Solved: WRVS4400N connecting to ASA 5540 IPSec L2L

WStoffel1 · ‎05-16-2013

I have a remote WRVS4400N that has a dynamic outside address that's initiating a connection to a ASA 5540 with a static address.

I'm all set on the ASA side. My questions relate to the 4400N. It doesn't appear to have a very robust configuration/setup available for L2L tunnels. For one my encryption is limited to 3DES.

But I'm wondering if I'm missing something in the config. I have to set up L2L tunnels to two other firewalls. One firewall has 3 discontiguous networks, and the other has 2. I have 5 tunnels setup, is this the only way? What I would like to see is 2 tunnels, one for each remote firewall, but then each tunnel would have access to the appropriate networks (like on the ASA side), is there anyway to do this? Perhaps a command line util for this unit?

My other issue relates to the tunnel-groups I have set up on my ASA's, and I would like to use appropriate names...however I can't seem to find a way to enable this to happen on the 4400N side....what I mean is I need a way to create either a "keyword identifier" or a "firewall identifier" on the 4400N and I don't see an appropriate field in the web interface. Anyone have any thoughts?

Thanks in advance.

Tom Watts · ‎05-20-2013

Hi WS, the WRVS router does not support a full tunnel configuration or the routes to have a multi site configuration. You would need a separate tunnel for each location.

Traditionally, the WRVS router has not been a good match to any ASA platform. In most instances I have seen when a tunnel has established it will make the WRVS router crash in a hour or less due to insufficient memory. If you're running in to a scenario where the WRVS becomes unresponsive or the tunnel drops, this is the likely scenario.

I would strongly recommend not to use the WRVS router for any tunnel with the ASA. If you're looking to stay in the small business realm, a RV220W or a RV042 router would be a much more suitable match.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

jeffrrod · ‎05-20-2013

Dear Customer,

Thank you for contacting Cisco Support Community.

Please find below the link with the L2TP VPN configuration guide for the WRVS4400N

http://sbkb.cisco.com/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=1384

Other than the configuration guide there, I suggest you to contact the VPN Support Community so that they can assist you further:

https://supportforums.cisco.com/community/netpro/security/vpn

Thank you for your time and kind regards,

Jeffrey Rodriguez S.

Cisco Customer Support Engineer.

Jeffrey Rodriguez S. .:|:.:|:. Cisco Customer Support Engineer *Please rate the Post so other will know when an answer has been found.

Tom Watts · ‎05-20-2013

Hi WS, the WRVS router does not support a full tunnel configuration or the routes to have a multi site configuration. You would need a separate tunnel for each location.

Traditionally, the WRVS router has not been a good match to any ASA platform. In most instances I have seen when a tunnel has established it will make the WRVS router crash in a hour or less due to insufficient memory. If you're running in to a scenario where the WRVS becomes unresponsive or the tunnel drops, this is the likely scenario.

I would strongly recommend not to use the WRVS router for any tunnel with the ASA. If you're looking to stay in the small business realm, a RV220W or a RV042 router would be a much more suitable match.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

WStoffel1 · ‎05-21-2013

Thanks for the input. I sort of figured as much. But I have had the 5 tunnels up for over a week now with no issues. Unfortunately I'm handed hardware, in this case overseas, and not much I can do about it, I just have to make it work.