Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Tunel VPN między WRVS4400N a RV120W

Witam,

Mam problem ze skonfigurowaniem tunelu VPN między urządzeniami WRVS4400N a RV120W. Docelowo 3 RV120W będą się łaczyć na stałe (site-to-site) do 4400, narazie próbowałem wszystko ustawić z domu.

Ustawienia :

WRVS4400N:

WAN IP 217.28.147.160

LAN IP 100.100.100.1

RV120W

WAN IP ( zmienne - lecz ustawione przez no-ip.org )

LAN IP 192.168.3.1

Dodam że oba urządzenia stoją za routerami ADSL ( z wyłączonymi Firewallami ) które są ustawione w trybie Bridge Mode

Ustawienia IPSEC ( po stronie WRVS4400N )

Local security Gateway Type: IP Only

IP address 217.28.147.160

Local security Group Type: Subnet

IP address 100.100.100.1
Subnet Mask 255.255.255.0


Remote Security Gateway Type: IP Only

IP by DNS Resolved: mzgmdom.no-ip.org ( jest to adres zarejestrowany pod no-ip.org)

Remtoe Security Group Type: subnet

IP Address 192.168.3.1

Subnet mask 255.255.255.0

IPSEC setup:

Keying Mode: IKE with Preshared Key

Phase 1:

Encryption : 3DES

Authentication : MD5

Group: 768-bit

Key lifetime 28800 sec

Phase 2:

Encryption: 3DES

Authentication: SHA1

Preshared key: (tutaj hasło - jednakowe na po obu stronach)

Group: 768-bit

Key Lifetime 3600sec

Cały czas status wskazuje Down, wstawiłbym jakieś logi lecz po naciśnieciu View Log wyskakuje jedynie puste okienko ( być może nie są włączone)

Prosiłbym o pomoc w skonfigurowaniu tego tunelu, bo już naprawde nie mam pomysłu :/ Niedługo wpisze ustawienia po stronie RV120W, lecz moim zdaniem są jednakowe, aczkolwiek mogłem coś pominąć.

4 REPLIES
Silver

Tunel VPN między WRVS4400N a RV120W

What is the device that has the ip address of 100.100.100.0 ? This isn't considered a private ip address and could possible be effecting the connection between both sites. Do you have any other tunnels configured to site using 100.100.100.0 ?

Small Business platforms only supported with private /24 subnets on it's local subnet's.

By taking the next step we would verify settings on both routers (tunnel settings)

change the local security group and remote security group too 192.168.3.0 instead of 3.1 and change 100.100.100.1 to 100.100.100.0 (this being 100.100.100.0 isn't the reason of our problems.) Next you could check the no-ip.org to use only the public ip address. after that is complete you can try changing some of the encryptions to higher like AES-128 on both sides.After all this testing and still can't get them to connect you can post your logs messages and we'll take a look or call support center for assistance (support Numbers)

Jasbryan

New Member

Re: Tunel VPN między WRVS4400N a RV120W

I don't know what you mean by "what is the device that has the ip address of 100.100.100.0", but if mean what is the device in front of the WRVS4400N ( which has the 100.100.100.1 LAN address ) it's the WAG200G

I don't have any other tunnels configured on both routers

I can't change to AES-128 becouse WRVS4400N supports only 3DES.


I made some changes:

So now on the WRVS4400N:

Local security Gateway Type: IP Only

IP address 217.28.147.160

Local security Group Type: Subnet

IP address 100.100.100.0
Subnet Mask 255.255.255.0

Remote Security Gateway Type: IP Only

IP by DNS Resolved: mzgmdom.no-ip.org

Remtoe Security Group Type: subnet

IP Address 192.168.3.0

Subnet mask 255.255.255.0

IPSEC setup:

Keying Mode: IKE with Preshared Key

Phase 1:

Encryption : 3DES

Authentication : MD5

Group: 768-bit

Key lifetime 28800 sec

Phase 2:

Encryption: 3DES

Authentication: MD5

Preshared key: (password)

Group: 768-bit

Key Lifetime 28800 sec

on RV120W ( it's bit different ), but I tried:

Policy name : MZGM

Policy type : Auto Policy

Remote Endpoint: Ip Address

                             217.28.147.160

NETBIOS : Disabled

Local traffic selection

Local ip : subnet

Start address: 192.168.3.0

Subnet Mask: 255.255.255.0

Remote Traffice Selection

Remote IP : Subnet

Start address : 100.100.100.0

Subnet Mask: 255.255.255.0

Split DNS Enable not checked

Auto policy Parameters

SA-Lifetime: 28800

                    seconds

Encryption Algorithm: 3DES

Integrity Algorithm: MD5

PFS Key Group: Enable

                         DH-Group 1 (768bit)

IKE POLICY TABLE:

Policy Name: MZGM

Direction / Type : Both

Exchange Mode: Aggressive

Local

Identifier Type: Local WAN (Internet) IP

Identifier (78.154.87.26) - this is auto changed

Remote

Idetifier Type: Remote WAN (Internet) IP

Identifier 217.28.147.160

IKE SA Parameters

Encryption Algorithm: 3DES

Authentication Algorithm: MD5

Authentication Method Pre-Shared Key

Pre-Shared Key: (password)

Diffie-Hellman (DH) Group: Group1 (768 bit)

SA-Lifetime: 28800 sec

Dead Peer Detection Enable not checked

Extended Authentication

XAUTH Type : None

Log from RV120W:

2000-01-03 17:34:35: [rv120w][IKE] INFO:  accept a request to establish IKE-SA: 217.28.147.160

2000-01-03 17:34:35: [rv120w][IKE] INFO:  Configuration found for 217.28.147.160.

2000-01-03 17:34:35: [rv120w][IKE] INFO:  Initiating new phase 2 negotiation: 78.154.87.26[500]<=>217.28.147.160[0]

2000-01-03 17:34:36: [rv120w][IKE] ERROR:  Phase 2 negotiation failed due to time up. 772582fa03e4d2c2:70777692f2a0edfa:88489e74

2000-01-03 17:34:36: [rv120w][IKE] INFO:  an undead schedule has been deleted: 'quick_i1prep'.

2000-01-03 17:36:06: [rv120w][IKE] INFO:  Configuration found for 217.28.147.160[500].

2000-01-03 17:36:06: [rv120w][IKE] ERROR:  Identity Protection mode of 217.28.147.160[500] is not acceptable.

2000-01-03 17:36:16: [rv120w][IKE] INFO:  Configuration found for 217.28.147.160[500].

2000-01-03 17:36:16: [rv120w][IKE] ERROR:  Identity Protection mode of 217.28.147.160[500] is not acceptable.

2000-01-03 17:36:36: [rv120w][IKE] INFO:  Configuration found for 217.28.147.160[500].

2000-01-03 17:36:36: [rv120w][IKE] ERROR:  Identity Protection mode of 217.28.147.160[500] is not acceptable.

2000-01-03 17:38:01: [rv120w][IKE] INFO:  Configuration found for 217.28.147.160[500].

2000-01-03 17:38:01: [rv120w][IKE] ERROR:  Identity Protection mode of 217.28.147.160[500] is not acceptable.

2000-01-03 17:38:11: [rv120w][IKE] INFO:  Configuration found for 217.28.147.160[500].

2000-01-03 17:38:11: [rv120w][IKE] ERROR:  Identity Protection mode of 217.28.147.160[500] is not acceptable.

2000-01-03 17:38:31: [rv120w][IKE] INFO:  Configuration found for 217.28.147.160[500].

2000-01-03 17:38:31: [rv120w][IKE] ERROR:  Identity Protection mode of 217.28.147.160[500] is not acceptable.

VPNLOG from WRVS4400N:

Mar 13 09:47:38 - [VPN Log]: "MZGM" #5: initiating Main Mode

Mar 13 09:48:48 - [VPN Log]: "MZGM" #5: max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message

Not much from these logs :/

Silver

Re: Tunel VPN między WRVS4400N a RV120W

Marcin,

If our router doesn't hold the public ip address then this is the problem but please call the Cisco Small Business Support Center (Support Numbers) so we can confirm.

Jasbryan

New Member

Re: Tunel VPN między WRVS4400N a RV120W

But if I type in the public IP in the explorer I log in to the cisco router on both sides...

967
Views
0
Helpful
4
Replies