cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1438
Views
0
Helpful
5
Replies

RV220W IPsec Site-to-Site VPN Tunnel

jbenoza21
Level 1
Level 1

https://supportforums.cisco.com/discussion/11617291/rv220w-ipsec-tunnel-not-working

 

I hate to re-post an issue, but it has not been resolved and I am having the same issue (same as the link above).

 

We have 2 RV220W Routers installed in separate offices. We are attempting to setup a IPSec tunnel between the two sites. On both sides, we are getting a successful connection established (IPsec SA Established), but neither site is able to communicate with each other. I can not ping or remote into any of the machines on the other side.

Is there an Firewall Access rule that needs to be created for this tunnel to work properly, or did I ms-configure it?

I have attached a photo of the configuration of one of the RV220W's.

 

Any help would be great.

5 Replies 5

Mehdi Boukraa
Cisco Employee
Cisco Employee

Hi Jbenoza,

 

Please ensure that you have the latest firmware 1.0.6.6.

I would like to ask you if the both RV220W on the WAN interface are with Public IP or with Private IP (and you have other router connected to the WAN interface of the RV220W) ?

- can you please try to ping the remote router (IP address of the routers) and not the PC's?

- make sure that the PC's on both sites are with default gateway the RV220W ip address, and ensure that there is not firewall on the PC's.

- please ensure that you don't have any port forwarding regarding the IPsec port 500 UDP and4500 UDP

 

Please share with us the result so we can proceed with the next steps

 

Regards

Mehdi

Dan Miley
Level 3
Level 3

Like Mehdi said, can you get to the interface of the remote rv220?

from the 192.168.2 network, can you get to the router at 192.168.1.1, or

from the 192.168.1 network can you get to the router at 192.168.2.1?

 

If those work and pc connectivity is not working, verify the windows firewall is set for "work" or "home" not public, as that will block all connections.

alternately try to connect to a device other than a pc (printer, AP or switch frequently have web interfaces).

 

Dan

 

So I have tried to ping the Site 2's RV220W from Site1, and I am able to ping it. I tried to ping other hardware like printers and such and nothing still.

 

Though I noticed that the IP is just "bouncing back" (don't know the proper terminology) to Site 1's router. To better explain when I type in 192.168.2.1 in a web browser I am getting 192.168.1.1's web interface page, even though it says I am in "192.168.2.1" web interface.

Is this a routing issue? If so, what do I need to change?

 

Hi,

 

The browser, you are typing in - is this PC on the LAN of Site 1? The only reason when you type 192.168.2.1 and it opens Site 1 router interface, is that this IP (192.168.2.1) is somehow configured as interface on this router. I mean, if you have configured, on router 192.168.1.1, a second VLAN, which is 192.168.2.1, or the WAN IP is 192.168.2.1....

 

What about ping from Site 2 to site 1. If you go to Status - IPSec connection status you can actually see if packets are passing through the tunnel. The way you describe it, it sounds like the problem is not related to the tunnel itself, but a routing problem on the local sides...

Check if RV220s are the gateway for the respective LAN. It is mandatory for a VPN. Also do you have static routes or port forwarding configuration? Are you with public IPs on the WAN ports or private (behind modem/router)?

Regards,

Kremena

1. The browser I am typing in is in Site 1.

2. I don't see any packets going through.

3. They are the gateways of their LANs. I don't have any static routes that I configured (I have attached the static route table), but noticed these routes got created when I created the VPN connection. 

Also using Public IPs  RV220W (Site 1) <--> Internet <--> RV220W (Site 2)