/routerworld.58/

Regards Simon
http://www.linksysinfo.org

Regards Simon http://www.linksysinfo.org
Community Member

RV180 to RVS4000 Site-to-Site VPN Tunnel?

Thanks, Simon,

I took a look at those example, but could not find one for the RV180.  Did I miss it?

The net-net is that I am hoping to find a working example that shows how to configure the RV180 to open a site-to-site VPN tunnel with a RVS4000.  Has anyone been able to get this to work.  I'll keep trying different configuration, including Aggressive mode, but hope that someone out there has already figured this out since the configuration pages in the RV180 are vastly different from the RVS4000.

Silver

Re:RV180 to RVS4000 Site-to-Site VPN Tunnel?

There isnt any rv180 examples but the principle is the same. Are any of the routers behind any other firewall or router that you know of?

Sent from Cisco Technical Support Android App

Regards Simon http://www.linksysinfo.org
Cisco Employee

RV180 to RVS4000 Site-to-Site VPN Tunnel?

Thebeck76,

Please contact Cisco SBSC TAC at one of the numbers located here:

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html.

In order for us to track this we will need a case number setup as a point of reference.  Please contact a support agent as soon as possible so we can get the ball rolling on resolving your issue.

Community Member

Re:RV180 to RVS4000 Site-to-Site VPN Tunnel?

I am having the same problem with an RV180 to RV042v3, will not work.  the RV180 does hold tunnels with two RV042v1's and an old Zywall 2, but will not establish with an RV042v3.  Latest firmware on both.  Thanks!!!

Community Member

Re:RV180 to RVS4000 Site-to-Site VPN Tunnel?

Hi everyone,

I did contact cisco support and got my issue (quasi-)resolved.  The issue, as it was explained to me, is that the RV180 does not handle different authentication schemes in each phase very well.  And specifically, it does not handle SHA1 very well.

Based on support's advice, I switched to MD5 for both phases and the RV180-to-RVS4000 site-to-site VPN tunnel established with no problems.  In fact, I updated all my RVS4000-to-RVS4000 site-to-site VPN tunnels, as well, to the same (MD5 in both phases) and those VPN tunnels actually became more stable than before (I was having disconnect issues that have now disappeared).

Hope this helps.

6878
Views
0
Helpful
6
Replies
CreatePlease to create content