Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

VPN Issues with WRV210 and Checkpoint

Hi everyone..

I'm setting up an IPSec tunnel between your primary site (with checkpoint) and a customer, having an Cisco WRV210.

The tunnel is established, and working, since I can ping from our site, to the customer, but the customer LAN can't ping our setup.. here comes the setup

Customer LAN:

192.168.10.0/24

Our LAN:

10.1.23.32/27

Ping from 10.1.23.34 to 192.168.10.1 (wrv210 ip) - Succes

Ping from 192.168.10.1 to 10.1.23.34 - Fails

In my checkpoint log file, i can't see any icmp attempts, from our customer.


Since there is no log in the Cisco WRV210, other than to set up an syslog server, i can't see what it is doing.. I do not have any accessible PC on the remote site, to send logs to..

Do you guys have any idea, about whats wrong?

Any help is appreciated

3 REPLIES
Community Member

Re: VPN Issues with WRV210 and Checkpoint

UPDATE:

Here's are VPN Log from our customer

000   [Fri 07:15:08]  packet from xx.xx.xx.xx:500: ignoring unknown Vendor ID payload [f4ed19e0c114eb516faaac0ee37daf2807b4381f000000010000138d4bf6794c...]

001   [Fri 07:15:08]  "TunnelA" #4: responding to Main Mode

002   [Fri 07:15:08]  "TunnelA" #4: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1

003   [Fri 07:15:08]  "TunnelA" #4: STATE_MAIN_R1: sent MR1, expecting MI2

004   [Fri 07:15:09]  "TunnelA" #4: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2

005   [Fri 07:15:09]  "TunnelA" #4: STATE_MAIN_R2: sent MR2, expecting MI3

006   [Fri 07:15:09]  "TunnelA" #4: Main mode peer ID is ID_IPV4_ADDR: 'xx.xx.xx.xx'

007   [Fri 07:15:09]  "TunnelA" #4: I did not send a certificate because I do not have one.

008   [Fri 07:15:09]  "TunnelA" #4: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3

009   [Fri 07:15:09]  "TunnelA" #4: [WRV210 Response:] ISAKMP SA established

010   [Fri 07:15:09]  "TunnelA" #4: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}

011   [Fri 07:15:09]  "TunnelA" #5: responding to Quick Mode {msgid:2973e856}

012   [Fri 07:15:09]  "TunnelA" #5: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1

013   [Fri 07:15:09]  "TunnelA" #5: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2

014   [Fri 07:15:09]  "TunnelA" #5: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2

015   [Fri 07:15:09]  "TunnelA" #5: [WRV210 Response:] IPSec SA established

016   [Fri 07:15:09]  "TunnelA" #5: STATE_QUICK_R2: IPsec SA established {ESP=>0x052096a9 <0x3a57f094 xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none}

017   [Fri 07:15:09]  "TunnelA" #5: discarding duplicate packet; already STATE_QUICK_R2

018   [Fri 07:15:10]  "TunnelA" #5: discarding duplicate packet; already STATE_QUICK_R2

Cisco Employee

Re: VPN Issues with WRV210 and Checkpoint

If pings work one way, that means the VPN tunnel itself is up and running.

The issue is more than likely an access-list on the customer's side, not configuration on VPN tunnel.

Community Member

Re: VPN Issues with WRV210 and Checkpoint

Hi halijenn,

Thanks for your reply.

I'm having the same thought, i just don't know where to configure the ACL on the Cisco WRV210.. I only have a limited web interface.. I Can't access any command line..

942
Views
0
Helpful
3
Replies
CreatePlease to create content