Trouble connecting gateway to gateway using Cisco RV082
Hello Cisco community,
I'm trying to set up a gateway to gateway VPN and I'm having some trouble. One RV082 is connected directly to a cable modem. The other end uses FiOS and is connected to their gateway. I've forwarded the following ports in the Verizon router (I know I have more than needed, so once it's working I will delete forwards that are not needed): UDP 1701, TCP/UDP 500, TCP/UDP 4500, TCP/UDP 1723, UDP 1194. Both sides have static IP addresses, however the RV082 on the Verizon FiOS side has a private IP address (not sure if this is my problem). In the configuration, the remote group IP address on both sides have the WAN IP address of the other side. I can't figure out how to find the logs so I can see what is happening (or not happening). When I click on the system logs and select VPN logs, there are no entries.
I've set up a VPN before, but that was using Windows server as the VPN server. I've never set up a gateway to gateway VPN before. Any help is greatly appreciated.
I'm sure there is more information you need to help me. Let me know what else is needed and I'll post it.
The easy part of the question is about what ports are needed. You would need UDP 500 and probably 4500 for the VPN to work. I am not clear about your comment that you are forwarding those ports. In general for VPN those ports are not forwarded but must be allowed incoming to the VPN device.
The issue may very well be the private address used on one side. That suggests that the device may learn its IP using DHCP or some similar negotiation. The solution for this is typically for the other side to have a dynamic crypto map setting the peer address to 0.0.0.0. This allows the side with the dynamic address to initiate the VPN and for the other device to dynamically learn the address of its peer device. Not sure how to do this on your platform.
Thank you for the info. I wasn't aware there was a difference between port forwarding and allowing ports to the incoming device. On some other devices, I've seen references to "VPN passthrough", but I never stopped to think about it. My device does not have that option.
The RV082 that is behind the Verizon router does indeed receive a class 3 DHCP address from the Verizon router.
I'm not familiar with a dynamic crypto map setting. Would that be a setting in the RV082? There is no other device other than the PC I'm using to configure the settings on the RV082.
Thank you for the diagram. My comment about dynamic crypto map was based on configuration of other Cisco IOS routers. The RV082 is different and you configure parameters but do not actually configure the crypto map (the RV082 apparently creates the crypto map using the parameters you specify) Here is a link to some documentation from Cisco about doing VPN on RV082. It discusses some options for configuring when one of the router addresses is dynamic. I hope you find it helpful.
DMVPN (Dynamic Multipoint VPN) Introduced by Cisco in late 2000 is a routing technology you can use to build a VPN network with multiple sites (spokes) without having to statically configure all devices. It’s a “hub and spoke” network, where the spok...
On 24th August 2021, Cisco announced the latest IOS XE release - Cisco IOS XE Bengaluru 17.6.1a
IOS XE 17.6.1a unlocks various routing features and enhancements comprehensively covering different technology segments such as voice, security,...
DMVPN (Dynamic Multipoint VPN) Introduced by Cisco in late 2000 is a routing technology you can use to build a VPN network with multiple sites (spokes) without having to statically configure all devices. It’s a “hub and spoke” network, where th...
SummaryRequirementsConfiguration StepsVerificationFAQTroubleshootingReferences & Tools
In the past when IOS 12.x was hot stuff we used MD5 to authenticate OSPF neighbors. This worked great on ethernet networks because OSPF is a m...
Chapter 1 – Pre-requisite
You have Root or Super Users access privileges of Cisco Prime Infrastructure.
You have access credentials of Cisco DNA Center.
You use Cisco Prime Infrastructure version 3.5 and above which is compatible with Cisco DNA Center v...