Unable to pull up RV220W web interface via VPN

Fizzasist2 · ‎10-14-2013

I have 2 RV220W routers connected via VPN and they seem to be working fine. All machines on both sides of the VPN can see each other and network sharing is working fine.

Lets call one end SITE A and the other SITE B. When I am on a machine at SITE A and try to pull up ANYTHING that has a web interface at SITE B (i.e the RV220W at site B or a Sharp MFP Copier) I get a Cisco page saying the "The server is down. Connection failed" (after a LONG timeout).

And the opposite is true as well: If I am working on a PC at SITE B and try to pull up a web interface that resides on SITE A, it says "server is down".

If I try to pull up a web interface that resides on SITE A FROM Site A, it works fine and vice versa....

I can ping anything both ways so it looks like the Cisco is blocking that specific web traffice for some reason.

By the way, we previously had basic Linksys VPN firewalls installed and this was not an issue. It started happening PRECISELY when I changed the Linksys routers out for the Cisco routers so I feel that it HAS to be related.....

Any ideas out there??

aunrein · ‎10-16-2013

Hello Randy,

Have you configured Remote Management on your routers? This might be the problem.

Let me know if this is the problem.

Thanks,

Alex

jeffrrod · ‎10-16-2013

Dear Randy,

Thank you for reaching the Small Business Support Community.

Have you tried different browsers by any chance? Is there any ProtectLink configured so you can add the needed URL's in the "Approved list", and if none you may try to add them on the "Firewall > Access Control > Trusted Domains".

I would suggest you to upgrade to the latest firmware release version 1.0.4.17, since it addresses some HTTPS sessions and URL filtering issues;

http://software.cisco.com/download/release.html?mdfid=283118607&flowid=24581&softwareid=282487380&release=1.0.4.17&relind=AVAILABLE&rellifecycle=&reltype=latest

Please try this out and let me know, I'll be looking forward to hear from you.

Kind regards,

Jeffrey Rodriguez S. .:|:.:|:.
Cisco Customer Support Engineer

*Please rate the Post so other will know when an answer has been found.

Jeffrey Rodriguez S. .:|:.:|:. Cisco Customer Support Engineer *Please rate the Post so other will know when an answer has been found.

Fizzasist2 · ‎10-17-2013

Yup I already updated firmware and Remote Management is ON.......and I have tried IE8, Chrome and Firefox (16.0.1)

To clarify, it's not JUST the Cisco web interface that I cannot access---any device with a web interface is inaccessible across the VPN. For instance, we have a Sharp MFP Copier that I am constantly watching for page counts, toner levels, etc., and I cannot access the Sharp that is at the other site bu pulling up it's IP address in a browser.....BUT I CAN access the Sharp web interface that is on MY side of the VPN.

I will check into the "trusted domains" setting and let you know.....THANKS!

Fizzasist2 · ‎10-17-2013

I don't have any setting called "access control" under firewall.......there's "access rules"

Also, wouldn't the VPN make the other side of the WAN "trusted" by default?? I'm trying to figure out when you would want to set up a VPN that was untrusted......

mpyhala · ‎10-17-2013

Randy,

You have a very unusual issue. Can you try disabling the tunnel for a few minutes and connect to the other side using QuickVPN? If possible, try that and see if you can access web interfaces on the remote LAN.

Also, did you do the basic VPN setup when you configured the tunnel? I wonder if there is anything unusual about your tunnel settings. Maybe some screenshots would help.

Do you have good bandwidth on each side from the ISP?

Who is the ISP on each side?

- Marty

Fizzasist2 · ‎10-17-2013

What is the difference between VPV and QuickVPN? Where do you configure it?

We are a non-profit and out Internet is graciuosly donated to us so it is not the fastest in the world but Site A is our business office and it has 5M bandwidth and the Site B is our other site and it has a 1M service.

I never had this issue until I swapped out the old Linksys FWs for the Cisco firewalls. We DO experience some lag when opening files over the VPN and I was hoping to solve this by upgrading to the Cisco routers. The situation has improved but it could be better......we just don't have the money to up the speed right now

I am interesting in ANYTHING that could help with the speed but testing is difficult because we are a 24/7 agency....Fridays are best because our business office is closed then......

I can post some screenshots of the VPN page if you would like.....

mpyhala · ‎10-17-2013

Randy,

QuickVPN is a client that works with Windows XP through 7. It is usually used when travelling. It creates an IPSec tunnel similar to a site-to-site tunnel which is why I asked you to test it.

It sounds like you are bandwidth starved and web sessions are timing out as a result. It is possible that this can be mitigated by tweaking the tunnel settings. (Which might explain why your older routers worked better)

Please post screenshots of your IKE and VPN policy for the tunnel. Cover or remove any sensitive information such as Pre-Shared Key, WAN IP address, etc.

- Marty

Fizzasist2 · ‎10-17-2013

mpyhala · ‎10-17-2013

Randy,

Test with:

IKE Policy -

Encryption Algorithm: DES

Authentication Algorithm: MD5

Diffie-Hellman (DH) Group: 1 (768 bit)

IPSec Policy -

Encryption Algorithm: DES

Authentication Algorithm: MD5

PFS Key Group: Disable

Note that you are using less security with these settings but you may see slightly better performance.

- Marty

Fizzasist2 · ‎10-17-2013

Thanks for the tip! I will try it tomorrow and see how it goes....