cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2303
Views
0
Helpful
6
Replies

Rv110w site to site

gmdagostino
Level 1
Level 1

Hi, i have a site-to-site IPSEC tunnel between 2 identical RV110W routers , the IPsec gets 'established' but i can't get ping between the pc's distinct Lan.

Central

Sucursal

I can't see the blue Pc from the red Pc and neither the red Pc from the blue Pc.

I need help wiht this, thanks.

6 Replies 6

Prithvi Manduva
Cisco Employee
Cisco Employee

Hello Gabriel,

I would like you to check if there is an appropriate route in the route table and to check if you have added firewall rules to allow traffic on the tunnel.

Thanks,
Prithvi

Please mark answered and rate for helpful posts.

Thanks, Prithvi Please mark answered and rate for helpful posts.

Hello Prithvi, and thankyou for helping.

I have this data,

Main office:

Ip public: 181.xxx.xxx.140

Lan: 10.18.127.1

Subnet mask: 255.255.255.0

Branch office:

Ip public: 190.xxx.xxx.11

Lan:10.18.128.1

Subnet mask: 255.255.255.0

I have not a firewall rules.

These are routing tables.

Please tell me I have to do.

Thanks again.

Hello Gabriel,

     Here are some quick tests you could do to see if traffic is passing through the tunnel. I would ping the router private default gateways to see if you can get any replies. If you are able to ping then the tunnel is up and passing traffic between both sites.

Now the next step would be to check the computers configuration. Usuaully windows firewall will block ICMP pings and other traffic if the firewall sees traffic coming from a different subnet. So you may want to disable to firewall just for testing and see if that makes a difference. If that resolves your issue then you would have to create firewall rules in the firewall if you are wanting to keep your windows firewall on. If that doesn't fix the issue then you need to make sure that your computers default gateways are pointing to your RV110w routers.

Those are really to only two things that would cause you to have issues passing traffic through your site to site VPN tunnel but we need to at least test and make sure you are able to pass traffic through the tunnel. Once you confirm that then that will let you know that the tunnel is connected and working fine and there is an issue else were. If all else fails you want to enable logging in the router to see if it gives you further information that may help you out if this isn't a computer issue or you are not able to pass traffic through the tunnel.

All else fails rebuild the tunnels.

Hope that helps.

Thanks,
Clayton Sill

Hello Clayton,

     Firts, thanks for replying.

The ping between two routers ,

10.18.127.1 ----> 10.18.128.1 is ok

10.18.128.1 ----> 10.18.127.1 is ok

I disable the windows firewal but i can't get ping.

The telephone exchange , the ip 10.18.127.36 without firewal and neither get ping.

This is the log in the main route:

2013-09-12 13:38:16 RV110W syslog.err syslog-ng[7474]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:39:16 RV110W syslog.err syslog-ng[7474]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:40:17 RV110W syslog.err syslog-ng[7474]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:40:58 RV110W daemon.info udhcpd[1997]: received REQUEST from 6C:F0:49:A7:6A:8C

2013-09-12 13:40:58 RV110W daemon.info udhcpd[1997]: sending ACK to 10.18.127.12

2013-09-12 13:41:18 RV110W syslog.err syslog-ng[7474]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:41:23 RV110W daemon.info udhcpd[1997]: received RELEASE from 94:3A:F0:F8:45:11

2013-09-12 13:41:33 RV110W kern.debug wl0.0: IEEE 802.11 Assoc request from 94:3a:f0:f8:45:11 BSSID b8:62:1f:50:8b:c3

2013-09-12 13:41:33 RV110W kern.info wl0.0: IEEE 802.11 STA 94:3a:f0:f8:45:11 associated with BSSID b8:62:1f:50:8b:c3

2013-09-12 13:41:33 RV110W daemon.info Wireless[390]: wlan(eth1): IEEE 802.11 STA 94:3A:F0:F8:45:11 WPA: pairwise key exchange completed

2013-09-12 13:41:34 RV110W daemon.info udhcpd[1997]: received DISCOVER from 94:3A:F0:F8:45:11

2013-09-12 13:41:35 RV110W daemon.info udhcpd[1997]: sending OFFER to 255.255.255.255 with 10.18.127.10

2013-09-12 13:41:35 RV110W daemon.info udhcpd[1997]: received REQUEST from 94:3A:F0:F8:45:11

2013-09-12 13:41:35 RV110W daemon.info udhcpd[1997]: sending ACK to 255.255.255.255

2013-09-12 13:41:43 RV110W kern.debug wl0.0: IEEE 802.11 Assoc request from 00:15:af:13:4c:f3 BSSID b8:62:1f:50:8b:c3

2013-09-12 13:41:43 RV110W kern.info wl0.0: IEEE 802.11 STA 00:15:af:13:4c:f3 associated with BSSID b8:62:1f:50:8b:c3

2013-09-12 13:41:43 RV110W daemon.info Wireless[390]: wlan(eth1): IEEE 802.11 STA 00:15:AF:13:4C:F3 WPA: pairwise key exchange completed

2013-09-12 13:42:07 RV110W daemon.info udhcpd[1997]: received INFORM from 00:08:CA:F7:83:52

2013-09-12 13:42:19 RV110W syslog.err syslog-ng[7474]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:43:19 RV110W syslog.err syslog-ng[7474]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:44:19 RV110W syslog.err syslog-ng[7474]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:45:19 RV110W syslog.err syslog-ng[7474]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:46:20 RV110W syslog.err syslog-ng[7474]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:47:20 RV110W syslog.err syslog-ng[7474]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:48:20 RV110W syslog.err syslog-ng[7474]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:48:34 RV110W kern.debug <7>ctf_ipc_option:Delete All IP entry..

2013-09-12 13:48:34 RV110W kern.warning IP connection cache:

2013-09-12 13:48:34 RV110W kern.warning Proto          SrcIP                    SrcPort                    DestIP                    DstPort                    Live                    NatInfo

2013-09-12 13:48:34 RV110W kern.warning Total 0 IP connections

2013-09-12 13:48:34 RV110W kern.warning 

2013-09-12 13:48:35 RV110W kern.warning Bridge cache:

2013-09-12 13:48:35 RV110W kern.warning MacAddr                              Interface          Live

2013-09-12 13:48:35 RV110W kern.warning 00:19:21:8f:c9:ef                    eth0                    599

2013-09-12 13:48:35 RV110W kern.warning 00:24:8c:d1:b7:2a                    eth0                    20826

2013-09-12 13:48:35 RV110W kern.warning 00:1f:c6:b0:07:6b                    eth0                    46

2013-09-12 13:48:35 RV110W kern.warning 00:e0:4c:f3:84:0a                    eth0                    0

2013-09-12 13:48:35 RV110W kern.warning 3c:d0:f8:35:28:e9                    eth1                    0

2013-09-12 13:48:35 RV110W kern.warning 00:1f:d0:65:97:03                    eth0                    0

2013-09-12 13:48:35 RV110W kern.warning 94:de:80:79:cb:6c                    eth0                    246

2013-09-12 13:48:35 RV110W kern.warning bc:5f:f4:a6:4b:8c                    eth0                    0

2013-09-12 13:48:35 RV110W kern.warning 40:6f:2a:9a:27:d7                    eth1                    0

2013-09-12 13:48:35 RV110W kern.warning 34:bb:1f:64:d7:fc                    eth1                    0

2013-09-12 13:48:35 RV110W kern.warning 00:11:11:f0:8d:13                    eth0                    25

2013-09-12 13:48:35 RV110W kern.warning 6c:f0:49:a7:6b:08                    eth0                    0

2013-09-12 13:48:35 RV110W kern.warning 6c:f0:49:a7:6a:8c                    eth0                    0

2013-09-12 13:48:35 RV110W kern.warning 00:1a:92:98:74:5e                    eth0                    0

2013-09-12 13:48:36 RV110W kern.warning 00:21:4c:97:ea:6d                    eth0                    0

2013-09-12 13:48:36 RV110W kern.warning 00:08:ca:f7:83:52                    eth1                    10821

2013-09-12 13:48:36 RV110W kern.warning 00:0b:6a:96:ad:47                    eth0                    4

2013-09-12 13:49:06 RV110W authpriv.debug pluto[715]: ERROR: asynchronous network error report on vlan2 (sport=500) for message to 190.192.23.11 port 500, complainant 181.29.111.140: No route to host [errno 148, origin ICMP type 3 code 1 (not authenticated)]

2013-09-12 13:49:13 RV110W authpriv.debug pluto[715]: \"cnnGeler\" #76: DPD: No response from peer - declaring peer dead

2013-09-12 13:49:13 RV110W authpriv.debug pluto[715]: \"cnnGeler\" #76: stop-client output: Run command qkvpn_rekey -o 1 -n cnnGeler -p 190.192.23.11 -r 190.192.23.11

2013-09-12 13:49:13 RV110W authpriv.debug pluto[715]: \"cnnGeler\" #76: stop-client output: /usr/local/lib/ipsec/_updown.netkey: eval: line 1: rekey_option:1: not found

2013-09-12 13:49:13 RV110W authpriv.debug pluto[715]: \"cnnGeler\" #76: stop-client command exited with status 127

2013-09-12 13:49:13 RV110W authpriv.debug pluto[715]: \"cnnGeler\" #76: DPD: Clearing Connection

2013-09-12 13:49:13 RV110W authpriv.debug pluto[715]: \"cnnGeler\" #77: deleting state (STATE_QUICK_R2)

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: \"cnnGeler\" #76: deleting state (STATE_MAIN_R3)

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: \"cnnGeler\" #73: deleting state (STATE_QUICK_R2)

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: \"cnnGeler\" #72: deleting state (STATE_QUICK_I2)

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: | *received pfkey message

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: | pluto: pfkey fd is 12 

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: | *received pfkey message

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: | pluto: pfkey fd is 12 

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: | *received pfkey message

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: | pluto: pfkey fd is 12 

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: | *received pfkey message

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: | pluto: pfkey fd is 12 

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: | *received pfkey message

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: | pluto: pfkey fd is 12 

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: | *received pfkey message

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: | pluto: pfkey fd is 12 

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: | *received pfkey message

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: | pluto: pfkey fd is 12 

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: | *received pfkey message

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: | pluto: pfkey fd is 12 

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: | *received pfkey message

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: | pluto: pfkey fd is 12 

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: | *received pfkey message

2013-09-12 13:49:14 RV110W authpriv.debug pluto[715]: | pluto: pfkey fd is 12 

2013-09-12 13:49:17 RV110W authpriv.debug pluto[715]: ERROR: asynchronous network error report on vlan2 (sport=500) for message to 190.192.23.11 port 500, complainant 181.29.111.140: No route to host [errno 148, origin ICMP type 3 code 1 (not authenticated)]

2013-09-12 13:49:17 RV110W authpriv.debug pluto[715]: ERROR: asynchronous network error report on vlan2 (sport=500) for message to 190.192.23.11 port 500, complainant 181.29.111.140: No route to host [errno 148, origin ICMP type 3 code 1 (not authenticated)]

2013-09-12 13:49:20 RV110W syslog.err syslog-ng[7474]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:50:20 RV110W syslog.err syslog-ng[7474]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:51:20 RV110W syslog.err syslog-ng[7474]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:52:10 RV110W daemon.info udhcpd[1997]: received INFORM from 00:08:CA:F7:83:52

2013-09-12 13:52:20 RV110W syslog.err syslog-ng[7474]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:53:20 RV110W syslog.err syslog-ng[7474]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:54:21 RV110W syslog.err syslog-ng[7474]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:55:02 RV110W syslog.notice syslog-ng[13224]: syslog-ng version 1.6.12 starting

2013-09-12 13:55:02 RV110W syslog.err syslog-ng[13224]: Connection broken to AF_INET(10.18.128.1:514), reopening in 60 seconds

2013-09-12 13:55:02 RV110W syslog.err syslog-ng[13224]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:55:03 RV110W kern.debug <7>ctf_ipc_option:Delete All IP entry..

2013-09-12 13:55:03 RV110W kern.warning IP connection cache:

2013-09-12 13:55:03 RV110W kern.warning Proto          SrcIP                    SrcPort                    DestIP                    DstPort                    Live                    NatInfo

2013-09-12 13:55:03 RV110W kern.warning Total 0 IP connections

2013-09-12 13:55:03 RV110W kern.warning 

2013-09-12 13:55:03 RV110W kern.warning Bridge cache:

2013-09-12 13:55:03 RV110W kern.warning MacAddr                              Interface          Live

2013-09-12 13:55:03 RV110W kern.warning 00:19:21:8f:c9:ef                    eth0                    599

2013-09-12 13:55:03 RV110W kern.warning 00:24:8c:d1:b7:2a                    eth0                    21009

2013-09-12 13:55:03 RV110W kern.warning 00:1f:c6:b0:07:6b                    eth0                    46

2013-09-12 13:55:03 RV110W kern.warning 00:e0:4c:f3:84:0a                    eth0                    0

2013-09-12 13:55:03 RV110W kern.warning 3c:d0:f8:35:28:e9                    eth1                    0

2013-09-12 13:55:03 RV110W kern.warning 00:1f:d0:65:97:03                    eth0                    0

2013-09-12 13:55:03 RV110W kern.warning 94:de:80:79:cb:6c                    eth0                    246

2013-09-12 13:55:03 RV110W kern.warning bc:5f:f4:a6:4b:8c                    eth0                    0

2013-09-12 13:55:03 RV110W kern.warning 40:6f:2a:9a:27:d7                    eth1                    0

2013-09-12 13:55:04 RV110W kern.warning 34:bb:1f:64:d7:fc                    eth1                    0

2013-09-12 13:55:04 RV110W kern.warning 00:11:11:f0:8d:13                    eth0                    0

2013-09-12 13:55:04 RV110W kern.warning 6c:f0:49:a7:6b:08                    eth0                    0

2013-09-12 13:55:04 RV110W kern.warning 00:15:af:13:4c:f3                    eth1                    0

2013-09-12 13:55:04 RV110W kern.warning 6c:f0:49:a7:6a:8c                    eth0                    18

2013-09-12 13:55:04 RV110W kern.warning 00:1a:92:98:74:5e                    eth0                    0

2013-09-12 13:55:04 RV110W kern.warning 00:21:4c:97:ea:6d                    eth0                    0

2013-09-12 13:55:04 RV110W kern.warning 00:08:ca:f7:83:52                    eth1                    11046

2013-09-12 13:55:04 RV110W kern.warning 00:0b:6a:96:ad:47                    eth0                    4

2013-09-12 13:56:02 RV110W syslog.err syslog-ng[13224]: Connection broken to AF_INET(10.18.128.1:514), reopening in 60 seconds

2013-09-12 13:56:04 RV110W syslog.err syslog-ng[13224]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:57:02 RV110W syslog.err syslog-ng[13224]: Connection broken to AF_INET(10.18.128.1:514), reopening in 60 seconds

2013-09-12 13:57:04 RV110W syslog.err syslog-ng[13224]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:58:02 RV110W syslog.err syslog-ng[13224]: Connection broken to AF_INET(10.18.128.1:514), reopening in 60 seconds

2013-09-12 13:58:04 RV110W syslog.err syslog-ng[13224]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:59:03 RV110W syslog.err syslog-ng[13224]: Connection broken to AF_INET(10.18.128.1:514), reopening in 60 seconds

2013-09-12 13:59:04 RV110W syslog.err syslog-ng[13224]: Connection broken to AF_INET(10.18.127.1:514), reopening in 60 seconds

2013-09-12 13:59:17 RV110W kern.debug wl0.0: IEEE 802.11 Assoc request from b0:79:94:a9:54:21 BSSID b8:62:1f:50:8b:c3

2013-09-12 13:59:17 RV110W kern.info wl0.0: IEEE 802.11 STA b0:79:94:a9:54:21 reassociated with BSSID b8:62:1f:50:8b:c3

2013-09-12 13:59:17 RV110W daemon.info Wireless[390]: wlan(eth1): IEEE 802.11 STA B0:79:94:A9:54:21 WPA: pairwise key exchange completed

2013-09-12 13:59:24 RV110W kern.debug wl0.0: IEEE 802.11 Assoc request from b0:79:94:a9:54:21 BSSID b8:62:1f:50:8b:c3

2013-09-12 13:59:24 RV110W kern.info wl0.0: IEEE 802.11 STA b0:79:94:a9:54:21 reassociated with BSSID b8:62:1f:50:8b:c3

2013-09-12 13:59:24 RV110W daemon.info Wireless[390]: wlan(eth1): IEEE 802.11 STA B0:79:94:A9:54:21 WPA: pairwise key exchange completed

2013-09-12 13:59:28 RV110W daemon.info udhcpd[1997]: sending OFFER to 255.255.255.255 with 10.18.127.13

2013-09-12 13:59:28 RV110W daemon.info udhcpd[1997]: received REQUEST from B0:79:94:A9:54:21

2013-09-12 13:59:28 RV110W daemon.info udhcpd[1997]: sending ACK to 255.255.255.255

One question, how do I create a route?

Thanks again.

Gabriel

Hello Gabriel,

     Thanks for the logs. Usually when the tunnel is connected the routes are created automatically but that may not be the case here. Log into the routers and go under networking and then lets take a look at the routing table and then go from there. The routing section will also allow you to create a route as well.

Thanks,

Clayton Sill

Hello Clayton,

i don't understand how can create a route. Always fails.

In the Router 1 (main 10.18.127.1):

Destination LAN IP:  which is the address?

Subnet Mask:255.255.255.0 is ok ?

Gateway: and here?

I leave a screen shots

Thanks,

Gabriel