Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

RV042g and RV110w site to site VPN behind DSL

Hello,

I am struggling to get a site to site VPN to work between two cisco routeurs both behind DSL routers. Would really appreciate your help.

Site A:

Public IP: 1.2.3.4 with a DSL routeur (all ports forwarded to 192.168.0.42)

RV042G Wan set to static IP: 192.168.0.42

RV042G LAN set to: 192.168.105.x

Site B:

Public IP: 5.6.7.8 with a DSL routeur (all ports forwarded to 192.168.1.42)

RV110W Wan set to static IP: 192.168.1.42

RV110W LAN set to: 192.168.111.x

When I try to establish a connection, I get the following error on the RV110W:

26    2014-01-18 9:36:53 AM    debug    pluto[14811]: "naya" #110: sending encrypted notification INVALID_ID_INFORMATION to 1.2.3.4:500    

27    2014-01-18 9:36:53 AM    debug    pluto[14811]: "naya" #110: no suitable connection for peer '192.168.0.42'    

28    2014-01-18 9:36:53 AM    debug    pluto[14811]: "naya" #110: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.42'    

29    2014-01-18 9:36:53 AM    debug    pluto[14811]: "naya" #110: STATE_MAIN_R2: sent MR2, expecting MI3    

30    2014-01-18 9:36:53 AM    debug    pluto[14811]: "naya" #110: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2         

32    2014-01-18 9:36:53 AM    debug    pluto[14811]: "naya" #110: STATE_MAIN_R1: sent MR1, expecting MI2    

33    2014-01-18 9:36:53 AM    debug    pluto[14811]: "naya" #110: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1    

34    2014-01-18 9:36:53 AM    debug    pluto[14811]: "naya" #110: responding to Main Mode

The problem is both Cisco routers are advertising their WAN IP instead of the real Public internet IP.

Is there a way to force a connection and avoid this ID check? I used to have VPN routers from another manufacturer when it was possible to manually change the ID.

Thank you very much for your help

  • VPN
Everyone's tags (4)
9 REPLIES
New Member

RV042g and RV110w site to site VPN behind DSL

I had the same isue, i think it's a check created by your VPN security, i'd test with other setting and it's working now

Bronze

RV042g and RV110w site to site VPN behind DSL

The cisco rv series work this way for their site-to-site vpn.  I've run into the same problem.  It uses the IP address as part of the security check, and when it sees a different address, it fails.

I believe that NAT-T (NAT Traversal) is an option on these and checking this box should help.  Also, try using aggressive vs main mode.

For me, I used some older Netgear VPN routers that didn't have this limitation and they work fine in your configuration.

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
New Member

RV042g and RV110w site to site VPN behind DSL

Hi

I got this working couple of years ago - let me know if you still need a solution and I will write up the steps and post back to you

Regards

Steve

Bronze

RV042g and RV110w site to site VPN behind DSL

I'd love to hear how you got this working.  I've got some rv016s where I had to reconfigure the network to use the site-to-site because of the IP issue.

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
New Member

hi - not forgotten was going

hi - not forgotten was going to write up my solution - just have not had a spare moment - I will get round to it soon as i can

steve

New Member

ironically have had to

ironically have had to replace one of the ageing modems in this setup and now can no longer get the tunnel to work so my solution might not have been that informative - after much trial and error I have resorted to asking for some guidance here:

https://supportforums.cisco.com/discussion/12189026/vpn-tunnel-between-rv042s-behind-adsl-modems

 

Bronze

Thank you for the reply and

Thank you for the reply and update.  There's no reason a modem should have caused this to stop working since Internet is Internet as far as the rvs are concerned.  I'll check out your other thread.
 

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
New Member

Hi,Do you try to configure

Hi,

Do you try to configure "crypto isakamp identity hostname " on both sides?

Bronze

There are no crypto maps or

There are no crypto maps or anything like that on the rv series.  The rv series is smb and doesn't use IOS.
 

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
724
Views
0
Helpful
9
Replies