Re: Cisco RV320 to RV340 gateway 2 gateway, VPN tunnel not coming up

Kondor21 · ‎08-03-2020

I have 3 client sites. At 2 of them using RV320 to RV320 gateway to gateway and works fine.

For the 3rd site I got RV340 now and not able to bring the VPN tunnel up to one of the existing RV320.

After setting up and troubleshooting I´m stuck at the point as following:

2020-08-03, 11:04:29	VPN Log	[g2gips1] #96657: [Tunnel Established] sent MR3, ISAKMP SA established
2020-08-03, 11:04:17	VPN Log	[g2gips1] #96654: [Tunnel Established] sent MR3, ISAKMP SA established
2020-08-03, 11:04:07	VPN Log	[g2gips1] #96652: [Tunnel Established] sent MR3, ISAKMP SA established
2020-08-03, 11:04:01	VPN Log	[g2gips1] #96650: [Tunnel Established] sent MR3, ISAKMP SA established
2020-08-03, 11:03:47	VPN Log	[g2gips1] #96648: [Tunnel Established] sent MR3, ISAKMP SA established

I´ve already checked both sites keying and setup. Same for Dual WAN and Load Balance disabling.

Would appreciate any hint..

Battscom · ‎08-04-2020

I had a similar issue connecting an RV-325 to an RV-345 The only way we got it to work was changing the IPSEC phase 1 and phase 2 DH groups to Group 5 - 1536 bit, AES-128, SHA1 in the RV-325 advanced tunnel settings. Not sure if this is the same thing, but thought i'd at least try.

Kondor21 · ‎08-05-2020

Hi, I´ve checked on that, but with the following result.

[g2gips2] #31024: [Tunnel Authorize Fail] no acceptable Oakley Transform

[g2gips2] #31024: [Tunnel Authorize Fail] 3DES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM

[g2gips2] #31024: [Tunnel Authorize Fail] peer proposed key length not enabled for this connection. Attribute OAKLEY_KEY_LENGTH

[g2gips2] #31024: [Tunnel Authorize Fail] DES_CBC is not enabled for this connection. Attribute OAKLEY_HASH_ALGORITHM

[g2gips2] #31024: [Tunnel Authorize Fail] MODP_1024 is not enabled for this connection. Attribute OAKLEY_GROUP_DESCRIPTION