10-14-2013 10:33 AM
I have 2 RV220W routers connected via VPN and they seem to be working fine. All machines on both sides of the VPN can see each other and network sharing is working fine.
Lets call one end SITE A and the other SITE B. When I am on a machine at SITE A and try to pull up ANYTHING that has a web interface at SITE B (i.e the RV220W at site B or a Sharp MFP Copier) I get a Cisco page saying the "The server is down. Connection failed" (after a LONG timeout).
And the opposite is true as well: If I am working on a PC at SITE B and try to pull up a web interface that resides on SITE A, it says "server is down".
If I try to pull up a web interface that resides on SITE A FROM Site A, it works fine and vice versa....
I can ping anything both ways so it looks like the Cisco is blocking that specific web traffice for some reason.
By the way, we previously had basic Linksys VPN firewalls installed and this was not an issue. It started happening PRECISELY when I changed the Linksys routers out for the Cisco routers so I feel that it HAS to be related.....
Any ideas out there??
10-16-2013 01:32 PM
Hello Randy,
Have you configured Remote Management on your routers? This might be the problem.
Let me know if this is the problem.
Thanks,
Alex
10-16-2013 03:06 PM
Dear Randy,
Thank you for reaching the Small Business Support Community.
Have you tried different browsers by any chance? Is there any ProtectLink configured so you can add the needed URL's in the "Approved list", and if none you may try to add them on the "Firewall > Access Control > Trusted Domains".
I would suggest you to upgrade to the latest firmware release version 1.0.4.17, since it addresses some HTTPS sessions and URL filtering issues;
Please try this out and let me know, I'll be looking forward to hear from you.
Kind regards,
Jeffrey Rodriguez S. .:|:.:|:.
Cisco Customer Support Engineer
*Please rate the Post so other will know when an answer has been found.
10-17-2013 09:12 AM
Yup I already updated firmware and Remote Management is ON.......and I have tried IE8, Chrome and Firefox (16.0.1)
To clarify, it's not JUST the Cisco web interface that I cannot access---any device with a web interface is inaccessible across the VPN. For instance, we have a Sharp MFP Copier that I am constantly watching for page counts, toner levels, etc., and I cannot access the Sharp that is at the other site bu pulling up it's IP address in a browser.....BUT I CAN access the Sharp web interface that is on MY side of the VPN.
I will check into the "trusted domains" setting and let you know.....THANKS!
10-17-2013 09:15 AM
I don't have any setting called "access control" under firewall.......there's "access rules"
Also, wouldn't the VPN make the other side of the WAN "trusted" by default?? I'm trying to figure out when you would want to set up a VPN that was untrusted......
10-17-2013 09:35 AM
Randy,
You have a very unusual issue. Can you try disabling the tunnel for a few minutes and connect to the other side using QuickVPN? If possible, try that and see if you can access web interfaces on the remote LAN.
Also, did you do the basic VPN setup when you configured the tunnel? I wonder if there is anything unusual about your tunnel settings. Maybe some screenshots would help.
Do you have good bandwidth on each side from the ISP?
Who is the ISP on each side?
- Marty
10-17-2013 09:48 AM
What is the difference between VPV and QuickVPN? Where do you configure it?
We are a non-profit and out Internet is graciuosly donated to us so it is not the fastest in the world but Site A is our business office and it has 5M bandwidth and the Site B is our other site and it has a 1M service.
I never had this issue until I swapped out the old Linksys FWs for the Cisco firewalls. We DO experience some lag when opening files over the VPN and I was hoping to solve this by upgrading to the Cisco routers. The situation has improved but it could be better......we just don't have the money to up the speed right now
I am interesting in ANYTHING that could help with the speed but testing is difficult because we are a 24/7 agency....Fridays are best because our business office is closed then......
I can post some screenshots of the VPN page if you would like.....
10-17-2013 09:55 AM
Randy,
QuickVPN is a client that works with Windows XP through 7. It is usually used when travelling. It creates an IPSec tunnel similar to a site-to-site tunnel which is why I asked you to test it.
It sounds like you are bandwidth starved and web sessions are timing out as a result. It is possible that this can be mitigated by tweaking the tunnel settings. (Which might explain why your older routers worked better)
Please post screenshots of your IKE and VPN policy for the tunnel. Cover or remove any sensitive information such as Pre-Shared Key, WAN IP address, etc.
- Marty
10-17-2013 10:06 AM
10-17-2013 11:05 AM
Randy,
Test with:
IKE Policy -
Encryption Algorithm: DES
Authentication Algorithm: MD5
Diffie-Hellman (DH) Group: 1 (768 bit)
IPSec Policy -
Encryption Algorithm: DES
Authentication Algorithm: MD5
PFS Key Group: Disable
Note that you are using less security with these settings but you may see slightly better performance.
- Marty
10-17-2013 11:08 AM
Thanks for the tip! I will try it tomorrow and see how it goes....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide