Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Between two RV082 routers not working

We're getting the following message in the logs when we ry to connect:

encrypted Informational Exchange message is invalid because it is for incomplete ISAKMP SA

One of the router is a V2 and the other is a V4 if that makes any difference. Can someone tell me what exactly that message means?

  • Small Business Routers
Everyone's tags (3)
12 REPLIES
Green

VPN Between two RV082 routers not working

Hi Tom.

This means there is an issue with your phase 1 negotiation. The phase 1 negotiaties parameters to establish the ISAKMP SA. In turn, the ISAKMP SA is then used to protect the future IKE exchanges.

Double check both IKE policies to ensure completely match.


-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
New Member

VPN Between two RV082 routers not working

Yes, I have double checked the settings. They are exactly the same on both. This is the second tunnel for both routers. Do we need to use different settings for each tunnel perhaps?

Green

VPN Between two RV082 routers not working

Hi Tom, each tunnel should have their own policy.

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
New Member

VPN Between two RV082 routers not working

We're essentially using the same encryption settings for both tunnels. So, when you say we should use another policy, can that simply mean using a different shared key? Or is it something more complex than that?

Green

VPN Between two RV082 routers not working

You can use all the same setting, I'd recommend a different password.

Just need to make separate policies for each tunnel pointing respectively to the correct subnets and WAN IP's

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
New Member

VPN Between two RV082 routers not working

Ok, so keeping in mind that I am a software guy, not an IT guy and this is new to me, are you saying that, for example if I used 192.168.1.0 255.255.255.0 as the local group settings for the first tunnel, that I should use something different for the second tunnel?

Green

VPN Between two RV082 routers not working

Hi Tom, Please reference this picture below.

The router on the top is 192.168.1.0, let's say this is the main router.

You should have 2 IKE and VPN policies.

The local group for the first router will always be the 192.168.1.0 network. The remote groups will be that of the respective router.

For VPN 1, the local group is 192.168.1.0, remote group is 192.168.2.0. The 'main' router of course will point to the WAN ip of the 192.168.2.0 router.

For VPN 2, the same thing, local group is 192.168.1.0, remote group to be 192.168.3.0. The 'main' router will point to the WAN ip of the 192.168.3.0 router.

You need to create the policy to be unique to each router wan / local subnet.

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
New Member

VPN Between two RV082 routers not working

Yes, so it looks like we have the basic setup correct. I'm not sure I understand what you mean when you refer to "policy".

Green

VPN Between two RV082 routers not working

Hi Tom,

When you navigate vpn and create gateway to gateway connection, this page encompasses to facets of information. The IKE policy and IPSEC policy.

Anyway, for each connection, you need to define the properties for each unique VPN tunnel between sites.

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
1734
Views
0
Helpful
12
Replies