Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7358
Views
5
Helpful
9
Replies

Cisco RV320 to RV320 Gateway to Gateway

Go to solution
awamoumen
Level 1
Level 1

‎04-14-2018 06:58 AM - edited ‎03-21-2019 11:08 AM

Cisco RV320 to RV320 Gateway to Gateway

 

Both sites have STATIC IP over PPPoE

 

Both routers firmware is the latest v1.4.2.17 (2017-10-30, 15:50:18)

Tunnel configuration is fine for both ends, tunnel never connects, After configuring the tunnel on both sites and press connect button, Keeps connecting then waiting for connection...., That's it never connected! 

 

 


Site A Log

2018-04-09, 22:15:45      VPN Log      [g2gips0] #1: [Tunnel Established] sent MR3, ISAKMP SA established
2018-04-09, 22:15:45      VPN Log      [g2gips0]: cmd=up-client peer=79.173.X.X peer_client=192.168.2.0/24 peer_client_net=192.168.2.0 peer_client_mask=255.255.255.0
2018-04-09, 22:15:45      VPN Log      ip route add 192.168.2.0/24 via 10.50.253.15 dev ppp1 metric 35
2018-04-09, 22:15:45      VPN Log      iptables -t nat -I vpn -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
2018-04-09, 22:15:45      VPN Log      iptables -t nat -I vpn -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
2018-04-09, 22:15:45      VPN Log      iptables -t nat -I vpn_postrouting -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
2018-04-09, 22:15:45      VPN Log      iptables -t nat -I vpn_postrouting -o eth0 -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
2018-04-09, 22:15:45      VPN Log      [g2gips0] #2: [Tunnel Established] IPsec SA established {ESP=>0xc9f16ce4 < 0xcb1f6958 AH=>0xc4790703 < 0xc9d7ed2c}
2018-04-09, 22:15:45      VPN Log      [g2gips0]: cmd=down-client peer=79.173.X.X peer_client=192.168.2.0/24 peer_client_net=192.168.2.0 peer_client_mask=255.255.255.0
2018-04-09, 22:15:45      VPN Log      ip route del 192.168.2.0/24 via 10.50.253.15 dev ppp1 metric 35
2018-04-09, 22:15:45      VPN Log      iptables -t nat -D vpn -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
2018-04-09, 22:15:45      VPN Log      iptables -t nat -D vpn -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
2018-04-09, 22:15:45      VPN Log      iptables -t nat -D vpn_postrouting -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
2018-04-09, 22:15:45      VPN Log      iptables -t nat -D vpn_postrouting -o eth0 -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
2018-04-09, 22:15:45      VPN Log      [g2gips0] #1: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_AH SA(0xc4790703) not found (maybe expired)
2018-04-09, 22:15:45      VPN Log      [g2gips0]: [Tunnel Disconnected]


_______________________________________________________________________________________________________________________________________________________________________


Site B Log

2018-04-09, 22:13:06      VPN Log      [g2gips0]: [Tunnel Disconnected]
2018-04-09, 22:15:43      VPN Log      [g2gips0] #1: [Tunnel Established] ISAKMP SA established
2018-04-09, 22:15:43      VPN Log      [g2gips0]: cmd=up-client peer=92.253.X.X peer_client=192.168.1.0/24 peer_client_net=192.168.1.0 peer_client_mask=255.255.255.0
2018-04-09, 22:15:43      VPN Log      ip route add 192.168.1.0/24 via 10.50.253.12 dev ppp1 metric 35
2018-04-09, 22:15:43      VPN Log      iptables -t nat -I vpn -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
2018-04-09, 22:15:43      VPN Log      iptables -t nat -I vpn -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
2018-04-09, 22:15:43      VPN Log      iptables -t nat -I vpn_postrouting -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
2018-04-09, 22:15:43      VPN Log      iptables -t nat -I vpn_postrouting -o eth0 -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
2018-04-09, 22:15:43      VPN Log      [g2gips0] #2: [Tunnel Established] sent QI2, IPsec SA established {ESP=>0xcb1f6958 < 0xc9f16ce4 AH=>0xc9d7ed2c < 0xc4790703}
2018-04-09, 22:15:43      VPN Log      [g2gips0]: [Tunnel Disconnected]
2018-04-09, 22:15:43      VPN Log      [g2gips0]: cmd=down-client peer=92.253.X.X peer_client=192.168.1.0/24 peer_client_net=192.168.1.0 peer_client_mask=255.255.255.0
2018-04-09, 22:15:43      VPN Log      ip route del 192.168.1.0/24 via 10.50.253.12 dev ppp1 metric 35
2018-04-09, 22:15:43      VPN Log      iptables -t nat -D vpn -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
2018-04-09, 22:15:43      VPN Log      iptables -t nat -D vpn -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
2018-04-09, 22:15:43      VPN Log      iptables -t nat -D vpn_postrouting -s 192.168.2.0/24 -d 192.168.1.0/24 -j ACCEPT
2018-04-09, 22:15:43      VPN Log      iptables -t nat -D vpn_postrouting -o eth0 -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT
2018-04-09, 22:15:43      VPN Log      packet from 92.253.X.X:500: [Tunnel Authorize Fail] no connection has been authorized with policy=PSK

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
awamoumen
Level 1
Level 1
In response to awamoumen

‎11-08-2018 04:06 AM

I am responding to this for others benefits, The issues was caused by load balancing detection option, You only have to disable it:

 

System Management 

Dual WAN

 

Check Smart Link Backup, Knowing that the default is Load Balance (Auto Mode)

 

Load Balance
Smart Link Backup: Primary WAN(Specify which WAN is Primary, the other one will be backup)
Load Balance (Auto Mode)

View solution in original post

0 Helpful
9 Replies 9

Go to solution
riteshsh
Cisco Employee
Cisco Employee

‎04-19-2018 04:19 AM

Hi,

 

-- Please check the Phase I and Phase II settings in the VPN router on both the sides. They should be identical. 

