Need help RVS4000 to RVS4000 VPN tunnel

coperi800 · ‎07-28-2011

Hello,

I was trying to connect 2 RVS4000 devices to each other creating a vpn tunnel but the status of the link is always "down". I have followed the instructions on the "Administration Guide" to connect a gateway to gateway vpn tunnel using static ip's and I have also upgraded the firmware to 2.0.2.7 but still the tunnel status is down. Thanks for the help!

jasbryan · ‎07-28-2011

jj,

First i would start by verifying that you have a public ip address on both RVS4000 Wan interfaces. After this is verified then you want to make sure all ports are open and not being blocked by your ISP. you can do this by changing the remote management port on the firewall tab to the 4 ports that you need for IPsec tunneling. 443,500,4500,60443. If you are able remote manage your router on all four ports mark this site good for tunneling. Now repeat this process on site 2.

After verifying all port are opened on both sites.

Make sure Router 1 is on a different local subnet than router 2 , so if router 1= 192.168.1.1 (local) then change router 2 = 192.168.2.1 (local) after this is completed. You are ready to configure your IPsec tunnel.

If you have any previous tunnels i would delete and reconfigure.

Local security gateway - by IP address ( place your static public ip address)

Local security group - router 1 192.168.1.0 255.255.255.0

remote security gateway - bv IP address ( place your remote static public ip address)

remote secutit group - 192.168.2.0 255.255.255.0

Make sure phase 1 and phase 2 are exactly the same,

I like to disable PFS on both side of the tunnel.

pre share key (exactly the same)

Now save and connect, your tunnels should be up successfully now.

Thanks,

Jason Bryant

Cisco Support Engineer

.:|:.:|:.