Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

RVS4000 Site to Site VPN Issue

Hi all, I'm having problems with my VPN, the tunnel is up but I can not get to the far end, when I trace to an IP address at the far end it times out after it his my VLAN interface on my Switch.

Configurations are as follows:


Local Group Setup  Local Security Gateway Type:   IP Only

IP address:
Local Security Group Type:  Subnet
IP Address: 
Subnet Mask:   

Remote Group Setup  Remote Security Gateway Type:   IP Only

Remote Security Group Type:  IP Addr

IP Address:

Remote Security Type: Subnet

IP Address:

Subnet Mask:   

IPSec Setup  Keying Mode:  IKE with Preshared keyl
Phase 1:
Encryption:  3DES 
Authentication:  SHA1
Group:  1024-bit
Key Life Time:   28800Sec.

Phase 2:

Encryption:  3DES 
Authentication:  SHA1 
Perfect Forward Secrecy:  Disable

Group: 1024-bit

Status  UP

Switch Configuration

Vlan4            YES NVRAM  up                    up

interface FastEthernet0/36

description *****WORKS NETWORK*****

switchport access vlan 4

switchport mode access

switchport port-security maximum 3

switchport port-security aging time 1

switchport port-security violation protect

speed 100

duplex full

interface FastEthernet0/44

description *****UPLINK TO RVS4000 WORK*****

switchport trunk encapsulation dot1q

switchport mode trunk

duplex full is subnetted, 1 subnets

C is directly connected, Vlan4

C is directly connected, Vlan3 is subnetted, 1 subnets

C is directly connected, Vlan2

C is directly connected, Vlan1

S* [1/0] via

Can anybody help with me connecting to my works 172 network please?

Many thanks


Everyone's tags (1)

RVS4000 Site to Site VPN Issue


We need the configuration from both sides of the tunnel. just displaying one side wouldn't give us enough information for a problem.

Most likely its not going to be a problem on the RVS4000 since we are have limited configuration/options we can change. if the other router is a enterprise device i would call tac and open a case. I had similar case where Cisco 871 had a asynchronous routing configured and was causing similar problem.

Looking at your traffic selection for the remote security group i see you using /12 which is a huge amount of traffic selection to send across the tunnel and would affect how Internet access to certain sites behind RVS. normally this will only include /24 maybe a /21 for larger networks.

Please provide more details so we can find a solution or point you in the right direction like opening a case with TAC.


New Member

RVS4000 Site to Site VPN Issue

Thanks for your reply, yes the other side is a ASA 5540, below is my configuration on there.

Local Network:

Remote Network:

Crypto Map

PFS Disabled

NAT-T: enabled

Time: 8.0.0

Traffic Volume: 4608000

Ike Neg Mode: Main

Tunnel Group:

Ike Peer ID Validation: Required

Monitor Keepalives: 10 seconds intervals with 2 seconds retry

IPsec Protocaol: Enabled

Does this give you enough information or would you like to see other configuration settings?

Thanks again



Re: RVS4000 Site to Site VPN Issue

Please give me copy of phase 1policy (IKE), phase 2 policy and ACL attached to your crypto map policy for the RVS4000. It’s best if we can see all information for tunnel.

You can mask public ip addresses.

What's your phase 2 key lifetime on RVS4000?


New Member

RVS4000 Site to Site VPN Issue

Sorry for the delay, mad day at work.

I hope this is the required info

access-list VLAN-773_Outside_81_cryptomap extended permit ip

crypto map VLAN-773_Outside_map 81 match address VLAN-773_Outside_81_cryptomap

crypto map VLAN-773_Outside_map 81 set peer

crypto map VLAN-773_Outside_map 81 set transform-set ESP-3DES-SHA

tunnel-group type ipsec-l2l

tunnel-group general-attributes

default-group-policy lan2lan

tunnel-group ipsec-attributes

pre-shared-key *****

group-policy lan2lan internal

group-policy lan2lan attributes

vpn-filter none

vpn-tunnel-protocol IPSec svc

If you require please let me know



New Member

Re: RVS4000 Site to Site VPN Issue

Does this help you at all?

Thanks martyn

Sent from Cisco Technical Support iPad App

New Member

RVS4000 Site to Site VPN Issue

Any further help on this would be great... thanks


RVS4000 Site to Site VPN Issue


I know the problem will be over on IOS router configuration as we have limited amount of information we can change in the small business. it would be good to get a case started with TAC and after they review settings have them to 3 way SBSC and we'll work together to get this issue resolved for you.