02-28-2013 12:06 PM
I recently replaced a Netgear router with a RV042 because I figured out my Netgear was choking my 24MB Uverse connection down to about 6MB. I had VPN setup with my business partner who was already using an RV042 and everyting works fine. However after I setup the RV042 on my side we have not been able to get the VPN up. The settings are as follows...
Local Group
Local Security Gateway Type: IP Only
Local Security Group Type : Subnet
IP Address: 192.168.0.0
Subnet: 255.255.255.0
Remote Group
Remote Security Gateway Type: IP Only
remote Security Group Type : Subnet
IP Address: 10.0.0.0
Subnet: 255.255.255.0
IPSec Setup
Keying Mode : | |
Phase 1 DH Group : | |
Phase 1 Encryption : | |
Phase 1 Authentication : | |
Phase 1 SA Life Time : | seconds |
Perfect Forward Secrecy : | |
Phase 2 DH Group : | |
Phase 2 Encryption : | |
Phase 2 Authentication : | |
Phase 2 SA Life Time : | seconds |
The only thing checked under advanced is dead peer dection.
I am using a Uverse Two Wire 3800HGV-B interface to Uverse and there are holes punched through for port 500 on TCP and UDP. That uverse configuration worked fine with the Netgear to RV042 setup no problem.
The VPN log is throwing this:
Feb 28 13:39:07 2013 | VPN Log | (g2gips0) #57: initiating Main Mode to replace #56 |
Feb 28 13:39:07 2013 | VPN Log | (g2gips0) #57: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet |
Feb 28 13:39:07 2013 | VPN Log | (g2gips0) #57: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet |
Feb 28 13:39:07 2013 | VPN Log | (g2gips0) #57: ignoring Vendor ID payload [strongSwan 4.0.4] |
Feb 28 13:39:07 2013 | VPN Log | (g2gips0) #57: ignoring Vendor ID payload [strongSwan 4.0.4] |
Feb 28 13:39:07 2013 | VPN Log | (g2gips0) #57: received Vendor ID payload [Dead Peer Detection] |
Feb 28 13:39:07 2013 | VPN Log | (g2gips0) #57: received Vendor ID payload [Dead Peer Detection] |
Feb 28 13:39:07 2013 | VPN Log | (g2gips0) #57: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet |
Feb 28 13:39:07 2013 | VPN Log | (g2gips0) #57: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet |
Feb 28 13:39:07 2013 | VPN Log | (g2gips0) #57: You should NOT use insecure IKE algorithms (OAKLEY_DES_CBC)! |
Feb 28 13:39:07 2013 | VPN Log | (g2gips0) #57: You should NOT use insecure IKE algorithms (OAKLEY_DES_CBC)! |
Feb 28 13:39:07 2013 | VPN Log | (g2gips0) #57: [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet |
Feb 28 13:39:07 2013 | VPN Log | (g2gips0) #57: [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet |
Feb 28 13:39:07 2013 | VPN Log | (g2gips0) #57: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet |
Feb 28 13:39:07 2013 | VPN Log | (g2gips0) #57: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet |
Feb 28 13:39:07 2013 | VPN Log | (g2gips0) #57: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet |
Feb 28 13:39:07 2013 | VPN Log | (g2gips0) #57: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet |
Feb 28 13:39:07 2013 | VPN Log | (g2gips0) #57: ignoring informational payload, type INVALID_ID_INFORMATION |
Feb 28 13:39:07 2013 | VPN Log | (g2gips0) #57: ignoring informational payload, type INVALID_ID_INFORMATION |
Feb 28 13:39:17 2013 | VPN Log | (g2gips0) #57: discarding duplicate packet; already STATE_MAIN_I3 |
Feb 28 13:39:17 2013 | VPN Log | (g2gips0) #57: discarding duplicate packet; already STATE_MAIN_I3 |
Feb 28 13:39:17 2013 | VPN Log | (g2gips0) #57: ignoring informational payload, type INVALID_ID_INFORMATION |
Any tips appreciated
03-04-2013 01:04 PM
Hi James, thank you for using our forum, my name is Johnnatan I am part of the Small business Support community. I apologize for this inconvenience, in this case I will give you some tips, and maybe they can help you.
1. Disable the keep Alive, at least one side.
2. Disable the PFS
3. Enable the DPD
4. Change the mode from Aggressive to Main.
5. You can change the security attributes and configure again your tunnel.
As an additional information, you didn´t post the firmware, here you can find the last firmware update according to your device. Before update your device I advise you to create a backup, update your device and them perform a factory reset, then you can upload you configuration.
I hope you find this answer useful,
*Please mark the question as Answered or rate it so other users can benefit from it"
Greetings,
Johnnatan Rodriguez Miranda.
Cisco Network Support Engineer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide