RV042 / RV042G VPN gateway to gateway and more

Catalin Burla · ‎02-15-2013

Hi.

I'm using 470 (and counting) RV042 v1 and v3 and RV042G for VPN gateway to gateway to HQ for more than 2 years.

I have following issues with few units at a time, but repeat random on several:

- VPN tunnel work several days, and then remain disconnected showing in log :

"packet from HQ-IP:500: initial Main Mode message received on Router-IP:500 but no connection has been authorized with policy=PSK". Same tunnel that worked fine days. Only way to get it working is EDIT tunnel and SAVE. It will go connected in no second. It seems that this occurs after one of WAN's go down . Other VPN gateway to gateway tunnels from HQ to other remote locations are working fine (multiple remote offices goes to same RV unit in HQ)

- I am using 2 IP's in HQ and 2 IP's in remote location, using tunnel backup feature (RV042 v3 and G). If primary conection goes down, backup connect fine. But when primary is working again , unit will not switch back to "primary" connection, remain to "secondary" until first EDIT - SAVE or reboot. If I recall corectly , in 4.0 and 4.1 when primary is available unit was switching automatically from secondary to primary.

Using latest firmware 4.2.1.02.

One observation about VPN tunnel backup feature : using 2 IP from 2 different ISP in HQ and 2 IP from 2 different ISP in remote location give me 4 possible connection between HQ and remote office. But RV unit allow me only 2 options , primary and backup. It will be nice to have all 4 options available for best uptime.

RV042 v1 is missing VPN backup feature, and I think in only a matter of firmware feature, not something related to hardware. Is there a way to get such feature for V1 units?

Best regards,

Catalin

jonatrod · ‎02-19-2013

Good morning

Hi Catalin, thank you for using our forum, my name is Johnnatan I am part of the Small business Support community. I am glad to be to help you with your configuration; I have some questions for you.

1. Did you enable the DPD in both sides? (It is advisable to keep active)

2. Did you have Keep Alive enable in both sides? (It is advisable to keep active just in one side the other disable)

I advise you to disable the PFS, and configure both sides in main mode instead of aggressive mode.

I hope you find this answer useful,

*Please mark the question as Answered or rate it so other users can benefit from it"

Greetings,

Johnnatan Rodriguez Miranda.

Cisco Network Support Engineer.

“Please rate useful posts so other users can benefit from it” Greetings, Johnnatan Rodriguez Miranda. Cisco Network Support Engineer.

Catalin Burla · ‎02-20-2013

Good day,

Thank you for your reply.

1. DPD is enabled in both sides, tunnel backup request it ( and if no tunnel backup also DPD enabled).

2. Yes, Keep Alive enabled on both sides. Will change in some connections to enable only on side for testing.

3. PFS enabled, will change in some to test.

4. Aggressive mode is not used ar all.

Do you have any information regarding expected behavior in tunnel backup operation? If primary goes down and automatically switch to secondary, when primary is back router should switch back to primary or not?