11-27-2010 03:46 PM
Hi all
This is my first Cisco forum post, and my first attempt at a VPN between two Cisco routers. I have setup a RVS4000 router in one location and WRVS in another and I can't get them to setup a VPN.
I have used the VPN setup wizard and get "Make sure the two Routers work normally. Then try it again" when trying to setup Step 1 of 3 via internet remotely. It scans and finds each router properly (It couldn't the first time as I didn't set DMZ) Both ends are able to be pinged, and I have set both routers as DMZ on the modem they connect to. I have search for troubleshooting of this error, but get nothing. Both routers work "normally" as internet and network access is fine at each location. Image of error is attached (I have moved the diag box down so you can see my settings)
I have tried to setup manually, but still no luck. Settings I am using are:
Location 1 (WRVS4400N at 203.45.185.134 )
System Information
Firmware Version: V2.0.0.8-ETSI
CPU: STAR 9202
System up time: 6 days, 14:46:29
DRAM: 64MB
FLASH : 16MB
Port Statistics
Network Setting Status
LAN IP: 192.168.1.1
WAN IP: 10.0.0.2
Mode: Gateway
DMZ: Off
DNS1: 10.0.0.1
DNS2:
DDNS: Off
Firewall Setting Status
DoS (Denial of Service): Off
Block WAN Request: Off
Remote Management: On
IPSec VPN Setting Status
IPSec VPN Summary:
Tunnel(s) Used: 1
Tunnel(s) Available: 4
And VPN info is
Local Group Setup
Local Security Gateway Type: IP Only
IP address: 10.0.0.2
Local Security Group Type: Subnet
IP Address: 192.168.1.0
Subnet Mask: 255.255.255.0
Remote Group Setup
Remote Security Gateway Type: IP Only
IP Adress 165.228.99.184
Remote Security Group Type: Subnet
IP Address: 192.168.2.0
Subnet Mask: 255.255.255.0
IPSec Setup (same for both)
Location 2 (RVS4400 at 165.228.99.184)
System Information
Firmware Version: V1.3.2.0
CPU: STAR 9202
System up time: 1 day, 01:23:07
DRAM: 64MB
FLASH : 8MB
Port Statistics
Network Setting Status
LAN IP: 192.168.2.1
WAN IP: 10.0.1.2
Mode: Gateway
DMZ: Off
DNS1: 8.8.8.8
DNS2: 8.8.4.4
DDNS: Off
Firewall Setting Status
DoS (Denial of Service): Off
Block WAN Request: Off
Remote Management: On
IPSec VPN Setting Status
IPSec VPN Summary:
Tunnel(s) Used: 1
Tunnel(s) Available: 4
And VPN info is
Local Group Setup
Local Security Gateway Type: IP Only
IP address: 10.0.1.2
Local Security Group Type: Subnet
IP Address: 192.168.2.0
Subnet Mask: 255.255.255.0
Remote Group Setup
Remote Security Gateway Type: IP Only
IP Adress 203.45.185.134
Remote Security Group Type: Subnet
IP Address: 192.168.1.0
Subnet Mask: 255.255.255.0
IPSec Setup (same for both)
I can't figure out what I have done wrong, or why the VPN wizard wont work,
Please help, or advise on best course of action. Let me know if you need aditional info.
Thanks
11-27-2010 07:50 PM
First off, I can't be too much help, except that I am attempting the EXACT same thing this weekend. Same model numbers, same objective. If I get the VPN tunnel up, I will let you know.
Just FYI, who is your ISP? My problem is that the RVS4000 is sitting behind a Comcast device SMC8014, so I have a second challenge ( how to pass requests through the Comcast device to the router).
If you figure it out, could you please post a follow up?
Thanks
11-28-2010 02:06 PM
Okay, I have the two same models as you do and got the VPN established, so you'll be relieved that it can be done! Before I go much further I must disclose that I am not a very knowledgable network guy, I know how to figure things out, but usually it's through trial and error.
The first thing i did was to use a numeric pass phrase, the first one I used had a bunch of special characters, so I simplified it a little.
I named the IPSec tunnel the same on both sides.
I'm sure you've verified that both routers remote administration works from the opposite location?
The only thing that catches my eye after looking at your configs is the WAN IP address....looks like a class C LAN IP address. My WAN IP addresses were provided by my ISP. I suppose that your WAN IP addresses will work if they are reachable from the outside world. I suspect those WAN IPs are not correct. Here is a screen shot of my settings. I hope it helps you out a little.
11-29-2010 01:08 AM
Hmmm
My WAN IP is the Cisco routers IP on the Modem/Router. The Modem is 10.0.0.1, and the Cisco router is 10.0.0.2 (modem connects to cisco via Internet port).
I have tried changing the WAN setings on the Cisco to the WAN details provided by my ISP, but I only get internet connection with the WAN IP settings as Automatic-DHCP (which gives 10.0.0.2 / 255.255.255.0 / 10.0.0.1)
How do I change the WAN IP settings (which are the default/unchangeable local IP in VPN settings)? I have set the modem/router to DMZ to 10.0.0.2 (the cisco router) and even tried turning off DHCP on modem/router but still can't connect using Static IP settings provided by ISP (which I have verified are correct)
Thanks
12-16-2010 11:19 AM
Be sure to flash your second router ... And be sure they are both using the most current Firmware version ....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide