We've been testing an SA520 as a possible replacement for the RV082 but we have hundreds of RV082's around N America and several that we maintain VPN connections to for various purposes. We've been unable, as yet, to establish a site-to-site VPN connection from our SA520 running 1.1.3 to an RV082 running 188.8.131.52. The SA is the initiator. I've copied and pasted the PSK, changed the IKE policy to AES-128 matching the RV082, the RV complains about the connection saying:
No acceptable Oakley Transform, No Proposal chosen. Please check your SA or preshared key setting
I fear the problem is the RV is expeting AES-128 as the Phase2 Encryption policy but that's not an option on the SA. Has anyone been able to get an SA5xx to connect to an RV0x2 via site-to-site VPN? Given the same QVPN client is supposed to work for both products surely the site-to-site VPN should work too. Thanks...
Try making sure the SA and RV are using the same Diffie Hellman group ( group 2 is the lowest they have in comon) and make sure the hashing algorithm is the same (both set for SHA/3DES). This should improve your odds.
Also make sure the subnets are different, and that you are allowing the WHOLE subnet across the link, and not just the ip of the router.
Fist, I have had a VPN connection from this LAN to the remote sites for years using RV082, so I know subnets are setup correctly. I alreayd have the SA520 set to Group 2 which is how the RV082's connect. Also, why would anyone want to use 3DES when AES is available? We've used AES-128 for many years on the RV082's without issue.
What really bugs me about Cisco is you guys simply refuse to test this on your own. It should be very simple for you guys to setup a couple of your own devices and put up a FAQ on how to do this. Every single Small Business product should be able to connect to every other one. I can take a PIX v5 and make a VPN connection to an ASA on 8.1 and there's documentation on how to do it. Why can't Cisco document it's Small Biz routers? You cannot assume that a Small Biz will replace every single device at every single location all at one time so there has to be some overlap. We have a customer now using BEFSR41/BEFSX41s at various locations who refuse to upgrade to anything new becuase they have to do it all at once becuase Cisco/Linksys failed to either do any testing between the BE VPN series and the RV series (let alone the SA series) or Cisco/Linksys knows it can be done (tech after tech claims it's possible) but refuses to post anything on how to do it. What harm does it do to document how to do something when a customer is buying more Cisco product? I'm not asking for FAQs on how to go from a RV082 to a Juniper Netscreen, just one Cisco product to another.
When Cisco's SMB management realizes that having incompatible products is unacceptable it will start down the road of being accepted by more SMBs. Until then, you will continue to have unhappy partners and customers posting problems here left and right.
Hi every one!!!When you are configuring a remote VPN connection, there
are some steps that are lost on the path. Here you can see those steps.
A) In your Cisco device: 1. Ensure you don´t have any rule denying the
traffic between the device and the remote...
You have a Cisco Unified Communications Manager (CUCM) system and want
to configure a SPA112 analog telephone adaptor (ATA) to register to the
CUCM so that you can use up to two analog phones or similar FXS devices
with the CUCM.In this application note, ...
Introduction: This document describes how to connect SG300 with Catalyst
switch via STP. Spanning Tree Protocol (STP) is a Layer 2 protocol that
runs on mainly on switches. The specification for STP is IEEE 802.1D.
The main purpose of STP is to ensure tha...