-- Also try enabling Aggressive mode on both sites and check if the tunnel connects.

-- If NAT/PAT is configured in the network, then configure the tunnel by enabling NAT transversal under advance option.

-- Block WAN request should be disabled on both ends of the routers.(Firewall >> Block WAn Request)

 

-- Make sure the WAN port have static IP address assigned and the same is a Public IP as VPN works only on Public IP.

-- As you have mentioned that you are using a PPPoE link, so please check with your ISP that the WAN IP should not change after an interval, it should be static. 

0 Helpful

Go to solution
awamoumen
Level 1
Level 1
In response to riteshsh

‎04-22-2018 05:39 AM - edited ‎04-22-2018 05:39 AM

Thank you for replying, and follow up

 

According to log on both ends, a private IP "which is each side WAN gateway" is interfering with the tunnel, I am following up with ISP but I am not sure that they can help.

 

Images attached and log can clearly show the issue:

 

 

 

Side A

2018-04-22, 15:24:29 VPN Log [g2gips0]: cmd=down-client peer=79.173.X.X peer_client=192.168.2.0/24 peer_client_net=192.168.2.0 peer_client_mask=255.255.255.0
2018-04-22, 15:24:29 VPN Log ip route del 192.168.2.0/24 via 10.50.253.13 dev ppp1 metric 35

 

____________________________________________________________________________

 

 

Side B

2018-04-22, 15:24:31 VPN Log [g2gips0]: cmd=down-client peer=92.253.X.X peer_client=192.168.1.0/24 peer_client_net=192.168.1.0 peer_client_mask=255.255.255.0
2018-04-22, 15:24:31 VPN Log ip route del 192.168.1.0/24 via 10.50.253.12 dev ppp1 metric 35

Preview file
11 KB
Preview file
12 KB
0 Helpful

Go to solution
awamoumen
Level 1
Level 1
In response to riteshsh

‎04-25-2018 06:46 AM

Finally!!!

Solved by adding static Route, my ISP WAN GW to my Local LAN IP of each site

0 Helpful

Go to solution
awamoumen
Level 1
Level 1
In response to awamoumen

‎04-28-2018 08:03 AM - edited ‎04-28-2018 08:04 AM

Disable dual WAN. System Management > Check Smart Link Back UP > Primary WAN WAN1. Disable Network Service Detection

Preview file
169 KB
Preview file
178 KB

Go to solution
awamoumen
Level 1
Level 1
In response to awamoumen

‎11-08-2018 04:06 AM

I am responding to this for others benefits, The issues was caused by load balancing detection option, You only have to disable it:

 

System Management 

Dual WAN

 

Check Smart Link Backup, Knowing that the default is Load Balance (Auto Mode)

 

Load Balance
Smart Link Backup: Primary WAN(Specify which WAN is Primary, the other one will be backup)
Load Balance (Auto Mode)
0 Helpful

Go to solution
Méson-Pi
Level 1
Level 1
In response to awamoumen

‎01-22-2020 10:17 AM

Solved by Disable dual WAN. System Management > Check Smart Link Back UP > Primary WAN WAN1. Disable Network Service Detection. VPN OK

0 Helpful

Go to solution
TSGCS0001
Level 1
Level 1
In response to awamoumen

‎07-28-2019 12:32 AM

I am trying to set up the same VPN connection RV20 to RV320 (Gateway to Gateway), and although all the setting are what they are supposed to be, it isn't connecting.

 

You mentioned that you "Solved by adding static Route, my ISP WAN GW to my Local LAN IP of each site".

What did you mean by that? Could you show a screenshot of what you did?

 

Attached is my VPN config for Site1 and Site2

Preview file
184 KB
Preview file
204 KB
0 Helpful

Go to solution
JohnnyAl65389
Level 1
Level 1
In response to TSGCS0001

‎02-17-2020 12:21 PM

I would really like to know that as well.

Did you ever get any private response from that poster? I'm stuck here.

 

Thx

0 Helpful

Go to solution
JohnnyAl65389
Level 1
Level 1
In response to awamoumen

‎02-17-2020 12:32 PM

Could you please provide a little detail or an example? 

Assuming you're in Setup > Advanced Routing

Entry requires:

Destination IP (Is this local LAN IP of RV?)

Subnet Mask (Assume Subnet Mask should correlate to IP address above)

Default Gateway (WAN Gateway of local ISP or remote?)

Hop Count (Should this be "1"?)

Interface (WAN?)

 

Thank you for helping, in advance.

0 Helpful
Customers Also Viewed These Support Documents