Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2041
Views
0
Helpful
1
Replies

RV220W VPN setup issue

wayne-freeman
Level 1
Level 1

‎12-21-2012 08:31 PM

HI, hopefully someone can assist me before I lose all my hair

I have a Cisco RV220W updated to latest firmware 1.0.4.17. I have been trying to get a VPN setup for the past few days without success. We had a test VPN up and running previously, but when we changed the IP's and secret key to connect the live VPN tunnel it failed and we haven't been able to get it working since.

We have deleted both ends, rebuilt them probably 6 times each. We have changed secret keys, tried 3DES, AES, and AES256 encryptions with SHA-1. All the internal IP settings are correct :IE 192.168.1.1/24 or 192.168.1.1 255.255.255.0

External IP's are right, only oddball thing here is one of the external IP's is assigned by DHCP and is a /22 although the previous tunnel worked with the same ISP.

Reboots make no difference.

Other end of the connection checked their logs and says they don't even see a connection attempt from our IP.

Here are the logs I see when I test our connection (which says successful by the way), we can ping the peer external IP successfully.

NOTE: xxx.xxx.xxx.xxx is the peer IP, yy.yy.yyy.yyy is my external IP

2012-12-21 20:35:48: [rv220w][IKE] INFO:  accept a request to establish IKE-SA: xxx.xxx.xxx.xxx

2012-12-21 20:35:48: [rv220w][IKE] INFO:  Configuration found for xxx.xxx.xxx.xxx.

2012-12-21 20:35:48: [rv220w][IKE] INFO:  Initiating new phase 1 negotiation: yy.yy.yyy.yyy[500]<=>xxx.xxx.xxx.xxx[500]

2012-12-21 20:35:48: [rv220w][IKE] INFO:  Beginning Identity Protection mode.

2012-12-21 20:35:48: [rv220w][IKE] INFO:   [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3

2012-12-21 20:35:48: [rv220w][IKE] INFO:   [ident_i1send:184]: XXX: setting vendorid: 4

2012-12-21 20:35:48: [rv220w][IKE] INFO:   [ident_i1send:184]: XXX: setting vendorid: 8

2012-12-21 20:35:48: [rv220w][IKE] INFO:   [ident_i1send:184]: XXX: setting vendorid: 9

2012-12-21 20:36:19: [rv220w][IKE] ERROR:  Invalid SA protocol type: 0

2012-12-21 20:36:19: [rv220w][IKE] ERROR:  Phase 2 negotiation failed due to time up waiting for phase1.

ESP xxx.xxx.xxx.xxx->yy.yy.yyy.yyy

2012-12-21 20:36:48: [rv220w][IKE] ERROR:  Phase 1 negotiation failed due to time up for xxx.xxx.xxx.xxx[500]. 220debd6ec536edd:0000000000000000

Peer Setting info:

  • Peer IP Address:xxx.xxx.xxx.xxx
  • Peer Subnet: 192.168.200.1/255.255.255.0
  • Encryption Algorithm: AES256
  • Integrity Algorithm: SHA-1
  • Diffie-Hellman Group: DH2
  • Packet Forward Secrecy: Enabled

Our info on their end:

Peer IP:

yy.yy.yyy.yyy

Peer Gateway:yy.yy.yyy.1
Peer Subnet Mask:255.255.252.0
Encryption Protocol:AES-256
Shared Secret:matches
MTU:

1500 - matches

Any help would be appreciated.

Wayne

Labels:
0 Helpful
1 Reply 1

dlatorre
Level 1
Level 1

‎12-24-2012 01:27 PM

1)check that Local LAN (Local Network) IP Address number shows  actually a NET address and not a host address, if it is a 192.168.1.1  /24 then, the value should be 192.168.1.0
2)make sure that 'Block WAN Request' is disable
3)disable PFS
4)delete the VPN configuration and re-do it againg and reboot te router to make sure that old configuration has been deleted.
5)Check Firewall settings "depending on the operating system"

6)Try to create another VPN to a different location from the one  giving the issues to make sure the issue is not related to this specific  location

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents