Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2440
Views
0
Helpful
3
Replies

RV180 multiple tunnels to the same endpoint

Marshall Kennard
Level 1
Level 1

‎11-11-2012 02:51 PM

I purchased the RV180 to replace a dead Linksys BEFVP41 to connect a home office to HQ.  The Linksys was configured with three IPSEC tunnels to connect to three different subnets all through the main HQ gateway.  Note that each tunnel is independent with its own pre-shared key.  I can configure the same tunnels on the RV180, and each one works correctly, but I can only get one to run at a time.  I have to disable the other two.  Enabling a second tunnel results in the No phase2 handle found error.  I could not use the Basic VPN setup as it complains that the remote endpoint is already in use.  I had to use the Advanced VPN Setup to create the IKE and IPSEC policies.  In a different discussion (https://supportforums.cisco.com/message/3726492#3726492) Tom said that it was possible.  What am I doing wrong?

Marshall

Labels:
0 Helpful
3 Replies 3

Tom Watts
VIP Alumni
VIP Alumni

‎11-14-2012 08:53 PM

Hi Marshall, we spoke earlier today on the phone and set up some test tunnels between a couple RV180 routers. Site A consisted of 2 subnets 192.168.3.1 255.255.255.248 and 192.168.2.1 255.255.255.248. Site B, which was your remote side has a 192.168.110.0 255.255.255.0. We had created 2 separate IKE and IPSEC policies and both tunnels establish simultaneous.

One particular note about remote end point in use, is because the IKE policy must be specified per tunnel and one IKE policy cannot be mapped to multiple VPN policies. The router should support 10 concurrent tunnels without problems. I hope our conversation has resolved the problem as we had 2 working tunnels.

Please feel free to email me any time.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

Francis LAPORTE
Level 1
Level 1

‎11-15-2012 03:41 AM

I do that easely (3 tunnels)
Between cisco rv 180 and netopia router
I am bases in France and you can call me at thé following number.
+33149106860
Please ask for Francis
I can help you


Sent from Cisco Technical Support Android App

0 Helpful

Marshall Kennard
Level 1
Level 1

‎12-03-2012 10:18 AM

After a lot of troubleshooting and reviewing the logs, I found the likely cause...and no solution.

The HQ gateway is a Linksys BEFVP41, the same as all the remotes.

When a Linksys remote establishes the first tunnel, it goes through Phase 1 to establish a ISAKMP SA and then proceeds to Phase 2 to establish the ESP tunnel.  When the same Linksys remote establishes the second tunnel it goes through the same steps: Phase 1 and Phase 2.

The RV180 establishes the first tunnel in exactly the same way, but when it tries to establish the second tunnel, it skips the Phase 1 step and uses the existing Tunnel 1 ISAKMP SA to try to establish the second tunnel.  The Linksys does not like this, as it associates the ISAKMP SA with Tunnel 1 only, and complains of a mismatch of local and remote subnets.

Note that the RV180 has separate IKE policies for each tunnel, each with a different preshared key, but it does not use the IKE policy associated with the second tunnel.  The testing between two RV180s worked, so apparently the RV180 allows a second Phase 2 tunnel to be created using the first tunnel's Phase 1 SA.

Unless someone can tell me how to force the RV180 to start the second tunnel at Phase 1, there is no way that this will work to establish multiple tunnels to the Linksys gateway.

0 Helpful
Customers Also Viewed These Support Documents