cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
836
Views
0
Helpful
2
Replies

RV042: No recovery of VPN after T-NAT: new mapping entry

nebelfuerst
Level 1
Level 1

I use a bunch of RV042 (V3, lastest firmware) to connect to local networks over an ipsec-vpn.

As there is a separate router to handle the internet-connection, the RV042 has to do NAT-T, which worked well for years. ( Both sides of the VP do NAT-T.)

Recently, some of these internet-routers had to be changed due to technology upgrade. 

Each day, at the same time, the VPN gets dropped after the log-lines below. No matter, what I click inside the RV042, the only method to recover is to reboot the RV042. The "same time" is hours off any log entries in the internet-router, there is nothing like reconnects, not even any log entries.

In some cases it doesn't help to reboot only one router,  I have to get both rebootet, which is quite annoying.

Is there a solution for this ?

 

Apr 11 10:46:50 2018 VPN Log (g2gips0) #14: [Tunnel Established] IPsec SA established {ESP=>0x2f81db14 <0xdbedba27 IPCOMP=>0x00006c3f <0x0000860d NATOA=0.0.0.0}
Apr 11 10:55:14 2018 VPN Log packet from <cencored>:500: [Tunnel Authorize Fail] no connection has been authorized with policy=PSK
Apr 11 10:55:44 2018 Kernel last message repeated 2 times
Apr 11 10:55:48 2018 VPN Log (g2gips0) #15: [Tunnel Established] ISAKMP SA established
Apr 11 10:56:24 2018 VPN Log | NAT-T: new mapping <cencored>:500/4500)
Apr 11 10:56:24 2018 VPN Log (g2gips0) #16: [Tunnel Established] sent MR3, ISAKMP SA established
Apr 11 11:45:39 2018 VPN Log (g2gips0) #17: [Tunnel Established] IPsec SA established {ESP=>0x76abeb88 <0xbb0c20a0 IPCOMP=>0x00008859 <0x0000db83 NATOA=0.0.0.0}
Apr 11 12:45:22 2018 VPN Log | NAT-T: new mapping <cencored>:500/4500)
Apr 11 12:45:22 2018 VPN Log (g2gips0) #18: [Tunnel Negotiation Fail] Phase 1 SA was destroyed
Apr 11 12:45:42 2018 VPN Log (g2gips0) #19: [Tunnel Negotiation Fail] Phase 1 SA was destroyed
2 Replies 2

Iliya Gatsev
Cisco Employee
Cisco Employee

Hi, 
My name is Iliya Gatsev from Cisco Technical Support Team.

I think it would be best if you could call our support line and open a support ticket, so we can do a WebEx remote session and check the configuration.

 

https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

 

Iliya Gatsev
Cisco STAC Network Engineer
Together we are the human network .:|:.:|:. CISCO

The problem was not solved. 

On customer called your support and the config was checked, but no errors found.

The VPN breaks down after the "T-NAT: new mapping" entry.

If I use router-vpn of fritzbox or openwrt, the VPN is completely stable. Unfortunately, there are some 50 RV042 in the field. For these I use a timer clock to have them reset every 4 hours.

The problem seems to be in the software of the RV042.

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: