RV180 to RVS4000 Site-to-Site VPN Tunnel?

thebeck76 · ‎06-04-2012

Could someone help me with the configuration for a site-to-site VPN tunnel between an RV180 and RVS4000?

I am pretty sure these two devices should be able to establish a VPN tunnel between each other, but I cannot seem to get it working. I have configured what is labeled as the Phase 2 IPSec Setup on the RVS4000 as a new IKE policy on the RV180. I have configured what is labeled as the Phase 1 IPSec Setup on the RVS4000 as VPN policy that uses the IKE policy, but no connection. Is this the correct way to think about it? Are there other considerations? Are there any gotch'yas?

Here's a couple of notes regarding my setup:

- Main office upgraded to RV180 (upgraded to get faster NAT throughput)

- Remote offices still run RVS4000's

- RVS4000 at main to remote RVS4000's site-to-site VPN has been working perfectly for years

- WAN connection is by domain name, not IP address (dyndns in use)

- RVS4000 setup generally looks like this

- Local Group Setup

- Local Security Gateway Type: IP Only

- Local Security Group Type: Subnet

- IP Address: 192.168.aaa.1

- Subnet: 255.255.255.0

- Remote Group Setup

- Remote Security Gateway Type: IP Only

- IP by DNS Resolved: xxxxx.dyndns.org

- Remote Security Group Type: Subnet

- IP Address: 192.168.bbb.1

- Subnet: 255.255.255.0

- IPSec Setup

- Keying Mode: IKE with Preshared Key

- Phase 1

- Encryption: 3DES

- Authentication: MD5

- Group: 1536 bit

- Key lifetime: 28800 seconds

- Phase 2

- Encryption: 3DES

- Authentication: SHA1

- Perfect Forward Secrecy: Enabled

- Preshared Key: xxxxxxxxxx

- Group: 1536 bit

- Key lifetime: 28800 seconds

- Aggressive Mode: Disabled

- NetBios Broadcast: Enabled

linksysinfo · ‎06-04-2012

Looks ok, try enabling Agreesive mode on one end to see if that helps. you could try having a look at some examples of Ipsec tunnels over here:

http://www.linksysinfo.org/index.php?forums/routerworld.58/

Regards Simon
http://www.linksysinfo.org

Regards Simon

thebeck76 · ‎06-04-2012

Thanks, Simon,

I took a look at those example, but could not find one for the RV180. Did I miss it?

The net-net is that I am hoping to find a working example that shows how to configure the RV180 to open a site-to-site VPN tunnel with a RVS4000. Has anyone been able to get this to work. I'll keep trying different configuration, including Aggressive mode, but hope that someone out there has already figured this out since the configuration pages in the RV180 are vastly different from the RVS4000.

linksysinfo · ‎06-04-2012

There isnt any rv180 examples but the principle is the same. Are any of the routers behind any other firewall or router that you know of?

Sent from Cisco Technical Support Android App

Regards Simon

chchapma · ‎06-05-2012

Thebeck76,

Please contact Cisco SBSC TAC at one of the numbers located here:

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html.

In order for us to track this we will need a case number setup as a point of reference. Please contact a support agent as soon as possible so we can get the ball rolling on resolving your issue.

John McAloney · ‎08-23-2012

I am having the same problem with an RV180 to RV042v3, will not work. the RV180 does hold tunnels with two RV042v1's and an old Zywall 2, but will not establish with an RV042v3. Latest firmware on both. Thanks!!!

thebeck76 · ‎08-23-2012

Hi everyone,

I did contact cisco support and got my issue (quasi-)resolved. The issue, as it was explained to me, is that the RV180 does not handle different authentication schemes in each phase very well. And specifically, it does not handle SHA1 very well.

Based on support's advice, I switched to MD5 for both phases and the RV180-to-RVS4000 site-to-site VPN tunnel established with no problems. In fact, I updated all my RVS4000-to-RVS4000 site-to-site VPN tunnels, as well, to the same (MD5 in both phases) and those VPN tunnels actually became more stable than before (I was having disconnect issues that have now disappeared).

Hope this helps.