Hello,
We have up un running the following configuration:
10 x RV082v2 small business routers and one central Cisco 2611XM
with CISCO AIM-VPN/BP VPN module. They are all 10 functionig properly
with the attached rv082v2 configuration:
When adding a RV082V3 box to the network, with exactly the same
configuration, it fails in the DPD (Dead Peer Detection) phase
with the following error messages in the RV082 logs:
Dead Peer Detection (RFC 3706) enabled
VPN Log (g2gips0) #117: sent QI2, IPsec SA established {ESP=>0x30c1cfe5 <0x3ce0388f
VPN Log (g2gips0) #116: DPD: R_U_THERE_ACK has invalid icookie
VPN Log (g2gips0) #116: DPD: R_U_THERE_ACK has invalid icookie
VPN Log (g2gips0) #116: sending encrypted notification INVALID_COOKIE to A.B.C.D:500
VPN Log (g2gips0) #116: received Delete SA payload: deleting ISAKMP State #116
I looked through all your discussion lists and I had no answer. It seems to
be a parameter mismatch between the central 2611XM and the new RV082V3 box.
We used several versions of firmware with no success (v4.1.0.02-tm, v4.0.0.07-tm).
Please advice us what to change such as to bypass this error or where
to look. If there is an incopatibility in the new firmware please let
us know such as not to loose more time on this issue.
Thank you in advance
Best Regards
Alexandru
==========Cisco 2611XM crypto configuration=======================
crypto isakmp keepalive 20 5
...
crypto ipsec transform-set xyz esp-3des esp-md5-hmac
....
crypto map criptare_sofmedica1 10 ipsec-isakmp
set peer A1.A2.A3.A4
set security-association lifetime seconds 28800
set transform-set xyz
match address 184
!
....
==========RV082 configuration==================================
Tunnel Name : xxxx
Interface : WAN1
Enable: v
Local Group Setup
Local Security Gateway Type : IP Only
IP Address : A1.A2.A3.A4
Local Security Group Type : Subnet
IP Address: 192.168.yy.0
Subnet mask: 255.255.255.0
Remote Group Setup
Remote Security Gateway Type : IP Only
IP Address: A.B.C.D
Remote Security Group Type : Subnet
IP Adress: 192.168.10.0
Subnet mask: 255.255.255.0
IPSec Setup
Keying Mode : IKE with Preshared key
Phase 1 DH Group : Group 1 - 768 bit
Phase 1 Authentication : DES
Phase 1 SA Life Time : MD5
Perfect Forward Secrecy : 28800
Phase 2 DH Group : Group 1 - 768 bit
Phase 2 Encryption : 3DES
Phase 2 Authentication : MD5
Phase 2 SA Life Time : 3600
Preshared Key : key
Minimum Preshared Key Complexity : Enable:
Preshared Key Strength Meter :
Advanced-
Aggressive Mode
v Keep-Alive
AH Hash Algorithm MD5
NetBIOS Broadcast
NAT Traversal
v Dead Peer Detection 10 seconds
Tunnel backup
Remote Backup IP Address :
Local Interface : WAN1
VPN Tunnel Backup Idle Time : 30 seconds
Split DNS:
DNS1 :
DNS2 :
Domain Name 1 :
Domain Name 2 :
Domain Name 3 :
Domain Name 4 :