vpn configuration support needed

wjihrig11 · ‎05-21-2015

I have a RV180 router that I bought to replace a befvp41 that I suspect is going bad. I want to install this at our main business site and accept

VPN connections from 3 different remote sites. I have set the advanced vpn to be a responder and configured the IKE policy & VPN policy for

all three remote sites. I can see that the remote site tries to make a connection but the local site(RV180) doesn't respond at all.

What am I doing wrong????

ruwyatt · ‎05-21-2015

Hi - thank you for contacting the Cisco Support Community.

I am sorry to hear you are having issues with the VPN configuration on your router. We will need more information about the configs of the VPN router that the RV180 will be establishing the VPN with.

Can you provide screenshots of the VPN configs of the routers?

Typically you would set the VPN config to Responder if you do not want the router to try to initiate the VPN tunnel itself. It would just accept initiations from other VPN routers/devices and go through the process of authenticating the tunnel. You might want to do this if one of the router's has a dynamic outside address.

wjihrig11 · ‎05-21-2015

I have attached a word file that has 1 of the 3 tunnels that I have set up using advanced VPN setup.

I also included screens of the BEFVP41 linksys router in my house...

ruwyatt · ‎05-21-2015

Do both router's in your snapshots have static WAN addresses?

Your IKE policy has Local/Remote Identifier Types of FQDN with "any". The router would be looking for an SA from a router with "any" as the identifier. Typically you would use FQDN if you have DynDNS set up on either router instead of using a static address.

Also the VPN policy has a Remote Endpoint FQDN of "any" as well.

The Linksys router has a Remote Security Gateway gateway of 72.95.131.74. Is that the WAN address of the RV180?

wjihrig11 · ‎05-21-2015

yes the 72.95.131.74 is the static address here at work and it is what the wan address is for the RV180. Our house addresses are dynamic and could change from time to time. I attached the setup pages for the Linksys router that I want to replace here at work. I need to configure for a dynamic address from the remote routers.

ruwyatt · ‎05-21-2015

I see what you mean - there is no actual Any option for the remote gateway endpoint in the RV180. You either have to choose IP or FQDN.

You can use FQDN and basically use any FQDN you configure in the opposing router but I am not sure where you can configure that in a Linksys router.

In the RV180 you can assign a Local Identifier FQDN and it can just be something like local.com.

Is there somewhere in the Linksys router to set up a local identifier FQDN?

wjihrig11 · ‎05-22-2015

the attached file shows where you configure the any IP is where you can set it for FQDN. Is there maybe updated or special firmware for the router that will give the option that we need. Or is there a different small office router that does have the option.

I find it troubling that you don't have that option especially with having the option to be a responder only!!!!

wjihrig11 · ‎05-22-2015

In the diagram that I sent I had the wrong address for what would be used for the

FQDN. It would be the 192.168.1.2 and not 192.168.12.2....