05-20-2011 05:26 AM
Hello Everyone,
We have a customer that recently changed IT Vedors and came to us. We needed to change the ISP and need to make changes in their Firewall. I went out on site and wasn't able to get into the Routers and I contacted the previos company but they wouldn't release that information. So we had to reset the devices and set everything back up. Everything works great except before they had an IPSEC VPN Tunnel between the 2 buildings. Both Buildings have WRVS4400N Routers and I have setup a VPN IPSEC Tunnel on both sides. I have named them the same and the summary says that both are up. But when I try to go from one side to the other I am unable to Ping or resolve anything. I will put all the information that I may think is relavent to this problem and hope someone can help me. I called Cisco but they said they are out of warranty and will not be able to help. Cisco directed me here.
Site A:
Internal:
192.59.1.1 (IP)
255.255.255.0 (SN)
External:
96.10.218.14 (IP)
255.255.255.252 (SN)
96.10.218.13 (GW)
24.25.5.60 (DNS1)
24.25.5.61 (DNS2)
Site B:
Internal:
192.39.1.1 (IP)
255.255.255.0 (SN)
External:
50.52.145.50 (IP)
255.255.255.252 (SN)
50.52.145.49 (GW)
184.16.4.22 (DNS1)
184.16.33.54 (DNS2)
VPN Tunnels
Site A
Site B
For security purposes the IPs are not exactly what is being posted but I have checked them 10 times and they match what the remote side says. Again both say they are up but I am unable to ping or see devices from the tunnel. Please help.
Thanks in advance
Mike
Solved! Go to Solution.
05-20-2011 03:04 PM
The problem is most likely in the "Local Group" configuration. The way they are set up is basically to only allow 192.39.1.1 and 192.59.1.1 to talk to each other. Those fields should read as the subnet ID like this: 192.39.1.0 and 192.59.1.0
Try that restart the tunnels, and let us know how it worked out.
05-20-2011 03:04 PM
The problem is most likely in the "Local Group" configuration. The way they are set up is basically to only allow 192.39.1.1 and 192.59.1.1 to talk to each other. Those fields should read as the subnet ID like this: 192.39.1.0 and 192.59.1.0
Try that restart the tunnels, and let us know how it worked out.
05-20-2011 03:19 PM
Thanks so much for the response. I changed them to what was suggested because that does make sense. But I tried to ping the Gateways and Printers from each side but no luck. Any other ideas?
Mike Cross
05-20-2011 03:28 PM
Got it fixed!!! You got me on the right track it was the Local Group as well as the Remote Group. Once I change them it is working here is a screenshot so if you ever need to reference it.
Thanks so much and have a nice weekend.
Mike Cross
05-20-2011 04:15 PM
That is good news. Thanks for pointing out what I missed. That was what I meant when I wrote the response but I am sure you learned a lot more from my small omission.
Good Luck
11-25-2013 11:05 AM
Hello,
I realize this is a 2 year old thread but I am currently having a very similar problem as the one described above. I was excited when I found this thread as I also made the same above error in setting the networks to .1 instead of .0 and thought this would fix my issue as well, but it did not. The tunnel goes down on a regular basis, it is established with no issues but will not remain up for longer than a few hours it seems. I have a cable based internet connection for the main site and a DSL connection at the other. The config is the same as the example in the original post (different IPs obviously) but IKE with PSK instead of Manual for the Keying Mode. Any input is appreciated. Thanks in advance.
11-25-2013 12:11 PM
m.pisano004,
Does the tunnel go down when you are actively passing traffic through it? The WRVS4400N/RVS4000 do not have keep alive so the tunnel should be expected to go down after some period of inactivity. If you ping a server on the other side of the tunnel it should bring the tunnel back up very quickly.
- Marty
11-25-2013 12:18 PM
Yes, unfortunately the tunnel goes down even when passing traffic. I have an non-stop ping going between sites as a test. To bring the tunnel back up I have to either disable then re-enable the tunnel or sometimes allowing remote connections under the firewall tab brings the tunnel back up (which seems very strange to me).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide