Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1651
Views
0
Helpful
2
Replies

RV110W create VPN site to site over ADSL

empsoftsl
Level 1
Level 1

‎02-19-2014 12:40 AM

We are trying to confgirure a VPN site to site using two RV110W.

In first site we have this network:

Router ADSL:

  • WAN IP : 218.128.53.113
  • LAN IP : 192.168.20.1

Router RV110W:

  • WAN IP : 192.168.20.100
  • LAN IP   : 192.168.0.1

In second site:

Router ADSL:

  • WAN IP : 218.128.53.114
  • LAN IP : 192.168.10.1

Router RV110W:

  • WAN IP : 192.168.10.100
  • LAN IP   : 192.168.1.1

At "Basic VPN Setup" we configure with this values:

First site:

  • Connection name: vpnEmpsoft
  • Pre-Shared key   : 12345678
  • Remote WAN ip adress: 218.128.53.114
  • Remote LAN IP adress : 192.168.1.0
  • Remote LAN Mask       : 255.255.255.0
  • Local LAN IP adress     : 192.168.0.0
  • Local LAN Mask           : 255.255.255.0

Second site:

  • Connection name         : vpnEmpsoft
  • Pre-Shared key            : 12345678
  • Remote WAN ip adress: 218.128.53.113
  • Remote LAN IP adress : 192.168.0.0
  • Remote LAN Mask       : 255.255.255.0
  • Local LAN IP adress     : 192.168.1.0
  • Local LAN Mask           : 255.255.255.0

When save this configuration seems that all is OK, but the state of IPSec Connection is "IPSec SA not established".

The log of the router in the first site is:

1          2014-02-19 9:34:20 AM          debug          pluto[2627]: "vpnEmpsoft" #23: received and ignored informational message    

2          2014-02-19 9:34:20 AM          debug          pluto[2627]: "vpnEmpsoft" #23: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000    

3          2014-02-19 9:34:20 AM          debug          pluto[2627]: "vpnEmpsoft" #23: discarding duplicate packet; already STATE_MAIN_I3    

4          2014-02-19 9:34:10 AM          debug          pluto[2627]: "vpnEmpsoft" #23: received and ignored informational message    

5          2014-02-19 9:34:10 AM          debug          pluto[2627]: "vpnEmpsoft" #23: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000    

6          2014-02-19 9:34:10 AM          debug          pluto[2627]: "vpnEmpsoft" #23: STATE_MAIN_I3: sent MI3, expecting MR3    

7          2014-02-19 9:34:10 AM          debug          pluto[2627]: "vpnEmpsoft" #23: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3    

8          2014-02-19 9:34:10 AM          debug          pluto[2627]: "vpnEmpsoft" #23: STATE_MAIN_I2: sent MI2, expecting MR2    

9          2014-02-19 9:34:10 AM          debug          pluto[2627]: "vpnEmpsoft" #23: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2    

10          2014-02-19 9:34:10 AM          debug          pluto[2627]: "vpnEmpsoft" #23: received Vendor ID payload [Dead Peer Detection]    

11          2014-02-19 9:34:10 AM          debug          pluto[2627]: "vpnEmpsoft" #23: received Vendor ID payload [Openswan (this version) 2.6.21 ]    

12          2014-02-19 9:34:10 AM          debug          pluto[2627]: "vpnEmpsoft" #23: initiating Main Mode to replace #22    

13          2014-02-19 9:34:10 AM          debug          pluto[2627]: "vpnEmpsoft" #22: starting keying attempt 2 of an unlimited number    

14          2014-02-19 9:34:10 AM          debug          pluto[2627]: "vpnEmpsoft" #22: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message    

15          2014-02-19 9:33:30 AM          debug          pluto[2627]: "vpnEmpsoft" #22: received and ignored informational message    

16          2014-02-19 9:33:30 AM          debug          pluto[2627]: "vpnEmpsoft" #22: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000    

17          2014-02-19 9:33:30 AM          debug          pluto[2627]: "vpnEmpsoft" #22: discarding duplicate packet; already STATE_MAIN_I3    

18          2014-02-19 9:33:10 AM          debug          pluto[2627]: "vpnEmpsoft" #22: received and ignored informational message    

19          2014-02-19 9:33:10 AM          debug          pluto[2627]: "vpnEmpsoft" #22: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000    

20          2014-02-19 9:33:10 AM          debug          pluto[2627]: "vpnEmpsoft" #22: discarding duplicate packet; already STATE_MAIN_I3    

21          2014-02-19 9:33:01 AM          debug          pluto[2627]: "vpnEmpsoft" #22: received and ignored informational message    

22          2014-02-19 9:33:01 AM          debug          pluto[2627]: "vpnEmpsoft" #22: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000    

23          2014-02-19 9:33:00 AM          debug          pluto[2627]: "vpnEmpsoft" #22: STATE_MAIN_I3: sent MI3, expecting MR3    

24          2014-02-19 9:33:00 AM          debug          pluto[2627]: "vpnEmpsoft" #22: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3    

25          2014-02-19 9:33:00 AM          debug          pluto[2627]: "vpnEmpsoft" #22: STATE_MAIN_I2: sent MI2, expecting MR2    

26          2014-02-19 9:33:00 AM          debug          pluto[2627]: "vpnEmpsoft" #22: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2    

27          2014-02-19 9:33:00 AM          debug          pluto[2627]: "vpnEmpsoft" #22: received Vendor ID payload [Dead Peer Detection]    

28          2014-02-19 9:33:00 AM          debug          pluto[2627]: "vpnEmpsoft" #22: received Vendor ID payload [Openswan (this version) 2.6.21 ]    

29          2014-02-19 9:33:00 AM          debug          pluto[2627]: "vpnEmpsoft" #22: initiating Main Mode to replace #21    

30          2014-02-19 9:33:00 AM          debug          pluto[2627]: pending Quick Mode with 218.128.53.113 "vpnEmpsoft" took too long -- replacing phase 1

The log of the router in the second site is:

1 2014-02-19 9:29:30 AM debug pluto[1002]: "vpnEmpsoft" #53: sending encrypted notification INVALID_ID_INFORMATION to 218.128.53.114:500  

2 2014-02-19 9:29:30 AM debug pluto[1002]: "vpnEmpsoft" #53: no suitable connection for peer '192.168.0.1'  

3 2014-02-19 9:29:30 AM debug pluto[1002]: "vpnEmpsoft" #53: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.1'  

4 2014-02-19 9:29:20 AM debug pluto[1002]: "vpnEmpsoft" #51: max number of retransmissions (2) reached STATE_MAIN_R2  

5 2014-02-19 9:29:10 AM debug pluto[1002]: "vpnEmpsoft" #53: sending encrypted notification INVALID_ID_INFORMATION to 218.128.53.114:500  

6 2014-02-19 9:29:10 AM debug pluto[1002]: "vpnEmpsoft" #53: no suitable connection for peer '192.168.0.1'  

7 2014-02-19 9:29:10 AM debug pluto[1002]: "vpnEmpsoft" #53: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.1'  

8 2014-02-19 9:29:01 AM debug pluto[1002]: "vpnEmpsoft" #53: sending encrypted notification INVALID_ID_INFORMATION to 218.128.53.114:500  

9 2014-02-19 9:29:01 AM debug pluto[1002]: "vpnEmpsoft" #53: no suitable connection for peer '192.168.0.1'  

10 2014-02-19 9:29:01 AM debug pluto[1002]: "vpnEmpsoft" #53: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.1'  

11 2014-02-19 9:29:00 AM debug pluto[1002]: "vpnEmpsoft" #53: STATE_MAIN_R2: sent MR2, expecting MI3  

12 2014-02-19 9:29:00 AM debug pluto[1002]: "vpnEmpsoft" #53: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2  

13 2014-02-19 9:29:00 AM debug pluto[1002]: "vpnEmpsoft" #53: STATE_MAIN_R1: sent MR1, expecting MI2  

14 2014-02-19 9:29:00 AM debug pluto[1002]: "vpnEmpsoft" #53: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1  

15 2014-02-19 9:29:00 AM debug pluto[1002]: "vpnEmpsoft" #53: responding to Main Mode  

16 2014-02-19 9:29:00 AM debug pluto[1002]: packet from 218.128.53.114:500: received Vendor ID payload [Dead Peer Detection]  

17 2014-02-19 9:29:00 AM debug pluto[1002]: packet from 218.128.53.114:500: received Vendor ID payload [Openswan (this version) 2.6.21 ]

¿what is the problem?

We try to configure ther routers connecting directly WAN connections and works fine (changing the Remote WAN ip adress, of course). It's seems that the problem is when there are 2 routers adsl between the cisco RV110W.



2 people had this problem
Labels:
0 Helpful
2 Replies 2

notsogeek
Level 1
Level 1

‎04-20-2014 05:45 PM

I have the exact same configuration with: (2) RV110W, ADSL, and P2P VPN and I am receiving the same exact log messages.

 

Any help out there?

 

Thank you

0 Helpful

Vishnu Sharma
Level 1
Level 1

‎04-20-2014 08:41 PM

Hi Empsoftsl,

 

Could you please confirm that PFS is disabled on both the ends. If not could you please try disabling and then initiating the connection.

 

Vishnu.

0 Helpful
Customers Also Viewed These Support Documents