CISCO RV220W VPN IPSec Connected but don't able to reach anything on the lan

fnuzzodev · ‎12-08-2014

Hi,

I am trying to use IPSecuritas and SHrew software to connect into my company's network using IPSec tunnel with my mac.

I'm able to initialise tunnel connection with both software but I don't reach any host on my network, no ping, no traceroute to anything.

The company LAN has the subnet 192.168.1.0/24 and Cisco RV220W is default gateway and dhcp server.

I need to connect from any place (like internet point, home ecc. ) to my network

Thank's in advance

(Same result with windows client)

Cisco Connection Log

Cisco Log:
2014-12-08 23:16:54: [rv220w][IKE] INFO: Remote configuration for identifier "remote.com" found
2014-12-08 23:16:54: [rv220w][IKE] INFO: Received request for new phase 1 negotiation: XXX.XXX.XXX.XXX[500]<=>XXX.XXX.XXX.XXX[500]
2014-12-08 23:16:54: [rv220w][IKE] INFO: Beginning Aggressive mode.
2014-12-08 23:16:54: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
2014-12-08 23:16:54: [rv220w][IKE] INFO: Received unknown Vendor ID
2014-12-08 23:16:54: [rv220w][IKE] INFO: Received unknown Vendor ID
2014-12-08 23:16:54: [rv220w][IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02

2014-12-08 23:16:54: [rv220w][IKE] INFO: Received unknown Vendor ID
2014-12-08 23:16:54: [rv220w][IKE] INFO: Received Vendor ID: RFC 3947
2014-12-08 23:16:54: [rv220w][IKE] INFO: Received Vendor ID: DPD
2014-12-08 23:16:54: [rv220w][IKE] INFO: Received Vendor ID: DPD
2014-12-08 23:16:54: [rv220w][IKE] INFO: Received unknown Vendor ID
2014-12-08 23:16:54: [rv220w][IKE] INFO: Received unknown Vendor ID
2014-12-08 23:16:54: [rv220w][IKE] INFO: Received unknown Vendor ID
2014-12-08 23:16:54: [rv220w][IKE] INFO: Received Vendor ID: CISCO-UNITY
2014-12-08 23:16:54: [rv220w][IKE] INFO: Received unknown Vendor ID
2014-12-08 23:16:54: [rv220w][IKE] INFO: For XXX.XXX.XXX.XXX[500], Selected NAT-T version: RFC 39472014-12-08 23:16:55: [rv220w][IKE] INFO: Floating ports for NAT-T with peer XXX.XXX.XXX.XXX[4500]
2014-12-08 23:16:55: [rv220w][IKE] INFO: NAT-D payload does not match for XXX.XXX.XXX.XXX[4500]
2014-12-08 23:16:55: [rv220w][IKE] INFO: NAT-D payload does not match for XXX.XXX.XXX.XXX[4500]
2014-12-08 23:16:55: [rv220w][IKE] INFO: NAT detected: Local is behind a NAT device. and alsoPeer is behind a NAT device
2014-12-08 23:16:55: [rv220w][IKE] INFO: Sending Xauth request to XXX.XXX.XXX.XXX[4500]
2014-12-08 23:16:55: [rv220w][IKE] INFO: ISAKMP-SA established for XXX.XXX.XXX.XXX[4500]-XXX.XXX.XXX.XXX[4500] with spi:a38e72b0ae8609d3:6968a3e96aca7fde
2014-12-08 23:16:55: [rv220w][IKE] INFO: Received attribute type "ISAKMP_CFG_REPLY" from XXX.XXX.XXX.XXX[4500]
2014-12-08 23:16:55: [rv220w][IKE] INFO: Login succeeded for user "XXXXX"
2014-12-08 23:16:55: [rv220w][IKE] INFO: Responding to new phase 2 negotiation: XXX.XXX.XXX.XXX[0]<=>XXX.XXX.XXX.XXX[0]
2014-12-08 23:16:55: [rv220w][IKE] INFO: Using IPsec SA configuration: 192.168.2.1/24<->0.0.0.0/0 from remote.com
2014-12-08 23:16:55: [rv220w][IKE] INFO: No policy found, generating the policy : 192.168.2.0/32[0] 192.168.2.0/24[0] proto=any dir=in
2014-12-08 23:16:55: [rv220w][IKE] INFO: Adjusting peer's encmode 3(3)->Tunnel(1)
2014-12-08 23:16:55: [rv220w][IKE] INFO: IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel XXX.XXX.XXX.XXX->XXX.XXX.XXX.XXX with spi=244279887(0xe8f6a4f)
2014-12-08 23:16:55: [rv220w][IKE] INFO: IPsec-SA established[UDP encap 4500->4500]: ESP/Tunnel XXX.XXX.XXX.XXX->XXX.XXX.XXX.XXX with spi=206715361(0xc5239e1)

Shrew Log:

config loaded for site 'XX.XX:XX.XX'
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
network device configured
tunnel enabled

This is my router configuration

This is Shrew configuration