04-14-2018 06:58 AM - edited 03-21-2019 11:08 AM
Cisco RV320 to RV320 Gateway to Gateway
Both sites have STATIC IP over PPPoE
Both routers firmware is the latest v1.4.2.17 (2017-10-30, 15:50:18)
Tunnel configuration is fine for both ends, tunnel never connects, After configuring the tunnel on both sites and press connect button, Keeps connecting then waiting for connection...., That's it never connected!
Site A Log
2018-04-09, 22:15:45 VPN Log [g2gips0] #1: [Tunnel Established] sent MR3, ISAKMP SA established
2018-04-09, 22:15:45 VPN Log [g2gips0]: cmd=up-client peer=79.173.X.X peer_client=192.168.2.0/24
2018-04-09, 22:15:45 VPN Log ip route add 192.168.2.0/24 via 10.50.253.15 dev ppp1 metric 35
2018-04-09, 22:15:45 VPN Log iptables -t nat -I vpn -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
2018-04-09, 22:15:45 VPN Log iptables -t nat -I vpn -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
2018-04-09, 22:15:45 VPN Log iptables -t nat -I vpn_postrouting -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
2018-04-09, 22:15:45 VPN Log iptables -t nat -I vpn_postrouting -o eth0 -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
2018-04-09, 22:15:45 VPN Log [g2gips0] #2: [Tunnel Established] IPsec SA established {ESP=>0xc9f16ce4 < 0xcb1f6958 AH=>0xc4790703 < 0xc9d7ed2c}
2018-04-09, 22:15:45 VPN Log [g2gips0]: cmd=down-client peer=79.173.X.X peer_client=192.168.2.0/24
2018-04-09, 22:15:45 VPN Log ip route del 192.168.2.0/24 via 10.50.253.15 dev ppp1 metric 35
2018-04-09, 22:15:45 VPN Log iptables -t nat -D vpn -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
2018-04-09, 22:15:45 VPN Log iptables -t nat -D vpn -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
2018-04-09, 22:15:45 VPN Log iptables -t nat -D vpn_postrouting -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
2018-04-09, 22:15:45 VPN Log iptables -t nat -D vpn_postrouting -o eth0 -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
2018-04-09, 22:15:45 VPN Log [g2gips0] #1: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_AH SA(0xc4790703) not found (maybe expired)
2018-04-09, 22:15:45 VPN Log [g2gips0]: [Tunnel Disconnected]
__________________________
Site B Log
2018-04-09, 22:13:06 VPN Log [g2gips0]: [Tunnel Disconnected]
2018-04-09, 22:15:43 VPN Log [g2gips0] #1: [Tunnel Established] ISAKMP SA established
2018-04-09, 22:15:43 VPN Log [g2gips0]: cmd=up-client peer=92.253.X.X peer_client=192.168.1.0/24
2018-04-09, 22:15:43 VPN Log ip route add 192.168.1.0/24 via 10.50.253.12 dev ppp1 metric 35
2018-04-09, 22:15:43 VPN Log iptables -t nat -I vpn -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
2018-04-09, 22:15:43 VPN Log iptables -t nat -I vpn -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
2018-04-09, 22:15:43 VPN Log iptables -t nat -I vpn_postrouting -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
2018-04-09, 22:15:43 VPN Log iptables -t nat -I vpn_postrouting -o eth0 -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
2018-04-09, 22:15:43 VPN Log [g2gips0] #2: [Tunnel Established] sent QI2, IPsec SA established {ESP=>0xcb1f6958 < 0xc9f16ce4 AH=>0xc9d7ed2c < 0xc4790703}
2018-04-09, 22:15:43 VPN Log [g2gips0]: [Tunnel Disconnected]
2018-04-09, 22:15:43 VPN Log [g2gips0]: cmd=down-client peer=92.253.X.X peer_client=192.168.1.0/24
2018-04-09, 22:15:43 VPN Log ip route del 192.168.1.0/24 via 10.50.253.12 dev ppp1 metric 35
2018-04-09, 22:15:43 VPN Log iptables -t nat -D vpn -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
2018-04-09, 22:15:43 VPN Log iptables -t nat -D vpn -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
2018-04-09, 22:15:43 VPN Log iptables -t nat -D vpn_postrouting -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
2018-04-09, 22:15:43 VPN Log iptables -t nat -D vpn_postrouting -o eth0 -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
2018-04-09, 22:15:43 VPN Log packet from 92.253.X.X:500: [Tunnel Authorize Fail] no connection has been authorized with policy=PSK
Solved! Go to Solution.
11-08-2018 04:06 AM
I am responding to this for others benefits, The issues was caused by load balancing detection option, You only have to disable it:
System Management
Dual WAN
Check Smart Link Backup, Knowing that the default is Load Balance (Auto Mode)
|
04-19-2018 04:19 AM
Hi,
-- Please check the Phase I and Phase II settings in the VPN router on both the sides. They should be identical.
-- Also try enabling Aggressive mode on both sites and check if the tunnel connects.
-- If NAT/PAT is configured in the network, then configure the tunnel by enabling NAT transversal under advance option.
-- Block WAN request should be disabled on both ends of the routers.(Firewall >> Block WAn Request)
-- Make sure the WAN port have static IP address assigned and the same is a Public IP as VPN works only on Public IP.
-- As you have mentioned that you are using a PPPoE link, so please check with your ISP that the WAN IP should not change after an interval, it should be static.
04-22-2018 05:39 AM - edited 04-22-2018 05:39 AM
Thank you for replying, and follow up
According to log on both ends, a private IP "which is each side WAN gateway" is interfering with the tunnel, I am following up with ISP but I am not sure that they can help.
Images attached and log can clearly show the issue:
Side A
2018-04-22, 15:24:29 VPN Log [g2gips0]: cmd=down-client peer=79.173.X.X peer_client=192.168.2.0/24 peer_client_net=192.168.2.0 peer_client_mask=255.255.255.0
2018-04-22, 15:24:29 VPN Log ip route del 192.168.2.0/24 via 10.50.253.13 dev ppp1 metric 35
____________________________________________________________________________
Side B
2018-04-22, 15:24:31 VPN Log [g2gips0]: cmd=down-client peer=92.253.X.X peer_client=192.168.1.0/24 peer_client_net=192.168.1.0 peer_client_mask=255.255.255.0
2018-04-22, 15:24:31 VPN Log ip route del 192.168.1.0/24 via 10.50.253.12 dev ppp1 metric 35
04-25-2018 06:46 AM
Finally!!!
Solved by adding static Route, my ISP WAN GW to my Local LAN IP of each site
04-28-2018 08:03 AM - edited 04-28-2018 08:04 AM
11-08-2018 04:06 AM
I am responding to this for others benefits, The issues was caused by load balancing detection option, You only have to disable it:
System Management
Dual WAN
Check Smart Link Backup, Knowing that the default is Load Balance (Auto Mode)
|
01-22-2020 10:17 AM
Solved by Disable dual WAN. System Management > Check Smart Link Back UP > Primary WAN WAN1. Disable Network Service Detection. VPN OK
07-28-2019 12:32 AM
I am trying to set up the same VPN connection RV20 to RV320 (Gateway to Gateway), and although all the setting are what they are supposed to be, it isn't connecting.
You mentioned that you "Solved by adding static Route, my ISP WAN GW to my Local LAN IP of each site".
What did you mean by that? Could you show a screenshot of what you did?
Attached is my VPN config for Site1 and Site2
02-17-2020 12:21 PM
I would really like to know that as well.
Did you ever get any private response from that poster? I'm stuck here.
Thx
02-17-2020 12:32 PM
Could you please provide a little detail or an example?
Assuming you're in Setup > Advanced Routing
Entry requires:
Destination IP (Is this local LAN IP of RV?)
Subnet Mask (Assume Subnet Mask should correlate to IP address above)
Default Gateway (WAN Gateway of local ISP or remote?)
Hop Count (Should this be "1"?)
Interface (WAN?)
Thank you for helping, in advance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide