02-12-2014 06:58 PM
Hi,
I'm looking to get this vpn router connected up for site-to-site vpn. This wasn't originally setup by me, but all the configuration looks correct and it was apparently working at some point. The problem is, on the WAN interface I can't seem to ping my public IP or any IP on the subnet. I can't ping the gateway either. All other public IPs on this subnet are responding fine.
Here is some errors I'm seeing in the log.
(g2gips3) #1: ERROR: asynchronous network error report on eth1 for message to 122.XXX.XXX.XXX port 500, complainant 131.XXX.XXX.205: No route to host [errno 148, origin ICMP type 3 code 1 (not authenticated)]
NSD FAIL WAN[1]
WAN connection is up : 131.XXX.XXX.205/255.255.25
02-13-2014 08:04 AM
Hi Jay, if this is an untouched configuration that randomly stopped working then I would make a check list to ensure everything lines up.
-Site A and B verify the numbers
-The LAN subnets and masks did not change
-The WAN subnets and masks did not change
-There is no introduction of no new networking equipment on either side
-If everything checks out, nothing appears to change, perform a reboot for both routers at Site A and B
-If the tunnel still does not establish, you may want to delete both sides and rebuild them
-If this continues to fail, you may have to take more drastic troubleshooting, such as erasing a configuration or default reset the router and reconfigure to test for software defect
-Tom
Please mark answered for helpful posts
02-13-2014 12:48 PM
Thanks.
The router I'm connecting to is not accessible by me as it's held by another company. I did redo the configuration on this router, but still having the same issue. I did get them to create a new tunnel on a different public IP, but still the same. Using the diagnostics option on the router itself, I'm a little confused that the public ip is not pingable. I disabled the firewall on the device as a test with no change.
This router is connecting to a switch, which then connects to an Allied Telesis router. I'm wondering if I'm missing something on the AT router it needs to pass through. Do I only need to forward port 500?
02-13-2014 01:22 PM
Jay,
Is the AT router bridged completely? If it has a firewall it will block pings and other inbound traffic to the RV042G.
- Marty
02-13-2014 01:41 PM
02-13-2014 03:27 PM
Jay,
Under Firewall, do you have Block WAN Request enabled? This will stop the router from replying to ping requests.
Enable Remote Management on the same page and set the port to 8080. From the LAN behind the RV042G, open www.yougetsignal.com and open the Port Forwarding test. Check port 8080 and it should be open. You can change the Remote Management port to 80, 443, etc. and run the same test to see if the traffic is reaching the router. If it is not the test will time out or show that the port is closed.
Please reply with the results.
- Marty
02-13-2014 03:33 PM
No, I have that disabled. As per the attached screenshot.
Remote Management is enabled, but the port it talks on will be blocked by the AT currently. I access the router through LAN. I will open the port on the AT and check.
02-13-2014 03:41 PM
Jay,
If you cannot ping the router from the WAN side then either the AT router or the ISP is blocking the traffic. If you need to do something on the AT to allow Remote Management, then it is not bridged. Bridged means that it allows ALL traffic to pass to the RV042G without interference.
- Marty
02-13-2014 04:00 PM
Ok thanks. I will need to look into some config on my AT router and see if I can bridge it with the RV042G.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide