04-16-2016 01:56 PM
Hi, we are trying to configure a VPN IPSEC (site-to-site) between RV110W and RV130W. They both are running the latest FW version.
The RV130W have fixed public IP (the concetrator)
The RV110W MUST work behind NAT (it will be connected to a standard DSL/cable modem) and have DHCP client at WAN interface.
*It is using DDNS.
We had some unsuccessful tests, always indicating "IPSec SA Not Established" at RV110W and not_connected at RV130W side.
Any tip regarding what to configure at RV130W as Remote Identifier (since the RV110W is using dynamic IP at WAN interface)?
Thanks
04-16-2016 04:48 PM
After a lot of tests, this is what we got at RV130 log:
1 2016-04-17 12:45:56 AM warning pluto[7648]: "VPN_from_RV110W": deleting connection
2 2016-04-17 12:45:55 AM warning pluto[7648]: "VPN_from_RV110W" #3: deleting state (STATE_MAIN_I1)
3 2016-04-17 12:45:55 AM warning pluto[7648]: "VPN_from_RV110W": terminating SAs using this connection
4 2016-04-17 12:45:52 AM warning pluto[7648]: "VPN_from_RV110W" #3: initiating Main Mode
5 2016-04-17 12:45:50 AM warning pluto[7648]: added connection description "VPN_from_RV110W"
6 2016-04-17 12:45:49 AM warning pluto[7648]: "VPN_from_RV110W": deleting connection
7 2016-04-17 12:45:48 AM warning pluto[7648]: packet from X.X.X.X: initial Main Mode message received on A.B.C.D:500 but no connection has been authorized with policy=PSK
8 2016-04-17 12:45:48 AM warning pluto[7648]: packet from X.X.X.X: received Vendor ID payload [Dead Peer Detection]
9 2016-04-17 12:45:48 AM warning pluto[7648]: packet from X.X.X.X:41: ignoring unknown Vendor ID payload [4f457e717f6b5a4e727d576b]
10 2016-04-17 12:45:48 AM warning pluto[7648]: "VPN_from_RV110W" #2: deleting state (STATE_MAIN_I1)
11 2016-04-17 12:45:48 AM warning pluto[7648]: "VPN_from_RV110W": terminating SAs using this connection
12 2016-04-17 12:45:45 AM warning pluto[7648]: "VPN_from_RV110W" #2: initiating Main Mode
13 2016-04-17 12:45:43 AM warning pluto[7648]: added connection description "VPN_from_RV110W"
Any ideas?
04-18-2016 12:58 PM
Well, I opened a Cisco SR at TAC and the engineer said that it is not possible to use the RV110W behind NAT because it do not Support NAT-Traversal. She suggested to try to configure the DSL Modem in bridge mode to have the public IP direclty at WAN interface and send the feedback to the case.
After this, I did some more tests and log verifications and after to configure the RV110W with fixed fixed IP (local address for DSL modem. eg: 192.168.1.10) and put this IP as RemoteID at RV130W side, the tunnel was up. No other configuration at DSL was needed. The only concern is that the Public IP used by the DSL connection must be know, to configure at RV130W side (The RV130W do not work fine if we point to FQDN and RV110W configure its WAN (local IP in my case) to a Dynamic DNS.
It is now working fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide