12-21-2012 08:31 PM
HI, hopefully someone can assist me before I lose all my hair
I have a Cisco RV220W updated to latest firmware 1.0.4.17. I have been trying to get a VPN setup for the past few days without success. We had a test VPN up and running previously, but when we changed the IP's and secret key to connect the live VPN tunnel it failed and we haven't been able to get it working since.
We have deleted both ends, rebuilt them probably 6 times each. We have changed secret keys, tried 3DES, AES, and AES256 encryptions with SHA-1. All the internal IP settings are correct :IE 192.168.1.1/24 or 192.168.1.1 255.255.255.0
External IP's are right, only oddball thing here is one of the external IP's is assigned by DHCP and is a /22 although the previous tunnel worked with the same ISP.
Reboots make no difference.
Other end of the connection checked their logs and says they don't even see a connection attempt from our IP.
Here are the logs I see when I test our connection (which says successful by the way), we can ping the peer external IP successfully.
NOTE: xxx.xxx.xxx.xxx is the peer IP, yy.yy.yyy.yyy is my external IP
2012-12-21 20:35:48: [rv220w][IKE] INFO: accept a request to establish IKE-SA: xxx.xxx.xxx.xxx
2012-12-21 20:35:48: [rv220w][IKE] INFO: Configuration found for xxx.xxx.xxx.xxx.
2012-12-21 20:35:48: [rv220w][IKE] INFO: Initiating new phase 1 negotiation: yy.yy.yyy.yyy[500]<=>xxx.xxx.xxx.xxx[500]
2012-12-21 20:35:48: [rv220w][IKE] INFO: Beginning Identity Protection mode.
2012-12-21 20:35:48: [rv220w][IKE] INFO: [ident_i1send:180]: XXX: NUMNATTVENDORIDS: 3
2012-12-21 20:35:48: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 4
2012-12-21 20:35:48: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 8
2012-12-21 20:35:48: [rv220w][IKE] INFO: [ident_i1send:184]: XXX: setting vendorid: 9
2012-12-21 20:36:19: [rv220w][IKE] ERROR: Invalid SA protocol type: 0
2012-12-21 20:36:19: [rv220w][IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1.
ESP xxx.xxx.xxx.xxx->yy.yy.yyy.yyy
2012-12-21 20:36:48: [rv220w][IKE] ERROR: Phase 1 negotiation failed due to time up for xxx.xxx.xxx.xxx[500]. 220debd6ec536edd:0000000000000000
Peer Setting info:
Our info on their end:
Peer IP: | yy.yy.yyy.yyy |
Peer Gateway: | yy.yy.yyy.1 |
Peer Subnet Mask: | 255.255.252.0 |
Encryption Protocol: | AES-256 |
Shared Secret: | matches |
MTU: | 1500 - matches |
Any help would be appreciated.
Wayne
12-24-2012 01:27 PM
1)check that Local LAN (Local Network) IP Address number shows actually a NET address and not a host address, if it is a 192.168.1.1 /24 then, the value should be 192.168.1.0
2)make sure that 'Block WAN Request' is disable
3)disable PFS
4)delete the VPN configuration and re-do it againg and reboot te router to make sure that old configuration has been deleted.
5)Check Firewall settings "depending on the operating system"
6)Try to create another VPN to a different location from the one giving the issues to make sure the issue is not related to this specific location
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: