VPN Gateway to Gateway connection drops

Huggiesbear · ‎06-13-2018

Hello all.

i seem to have an issue with my GW to GW setup between my 2 x Cisco RV320’s (one at home and one in the office). The tunnel is up and it always stays connected but I can’t connect to devices from either when I could before. My office RV320 does have a LAN to LAN IPSec Tunnel to a Draytek router and that seems fine.

If I reboot my home RV320 I can connect back to the office ok but this only lasts for about 2 min and then it goes again. Has anyone got and ideas? The one thing that has change is I have a new internet service, the firewall is the same from when it worked, it’s on the lastest firmware and the router for the new internet has turn of the ACL that Denys any access.

its strange as it was working and not I can’t get it back up

Georg Pauwen · ‎06-13-2018

Hello,

--> the firewall is the same from when it worked

Does that mean there is an additional firewall between your RV320 and the Internet ? Or between the RV320 and your LAN ?

Just to be sure, the latest firmware is 1.4.2.19, are you running that ?

paul driver · ‎06-13-2018

Hello

Just like to add - does your "new" router/firewall support vpn passthrough and if so is it enabled?

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Huggiesbear · ‎06-14-2018

Hell all, thank you for the replies. Yes the firmware at both ends is as mentioned above on the latest release.

i have done some further testing and this is what I have found. I can access my home network from work fine but from home to the office is still a problem. Could this link in with VPN Passthrough option mentioned above?

could this also be a routing issue? I do have at the work end three separate networks running of this Rv320

192.168.1.0, 192.168.2.0 and 192.168.3.0 each on a separate VLAN which I could access before. The GW To GW cover the above range, so do I need to tell the router of this IP range via any routing

Georg Pauwen · ‎06-14-2018

Hello,

what brand/model is the firewall, and what is your physical setup ?

RV320 --> Firewall (HOME) --> RV320 (OFFICE)

?

Huggiesbear · ‎06-14-2018

I am mainly using the firewall on the RV320’s. the router that my BTnet circuit connects to I don’t have access to. I can find the model tomorrow but it is a Cisco device.

i have attached a rough network diagram, not the best as it’s pen to paper lol. What is the best method on the Rv320 to see what is blocking this?

Georg Pauwen · ‎06-14-2018

Hello,

it might as well be the BTNet devices that drop the connection. Either way, check if you have Keep-Alives and Dead Peer Detection configured on your RV320s (page 88 of the attached admin guide)...

https://www.cisco.com/c/dam/en/us/td/docs/routers/csbr/rv320/administration/guide/en/rv32x_ag_en.pdf

Huggiesbear · ‎06-14-2018

Hello

the keep alive and DPD option was enabled at both ends.

I have message the BTnet team that manage that router to see if they can enable VPN Pass Through or allow any traffic from the remote IP Address.

Worst case I will swing back to my old circuit for testing as it did work on that