Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2483
Views
0
Helpful
7
Replies

WRVS4400N IPSEC VPN

Go to solution
Stretch1982
Level 1
Level 1

‎05-20-2011 05:26 AM

Hello Everyone,

We  have a customer that recently changed IT Vedors and came to us. We  needed to change the ISP and need to make changes in their Firewall. I  went out on site and wasn't able to get into the Routers and I contacted  the previos company but they wouldn't release that information. So we  had to reset the devices and set everything back up. Everything works  great except before they had an IPSEC VPN Tunnel between the 2  buildings. Both Buildings have WRVS4400N Routers and I have setup a VPN  IPSEC Tunnel on both sides. I have named them the same and the summary  says that both are up. But when I try to go from one side to the other I  am unable to Ping or resolve anything. I will put all the information  that I may think is relavent to this problem and hope someone can help  me. I called Cisco but they said they are out of warranty and will not  be able to help. Cisco directed me here.

Site A:

Internal:

     192.59.1.1 (IP)

     255.255.255.0 (SN)

External:

     96.10.218.14 (IP)

     255.255.255.252 (SN)

     96.10.218.13 (GW)

     24.25.5.60 (DNS1)

     24.25.5.61 (DNS2)

SiteA.PNG

Site B:

Internal:

     192.39.1.1 (IP)

     255.255.255.0 (SN)

External:

     50.52.145.50 (IP)

     255.255.255.252 (SN)

     50.52.145.49 (GW)

     184.16.4.22 (DNS1)

     184.16.33.54 (DNS2)

SiteB.PNG


VPN Tunnels

Site A

tunnela.PNG

Site B

tunnelb.PNG

For security purposes the IPs are not exactly what is being posted  but I have checked them 10 times and they match what the remote side  says. Again both say they are up but I am unable to ping or see devices  from the tunnel. Please help.

Thanks in advance

Mike

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Alejandro Gallego
Cisco Employee
Cisco Employee

‎05-20-2011 03:04 PM

The problem is most likely in the "Local Group" configuration. The way they are set up is basically to only allow 192.39.1.1 and 192.59.1.1 to talk to each other. Those fields should read as the subnet ID like this: 192.39.1.0 and 192.59.1.0

Try that restart the tunnels, and let us know how it worked out.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Alejandro Gallego
Cisco Employee
Cisco Employee

‎05-20-2011 03:04 PM

The problem is most likely in the "Local Group" configuration. The way they are set up is basically to only allow 192.39.1.1 and 192.59.1.1 to talk to each other. Those fields should read as the subnet ID like this: 192.39.1.0 and 192.59.1.0

Try that restart the tunnels, and let us know how it worked out.

0 Helpful

Go to solution
Stretch1982
Level 1
Level 1
In response to Alejandro Gallego

‎05-20-2011 03:19 PM

Thanks so much for the response. I changed them to what was suggested because that does make sense. But I tried to ping the Gateways and Printers from each side but no luck. Any other ideas?

Mike Cross

0 Helpful

Go to solution
Stretch1982
Level 1
Level 1
In response to Stretch1982

‎05-20-2011 03:28 PM

Got it fixed!!! You got me on the right track it was the Local Group as well as the Remote Group. Once I change them it is working here is a screenshot so if you ever need to reference it.

Thanks so much and have a nice weekend.

Mike Cross

0 Helpful

Go to solution
Alejandro Gallego
Cisco Employee
Cisco Employee
In response to Stretch1982

‎05-20-2011 04:15 PM

That is good news. Thanks for pointing out what I missed. That was what I meant when I wrote the response but I am sure you learned a lot more from my small omission.

Good Luck

0 Helpful

Go to solution
m.pisano004
Level 1
Level 1
In response to Alejandro Gallego

‎11-25-2013 11:05 AM

Hello,

I realize this is a 2 year old thread but I am currently having a very similar problem as the one described above. I was excited when I found this thread as I also made the same above error in setting the networks to .1 instead of .0 and thought this would fix my issue as well, but it did not. The tunnel goes down on a regular basis, it is established with no issues but will not remain up for longer than a few hours it seems. I have a cable based internet connection for the main site and a DSL connection at the other. The config is the same as the example in the original post (different IPs obviously) but IKE with PSK instead of Manual for the Keying Mode. Any input is appreciated. Thanks in advance.

0 Helpful

Go to solution
mpyhala
Level 7
Level 7
In response to m.pisano004

‎11-25-2013 12:11 PM

m.pisano004,

Does  the tunnel go down when you are actively passing traffic through it? The WRVS4400N/RVS4000 do not have keep alive so the tunnel should be expected to go down after some period of inactivity. If you ping a server on the other side of the tunnel it should bring the tunnel back up very quickly.

- Marty

0 Helpful

Go to solution
m.pisano004
Level 1
Level 1
In response to mpyhala

‎11-25-2013 12:18 PM

Yes, unfortunately the tunnel goes down even when passing traffic. I have an non-stop ping going between sites as a test. To bring the tunnel back up I have to either disable then re-enable the tunnel or sometimes allowing remote connections under the firewall tab brings the tunnel back up (which seems very strange to me).

0 Helpful
Customers Also Viewed These Support Documents