VPN Site to Site with 2 RV routers

Riccardo Margiotta · ‎05-31-2014

Hello,

I have a problem with the VPN connection with 2 Cisco RV routers (RV180W and RV110W).

Both devices are connected to a modem, and the WAN port is on the DMZ of that modem in order to exclude any firewall problem, and the configuration of the VPN Site2Site is the same on both router (the static IP address and DMZ subnet is different) but the connection could not start due some errors:

initial Main Mode message received on 10.0.0.10:500 but no connection has been authorized with policy=PSK

sending notification PAYLOAD_MALFORMED to <PUBLIC IP>:500

etc...

Can someone help me in order to discover where is the problem?..

Thanks,

Regards

Riccardo

chrebert · ‎06-05-2014

Hello Ricardo,

Do both of your RV routers have public IPs on their WAN interfaces? Because if not you are going to have a bit of trouble getting this working.

I know you said you put the RVs int he DMZ, but that is not the same as bridging the modem and putting the public IP directly on our device. The routers use the WAN IP to identify themselves and communicate, so with private address that process is usually messed up.

A payload malform could also just be a mismatch in configuration somewhere, make sure all of your encryption settings match. I have also seen an incorrect MTU size cause malformed packets.

However, the biggest thing would be making sure the public IP is on the WAN of the RVs, I wouldn't look into anything else until that is done.

Hope that helps some,

Christopher Ebert - Advanced Network Support Engineer

Cisco Small Business Support Center

*please rate helpful posts*