cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3469
Views
0
Helpful
8
Replies

RV082 Firmware update to fix VPN connectivity problems

patrickdoman
Level 1
Level 1

I have 5 RV082 routers. One at each location. Over the past 3 weeks, I have been having a site outage pretty much every Monday. This evening I saw the tunnels drop about 10PM. They all dropped at the same time.

So I saw there was a firmware update. I read the notes on it and there is a fix to resolve an issue with the tunnel drops.

So I loaded it on one of the remote office RV082 devices.

The tunnel dropped and wouldn't re-establish.

I then proceeded to contact support. The units have hardware warranty but no software/troubleshooting support.

I have updated all units to the most recent firmware now. But I am still not getting the tunnels back.

I have also had issues reconnecting to the main firewall via HTTPS.

It just sits there where as all other sites let me in. I just can't connect to the main office firewall. Internet is up, everything is routing fine.

When I update the firmware at one location I am guessing that having all of the routers running the latest version of firmware is recommended. So at this time I am able to get to all remote locations just fine, I however cannot get into the main office router via any web browser. Is there another way someone knows that I can remotely bounce this device? A command that can be sent?

Do I need to establish new VPN keys after firmware update?

Do I need to have customers power off the routers and power them back on?

Error messages:

Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticated)]

This update has turned out to be far more tedious than I imagined.

Thanks for your help,

Patrick

8 Replies 8

patrickdoman
Level 1
Level 1

Some more information:

VPN Log (g2gips1) #147: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:30 2013

VPN Log (g2gips1) #147: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:30 2013

VPN Log (g2gips1) #148: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:32 2013

VPN Log (g2gips1) #148: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:32 2013

VPN Log (g2gips2) #149: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:33 2013

VPN Log (g2gips2) #149: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:33 2013

VPN Log (g2gips1) #150: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:33 2013

VPN Log (g2gips1) #150: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:33 2013

VPN Log (g2gips2) #151: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:36 2013

VPN Log (g2gips2) #151: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:36 2013

VPN Log (g2gips2) #152: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:38 2013

VPN Log (g2gips2) #152: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:38 2013

VPN Log (g2gips2) #153: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:39 2013

VPN Log (g2gips2) #153: [Tunnel Negotiation Fail] Phase 1 SA was destroyed Aug 5 11:02:39 2013

SamirD
Level 5
Level 5

Did you rebuild the configs from scratch or restore them from a saved copy?  If you restored, I'd rebuild them from scratch.

There is a way to remotely reboot the rv016, and this should work for the rv082.  PM me and I'll share it.

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Kremena Ivanova
Cisco Employee
Cisco Employee

Hello Patrick,

What IP addresses are you using on the WAN sides of all RV082 - public or privat and what internet connection are you using - modem, SDSL, ADSL...

Also what was the previous firmware on ther routers, when the tunnels was established- before uploading the latest one

Regards,

Kremena

The WAN addresses are comcast static IP on WAN1 and Integra Static from T1 on the WAN2.

It was the previous version to the latest version. The most updated version indicated that the issue with tunnels going down had been resolved.

I rebuilt the VPN tunnels for 2 locations tonight.

The weird thing is that I can VPN in fine though it is incredibly slow, on the Integra interface over the T1.

If I reconfigure the Tunnel to use the Cable modem line, the tunnel comes back with

Aug 7 21:47:10 2013 VPN Log ERROR: asynchronous network error report on eth1 for message to 23.25.x.x port 500, complainant 23.25.x.x: Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticated)] 

Aug 7 21:46:51 2013 Connection Refused - Policy violation TCP 10.100.20.100:135->10.100.40.100:3916 on eth1

 

Aug 7 21:45:50 2013 Kernel last message repeated 2 times 

Aug 7 21:44:30 2013 VPN Log ERROR: asynchronous network error report on eth1 for message to 23.25.x.x port 500, complainant 23.25.x.x: Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticated)] 

Aug 7 21:43:50 2013 Kernel last message repeated 2 times 

Aug 7 21:42:30 2013 VPN Log ERROR: asynchronous network error report on eth1 for message to 23.25.x.x port 500, complainant 23.25.x.x: Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticated)] 

Aug 7 21:41:50 2013 Kernel last message repeated 2 times 

Aug 7 21:40:30 2013 VPN Log ERROR: asynchronous network error report on eth1 for message to 23.25..x.x port 500, complainant 23.25.x.x: Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticated)] 

Aug 7 21:39:50 2013 Kernel last message repeated 2 times 

Aug 7 21:39:20 2013 VPN Log ERROR: asynchronous network error report on eth1 for message to 23.25.x.x port 500, complainant 23.25.x.x: Connection refused [errno 146, origin ICMP type 3 code 3 (not authenticated)] 

Aug 7 21:39:20 2013 VPN Log (g2gips0) #3: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet 

Aug 7 21:39:20 2013 VPN Log (g2gips0) #3: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet 

Aug 7 21:39:20 2013 VPN Log (g2gips0) #3: initiating Main Mode to replace #2 

RV082 V03   Firmware version on all is v4.2.2.08

Having the issues again.

Only 1 site this time. We found that a "Green" switch at the main office was causing the VPN's to time out and lose conection. At lease we think that it was the issue based on the fact when we swapped it out for a non-green switch, things worked fine.

Having the issue now after having replaced a Cable modem at one of the sites.

The Phase 1 SA is being destroyed fairly quickly after issue.

Most often I am seeing the tunnel drop between the remote location every 30-45 minutes. All on the same error about the PHase 1 SA being destroyed.

Jan 19 17:01:28 2014 VPN Log (g2gips0) #5691: [Tunnel Negotiation Fail] Phase 1 SA was destroyed 

Jan 19 17:01:28 2014 VPN Log (g2gips0) #5691: [Tunnel Negotiation Fail] Phase 1 SA was destroyed 

Jan 19 17:01:28 2014 VPN Log (g2gips0) #5686: starting keying attempt 2 of an unlimited number 

Jan 19 17:01:28 2014 VPN Log (g2gips0) #5686: max number of retransmissions (2) reached STATE_QUICK_I1 

Jan 19 17:01:28 2014 VPN Log (g2gips0) #5686: max number of retransmissions (2) reached STATE_QUICK_I1 

Jan 19 17:00:39 2014 VPN Log (g2gips0) #5689: received Delete SA payload: deleting ISAKMP State #5689 

Jan 19 17:00:39 2014 VPN Log (g2gips0) #5689: received Delete SA payload: deleting ISAKMP State #5689 

Jan 19 17:00:38 2014 VPN Log (g2gips0) #5687: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x742e3137) not found (maybe expired) 

Jan 19 17:00:38 2014 VPN Log (g2gips0) #5687: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x742e3137) not found (maybe expired) 

To get things rolling again, I go to the main office router, I modify the VPN tunnel configuration from the VPN tab, summary option. I click the modify button, go to the bottom of the page, changing absolutely no settings. I simply click on save and things work again after 5-10 seconds.

Its kind of a nuissance to have to go back to the tunnel configuration screen every 1/2 hour. So if anyone has any ideas on what is causing this please let me know.

I have Dead Peer Detection turned on

I have the keep alive checked

Try changing the encryption/protocol for phase 1 and see if that helps.

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Ho PatrickDonan,

 

I have the same trouble. I have to click on save and the VPN works for sometime.

 

Did you fixed your this trouble ?

Let me know if you have a solution.

Thank you

BR

Pierre HOEGY

SamirD
Level 5
Level 5

What version hardware is your rv082?  The latest firmware only works on v3 hardware and above.  Otherwise, you're limited to v1-3 firmwares (on the rv016 at least, rv082 may vary).

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: