Solved: IKE VPN disconnects when passes through Cisco RV325

elohimverse · ‎01-03-2018

Hi all,

We are having major issues with router Cisco RV325 when connecting to IKE VPN on any of the computers behind the router. Basically it connects and drops with gateway failure.

I have checked the MTU from our provider with "ping -f -l **** cnn.com" where for **** I've lowered from 1500 until it start returning packets. I've found that the MTU from our provider is 1472 and put that MTU into the router WAN settings. I was pretty sure that the issue was because of the larger ipsec header, but apparently this didn't work.

Has anyone experienced such an issue or at least has an idea what could cause the vpn to stop?

Thank you in advance!

-

Rosen

Georg Pauwen · ‎01-03-2018

Hello,

the first thing you want to check with these small business routers is if the firmware is updated to the latest release. Which is 1.4.2.17 - is your RV325 running that ?

View solution in original post

KevinRobertson · ‎01-03-2018

Does this happen every time or intermittently?

elohimverse · ‎01-03-2018

We could say it is intermittently. I have tried with only one vpn connection and with more than one. It starts, runs for a minute and fails.

P.s. Also I want to imply that we have that issue from about a month ago and we were not having it before that. We've change from half to full duplex because the router was giving about 1/10 of the speed the provider sends to us and the issue started week after that.

KevinRobertson · ‎01-03-2018

I would recommend debugging the connection and looking for specific notifications.

#debug crypto isakmp

#debug crypto ipsec

This document might help:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/xe-3s/sec-sec-for-vpns-w-ipsec-xe-3s-book/sec-crypto-debug-sup.html

elohimverse · ‎01-03-2018

Unfortunately, I do not think we have the tools or knowledge to debug that way. I've checked the article and it is very detailed indeed. If I only new how to get into that debug mode. I am no Cisco geek as you can tell.

If you have an idea which options could interfere that connection I can make few tests.

KevinRobertson · ‎01-03-2018

It's as easy as typing #debug <commands> in enable mode.

Then you should start to see notifications relating to the tunnel teardown procedure etc.

Georg Pauwen · ‎01-03-2018

Hello,

the first thing you want to check with these small business routers is if the firmware is updated to the latest release. Which is 1.4.2.17 - is your RV325 running that ?

elohimverse · ‎01-03-2018

I checked the version now. It is > 1.4.2.15

I will upgrade to the new one in hour or so and write back.

elohimverse · ‎01-05-2018

I really thought that this wouldn't help me, since I've updated the router few months ago, but it did. I decided first to update it and if this doesn't work to proceed with Kevin's advise to debug.
It was not needed this time. Nevertheless I will keep in mind the ways to debug, which Kevin Robertson provided.
Thank you all!