RV042 to RV082 VPN (site-to-site) connecting problem

06231984J · ‎09-17-2012

Hi!

We are trying to connect our new RV042 here in Philippines to RV082 of our main office in Perth Australia. We have an old RV082 and we follow the same settings (all settings/configuration) from the old router. But we cant's seem to connect the VPN. If we return the connection to the old router, it connects easily.

Please help us.

Details :

Office A (Perth):

- RV082 router

- Client Network :10.50.0.0

- Internal Address : 10.50.0.254

Office B (Ph) :

- RV042 router.

- Client Network : 10.75.0.0

- Internal Address : 10.75.0.254

Layout :

Office A ----> RV082 ----> INTERNET <------ RV042 -----< OFFICE B

10.50.0.254 10.75.0.254

VPN details :

Office A :

- remote group type = SUBNET 10.75.0.0

- local group = SUBNET 10.50.0.0

- IP Address = 116.XXX.XXX.XXX

Office B :

- remote group type = SUBNET 10.50.0.0

- local group = SUBNET 10.75.0.0

- IP Address = 103.XXX.XXX.XXX

Thanks in advance for anyone who can help!

Tom Watts · ‎09-17-2012

Hi Jonathan, post a screen shot of both router config for the site to site tunnel. It sounds like a phase 1 or phase 2 mismatch somewhere.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

06231984J · ‎09-17-2012

Sorry I can't get a screenshot.

But we successfully connected the VPN but we can't connect to our intranet that is going via VPN connection, and here is the VPN log:

Sep 18 08:33:11 2012 VPN Log (g2gips0) #68: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x560f2e85 (perhaps this is a duplicated packet)

Sep 18 08:33:11 2012 VPN Log (g2gips0) #68: sending encrypted notification INVALID_MESSAGE_ID to 116.212.235.126:500

Sep 18 08:33:13 2012 VPN Log (g2gips0) #68: received Delete SA payload: deleting ISAKMP State #68

Sep 18 08:33:14 2012 VPN Log (g2gips0) #67: DPD: Could not find newest phase 1 state

Sep 18 08:33:18 2012 VPN Log packet from 116.212.235.126:500: received Vendor ID payload [Dead Peer Detection]

Sep 18 08:33:18 2012 VPN Log packet from 116.212.235.126:500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet

Sep 18 08:33:18 2012 VPN Log (g2gips0) #69: responding to Main Mode

Sep 18 08:33:18 2012 VPN Log (g2gips0) #69: [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet

Sep 18 08:33:18 2012 VPN Log (g2gips0) #69: [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet

Sep 18 08:33:18 2012 VPN Log (g2gips0) #69: [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet

Sep 18 08:33:19 2012 VPN Log (g2gips0) #69: [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet

Sep 18 08:33:19 2012 VPN Log (g2gips0) #69: Peer ID is ID_IPV4_ADDR: '116.212.235.126'

Sep 18 08:33:19 2012 VPN Log (g2gips0) #69: [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet

Sep 18 08:33:19 2012 VPN Log (g2gips0) #69: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established

Sep 18 08:33:19 2012 VPN Log (g2gips0) #69: sent MR3, ISAKMP SA established

Sep 18 08:33:20 2012 VPN Log (g2gips0) #69: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet

Sep 18 08:33:20 2012 VPN Log (g2gips0) #69: cannot respond to IPsec SA request because no connection is known for 10.70.0.0/24===103.10.152.138...116.212.235.126===10.50.0.0/24

Sep 18 08:33:20 2012 VPN Log (g2gips0) #69: sending encrypted notification INVALID_ID_INFORMATION to 116.212.235.126:500

06231984J · ‎09-17-2012

We are puzzled because we didn't put 10.70.0.0 in VPN settings on both ends but still the log is showing that range?

Tom Watts · ‎09-17-2012

Jonathan, screen shot would be extremely helpful for both units. Without more information we can't help you. We know what you say it should be but no one knows how everything is set up. Please provide the screenshot how each router is set up so we can help you.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/