Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
768
Views
0
Helpful
0
Replies

RV082V3 versus RV082V2 vpn with a central CISCO 2611XM

arot
Level 1
Level 1

‎01-09-2012 03:25 AM

Hello,

We have up un running the following configuration:

10 x RV082v2 small business routers and one central Cisco 2611XM

with CISCO AIM-VPN/BP VPN module. They are all 10 functionig properly

with the attached rv082v2 configuration:

When adding a RV082V3 box to the network, with exactly the same

configuration, it fails in the DPD (Dead Peer Detection) phase

with the following error messages in the RV082 logs:

Dead Peer Detection (RFC 3706) enabled

VPN Log    (g2gips0) #117: sent QI2, IPsec SA established {ESP=>0x30c1cfe5 <0x3ce0388f

VPN Log    (g2gips0) #116: DPD: R_U_THERE_ACK has invalid icookie

VPN Log    (g2gips0) #116: DPD: R_U_THERE_ACK has invalid icookie

VPN Log    (g2gips0) #116: sending encrypted notification INVALID_COOKIE to A.B.C.D:500

VPN Log    (g2gips0) #116: received Delete SA payload: deleting ISAKMP State #116

I looked through all your discussion lists and I had no answer. It seems to

be a parameter mismatch between the central 2611XM and the new RV082V3 box.

We used several versions of firmware with no success (v4.1.0.02-tm, v4.0.0.07-tm).

Please advice us what to change such as to bypass this error or where

to look. If there is an incopatibility in the new firmware please let

us know such as not to loose more time on this issue.

Thank you in advance

Best Regards

Alexandru

==========Cisco 2611XM crypto configuration=======================

crypto isakmp keepalive 20 5

...

crypto ipsec transform-set xyz esp-3des esp-md5-hmac

....

crypto map criptare_sofmedica1 10 ipsec-isakmp

set peer A1.A2.A3.A4

set security-association lifetime seconds 28800

set transform-set xyz

match address 184

!

....

==========RV082 configuration==================================

Tunnel Name :  xxxx

Interface :    WAN1

Enable:           v   

Local Group Setup

Local Security Gateway Type :  IP Only

IP Address :                  A1.A2.A3.A4

Local Security Group Type :    Subnet

IP Address:    192.168.yy.0

Subnet mask:    255.255.255.0

Remote Group Setup

Remote Security Gateway Type : IP Only

IP Address: A.B.C.D

Remote Security Group Type :  Subnet

IP Adress: 192.168.10.0

Subnet mask: 255.255.255.0

IPSec Setup

Keying Mode : IKE with Preshared key

Phase 1 DH Group : Group 1 - 768 bit

Phase 1 Authentication :  DES

Phase 1 SA Life Time :    MD5

Perfect Forward Secrecy : 28800

Phase 2 DH Group : Group 1 - 768 bit

Phase 2 Encryption : 3DES

Phase 2 Authentication :  MD5

Phase 2 SA Life Time :  3600

Preshared Key : key

Minimum Preshared Key Complexity :    Enable:

Preshared Key Strength Meter :

Advanced-

    Aggressive Mode

v    Keep-Alive 

    AH Hash Algorithm   MD5

    NetBIOS Broadcast

    NAT Traversal

v    Dead Peer Detection 10 seconds

    Tunnel backup

        Remote Backup IP Address :

        Local Interface :                WAN1

        VPN Tunnel Backup Idle Time :  30 seconds   

    Split DNS:

        DNS1 :

        DNS2 :

        Domain Name 1 :

        Domain Name 2 :

         Domain Name 3 :

        Domain Name 4 : 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents