Is there anyone here?

Luis-elite3d · ‎08-04-2015

Hi all,

I have set up two IPsec VPNs in two different floors of our building, each one to one RV325 router, each router goes through a different ISP. We could not join the two networks of both floors into one till now. The VPNs were working fine with that set up.

Now we have joined both networks into one, and I have left that only one of the RV325 routers will manage both VPNs (it is connected to the highest bandwith ISP we have). But with both IPsec VPNs, both of them are disconnecting several times every day.

The logs shows that sometimes both VPNs are online simultaneously, sometimes there is only one of them, and sometimes there is none of both.

Is there any problem with this router to set up more that one IPsec VPN? The specs claimed that it could hold till 50.

Thanks in advance,

Luis.

Luis-elite3d · ‎08-17-2015

Hi,

I have updated the router firmware to Firmware Version 1.2.1.13. In the firmware release notes it is stated that "Resolved issue: Hangs when using multiple VPNs. (CSCuo75962)" but it seems not be working as intended.

Both VPNs disconnects if both are enabled. Disabling one of them seems to fix the problem. Copying the router log down.

So my question is:

Is the Firmware Version 1.2.1.13 for Cisco RV325 working at fixing the CSCuo75962 bug (Hangs when using multiple VPNs)?

My network is:

The Internet <--> Optical Network Terminal (I240G-T) <--> Modem (MitraStar
HGW-2501GN-R2) <--> Router Cisco RV325

The VPNs are:

Number 1: Public IP 54.xxx.xxx.xxx, private IP 172.25.0.0 with Subnet Mask 255.255.254.0.
Number 2: Public IP 204.xxx.xxx.xxx, private IP 10.100.0.0 with Subnet Mask 255.255.128.0.

With the new firmware a new option was available on the RV325: "Session Timeout". I had changed both TCP and UDP timeout from 1800 secs (TCP) and 30 secs (UDP) to 86400 (both), in case that is affecting the VPNs.

Thanks in advance,

Luis.

--------LOG (skipped firewall entries)--------

Aug 17 07:44:13 2015 routerRV325-T VPN Log: [g2gips1]: cmd=down-client peer=54.xxx.xxx.xxx peer_client=172.25.0.0/23 peer_client_net=172.25.0.0 peer_client_mask=255.255.254.0
Aug 17 07:44:13 2015 routerRV325-T VPN Log: ip route del 172.25.0.0/23 via 192.168.0.155 dev eth1 metric 35
[...]
Aug 17 07:44:13 2015 routerRV325-T VPN Log: [g2gips1] #354: [Tunnel Established] ISAKMP SA established
Aug 17 07:44:13 2015 routerRV325-T VPN Log: [g2gips1]: cmd=up-client peer=54.xxx.xxx.xxx peer_client=172.25.0.0/23 peer_client_net=172.25.0.0 peer_client_mask=255.255.254.0
Aug 17 07:44:13 2015 routerRV325-T VPN Log: ip route add 172.25.0.0/23 via 192.168.0.155 dev eth1 metric 35
[...]
Aug 17 07:44:13 2015 routerRV325-T VPN Log: [g2gips1] #355: [Tunnel Established] sent QI2, IPsec SA established {ESP=>0x59022f62 < 0xc51bd350}
Aug 17 07:44:31 2015 routerRV325-T VPN Log: [g2gips1] #354: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x65988b6e) not found (maybe expired)
Aug 17 07:44:31 2015 routerRV325-T VPN Log: [g2gips1]: cmd=down-client peer=54.xxx.xxx.xxx peer_client=172.25.0.0/23 peer_client_net=172.25.0.0 peer_client_mask=255.255.254.0
Aug 17 07:44:31 2015 routerRV325-T VPN Log: ip route del 172.25.0.0/23 via 192.168.0.155 dev eth1 metric 35
[...]
Aug 17 07:44:31 2015 routerRV325-T VPN Log: [g2gips1] #356: [Tunnel Established] ISAKMP SA established
Aug 17 07:44:31 2015 routerRV325-T VPN Log: [g2gips1]: cmd=up-client peer=54.xxx.xxx.xxx peer_client=172.25.0.0/23 peer_client_net=172.25.0.0 peer_client_mask=255.255.254.0
Aug 17 07:44:31 2015 routerRV325-T VPN Log: ip route add 172.25.0.0/23 via 192.168.0.155 dev eth1 metric 35
[...]
Aug 17 07:44:31 2015 routerRV325-T VPN Log: [g2gips1] #357: [Tunnel Established] sent QI2, IPsec SA established {ESP=>0x1176364a < 0xc210f56f}
Aug 17 08:43:34 2015 routerRV325-T VPN Log: [g2gips1] #356: [Tunnel Negotiation Fail] DPD: No response from peer - declaring peer dead
Aug 17 08:43:34 2015 routerRV325-T VPN Log: [g2gips1]: cmd=down-client peer=54.xxx.xxx.xxx peer_client=172.25.0.0/23 peer_client_net=172.25.0.0 peer_client_mask=255.255.254.0
Aug 17 08:43:34 2015 routerRV325-T VPN Log: ip route del 172.25.0.0/23 via 192.168.0.155 dev eth1 metric 35
[...]
Aug 17 08:43:34 2015 routerRV325-T VPN Log: [g2gips1] #359: [Tunnel Established] ISAKMP SA established
Aug 17 08:43:34 2015 routerRV325-T VPN Log: [g2gips1]: cmd=up-client peer=54.xxx.xxx.xxx peer_client=172.25.0.0/23 peer_client_net=172.25.0.0 peer_client_mask=255.255.254.0
Aug 17 08:43:34 2015 routerRV325-T VPN Log: ip route add 172.25.0.0/23 via 192.168.0.155 dev eth1 metric 35
[...]
Aug 17 08:43:35 2015 routerRV325-T VPN Log: [g2gips1] #360: [Tunnel Established] sent QI2, IPsec SA established {ESP=>0xb0991225 < 0xcf3702c3}
Aug 17 08:44:01 2015 routerRV325-T VPN Log: [g2gips1] #359: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x1176364a) not found (maybe expired)
Aug 17 08:44:01 2015 routerRV325-T VPN Log: [g2gips1]: cmd=down-client peer=54.xxx.xxx.xxx peer_client=172.25.0.0/23 peer_client_net=172.25.0.0 peer_client_mask=255.255.254.0
Aug 17 08:44:01 2015 routerRV325-T VPN Log: ip route del 172.25.0.0/23 via 192.168.0.155 dev eth1 metric 35
[...]
Aug 17 08:44:01 2015 routerRV325-T VPN Log: [g2gips1] #361: [Tunnel Established] ISAKMP SA established
Aug 17 08:44:01 2015 routerRV325-T VPN Log: [g2gips1]: cmd=up-client peer=54.xxx.xxx.xxx peer_client=172.25.0.0/23 peer_client_net=172.25.0.0 peer_client_mask=255.255.254.0
Aug 17 08:44:01 2015 routerRV325-T VPN Log: ip route add 172.25.0.0/23 via 192.168.0.155 dev eth1 metric 35
[...]
Aug 17 08:44:01 2015 routerRV325-T VPN Log: [g2gips1] #362: [Tunnel Established] sent QI2, IPsec SA established {ESP=>0x96e128df < 0xc929c80d}
Aug 17 09:37:06 2015 routerRV325-T VPN Log: [g2gips0]: cmd=down-client peer=204.xxx.xxx.xxx peer_client=10.100.0.0/17 peer_client_net=10.100.0.0 peer_client_mask=255.255.128.0
Aug 17 09:37:06 2015 routerRV325-T VPN Log: ip route del 10.100.0.0/17 via 192.168.0.155 dev eth1 metric 35
[...]
Aug 17 09:37:07 2015 routerRV325-T VPN Log: [g2gips0] #363: [Tunnel Established] ISAKMP SA established
Aug 17 09:37:07 2015 routerRV325-T VPN Log: [g2gips0]: cmd=up-client peer=204.xxx.xxx.xxx peer_client=10.100.0.0/17 peer_client_net=10.100.0.0 peer_client_mask=255.255.128.0
Aug 17 09:37:07 2015 routerRV325-T VPN Log: ip route add 10.100.0.0/17 via 192.168.0.155 dev eth1 metric 35
[...]
Aug 17 09:37:07 2015 routerRV325-T VPN Log: [g2gips0] #364: [Tunnel Established] sent QI2, IPsec SA established {ESP=>0x76d6d694 < 0xc7402f02}
Aug 17 09:42:46 2015 routerRV325-T VPN Log: [g2gips1] #365: [Tunnel Established] sent QI2, IPsec SA established {ESP=>0x434dc2f8 < 0xce949825}
Aug 17 09:45:45 2015 routerRV325-T VPN Log: [g2gips0] #363: [Tunnel Negotiation Fail] DPD: No response from peer - declaring peer dead
Aug 17 09:45:45 2015 routerRV325-T VPN Log: [g2gips0]: cmd=down-client peer=204.xxx.xxx.xxx peer_client=10.100.0.0/17 peer_client_net=10.100.0.0 peer_client_mask=255.255.128.0
Aug 17 09:45:45 2015 routerRV325-T VPN Log: ip route del 10.100.0.0/17 via 192.168.0.155 dev eth1 metric 35
[...]
Aug 17 09:45:46 2015 routerRV325-T VPN Log: [g2gips0] #366: [Tunnel Established] ISAKMP SA established
Aug 17 09:45:46 2015 routerRV325-T VPN Log: [g2gips0]: cmd=up-client peer=204.xxx.xxx.xxx peer_client=10.100.0.0/17 peer_client_net=10.100.0.0 peer_client_mask=255.255.128.0
Aug 17 09:45:46 2015 routerRV325-T VPN Log: ip route add 10.100.0.0/17 via 192.168.0.155 dev eth1 metric 35
[...]
Aug 17 09:45:46 2015 routerRV325-T VPN Log: [g2gips0] #367: [Tunnel Established] sent QI2, IPsec SA established {ESP=>0x889a62f3 < 0xcb4eb5ec}
Aug 17 10:17:15 2015 routerRV325-T VPN Log: [g2gips1]: [Tunnel Disconnected]
Aug 17 10:17:16 2015 routerRV325-T VPN Log: [g2gips1]: cmd=down-client peer=54.xxx.xxx.xxx peer_client=172.25.0.0/23 peer_client_net=172.25.0.0 peer_client_mask=255.255.254.0
Aug 17 10:17:16 2015 routerRV325-T VPN Log: ip route del 172.25.0.0/23 via 192.168.0.155 dev eth1 metric 35
[...]
Aug 17 10:17:20 2015 routerRV325-T VPN Log: [g2gips0]: cmd=down-client peer=204.xxx.xxx.xxx peer_client=10.100.0.0/17 peer_client_net=10.100.0.0 peer_client_mask=255.255.128.0
Aug 17 10:17:20 2015 routerRV325-T VPN Log: ip route del 10.100.0.0/17 via 192.168.0.155 dev eth1 metric 35
[...]
Aug 17 10:17:23 2015 routerRV325-T VPN Log: [g2gips0] #368: [Tunnel Established] ISAKMP SA established
Aug 17 10:17:23 2015 routerRV325-T VPN Log: [g2gips0]: cmd=up-client peer=204.xxx.xxx.xxx peer_client=10.100.0.0/17 peer_client_net=10.100.0.0 peer_client_mask=255.255.128.0
Aug 17 10:17:23 2015 routerRV325-T VPN Log: ip route add 10.100.0.0/17 via 192.168.0.155 dev eth1 metric 35
[...]
Aug 17 10:17:23 2015 routerRV325-T VPN Log: [g2gips0] #369: [Tunnel Established] sent QI2, IPsec SA established {ESP=>0x3992f5d6 < 0xcbe8f4fe}
Aug 17 10:51:30 2015 routerRV325-T VPN Log: [g2gips0] #368: [Tunnel Negotiation Fail] DPD: No response from peer - declaring peer dead
Aug 17 10:51:30 2015 routerRV325-T VPN Log: [g2gips0]: cmd=down-client peer=204.xxx.xxx.xxx peer_client=10.100.0.0/17 peer_client_net=10.100.0.0 peer_client_mask=255.255.128.0
Aug 17 10:51:30 2015 routerRV325-T VPN Log: ip route del 10.100.0.0/17 via 192.168.0.155 dev eth1 metric 35
[...]
Aug 17 10:51:31 2015 routerRV325-T VPN Log: [g2gips0] #370: [Tunnel Established] ISAKMP SA established
Aug 17 10:51:31 2015 routerRV325-T VPN Log: [g2gips0]: cmd=up-client peer=204.xxx.xxx.xxx peer_client=10.100.0.0/17 peer_client_net=10.100.0.0 peer_client_mask=255.255.128.0
Aug 17 10:51:31 2015 routerRV325-T VPN Log: ip route add 10.100.0.0/17 via 192.168.0.155 dev eth1 metric 35
[...]
Aug 17 10:51:31 2015 routerRV325-T VPN Log: [g2gips0] #371: [Tunnel Established] sent QI2, IPsec SA established {ESP=>0x8d5a16fc < 0xcf3e7f40}

Luis-elite3d · ‎08-19-2015

Is there anybody here?

RV325 with 2 IPsec VPNs