RVS4000 VPN config problem

mguo · ‎06-16-2011

Hi there,

I'm trying to setup a VPN tunnel between a Cisco RVS4000 on our side and a Cisco ASA5520, to connect a machine on our local network to a test server on the target side.

We have all the settings setup correctly and the tunnel is up and running, however, our local machine can't connect/ping to their server. I've tried a trace route both from the machine and from the RVS4000 itself, and they both get stuck after getting past 192.168.1.1. Is there any routing or NAT-ing that I need to do on our router? Or is there a problem somewhere else?

Thanks

Mike

David Carr · ‎06-17-2011

Michael,

With the tunnel connected can you access any thing else on the remote side from the rvs4000 side?

Typically with the rvs4000 when its connected you get the whole lan on the other side.

The server that your accessing is it in the remote local lan settings on the rvs4000 or is it on another subnet behind the asa different than the remote local lan settings in the rvs4000?

mguo · ‎06-17-2011

Thanks for your help David,

We can't access anything else on the remote side from our side either.

The target machine is in the same subnet as the remote local lan settings in the RVS4000.

Thanks

Mike

mpyhala · ‎06-17-2011

Michael,

Change the LAN IP of the RVS4000 to 192.168.2.1 and this should resolve the issue. When both routers are on the same subnet the RVS4000 will keep all traffic destined for 192.168.1.x local instead of passing it through the tunnel.

Please let us know if this resolves the issue or if you need further assistance.

mguo · ‎06-20-2011

Sorry but I think there's been a little confusion due to my previous reply. The VPN tunnel is not between 2 local routers but over an internet connection. When I stated that "The target machine is in the same subnet as the remote local lan settings in the RVS4000." I meant that under the IPSec VPN settings, our "Remote Group Setup" settings are:

"Remote Security Group Type: Subnet

IP Address: BBB.BBB.BBB.001

Subnet Mask: 255.255.255.CCC"

While the target server that we want to connect to is BBB.BBB.BBB.002 etc.

That said, we did try to move our local machine to a different VLAN than the rest of the machines on the network.

It's IP is now 192.168.3.100, whereas all of our other machines are 192.168.1.x. However, I still can't seem to ping/traceroute to the target machine. Once the VPN tunnel is setup, does the router automatically redirect all traffic going in the BBB.BBB.BBB.x through the tunnel?

Thanks

Mike

mguo · ‎06-21-2011

My main concern is that the router doesn't know which local traffic to route through the VPN tunnel itself, and thus everything is getting stuck at the router. Is this done automatically once the tunnel is setup, or do I need to setup some specific routing scheme in the router?

Thanks

Mike

kwanm63my · ‎03-07-2012

Michael, were you ever able to fix your issue ? Also can you be so kind as to send a snapshot of your RVS4000 vpn configuration. I'm trying to connect to a ASA5510 that has configuration that support a software remote vpn client. I'm trying to use the 4000 to try to connect the same way but am failing miserably. i can't even get the tunnel up...

Glenn Santa Cruz · ‎02-20-2013

Hopefully this thread is not too old for resurrection - I too am trying to get an RVS4000 to establish a site-to-site VPN with an ASA 5520, and I've not had any luck in finding a repeatable configuration that works properly. Could anyone please share configuration settings from both the ASA and the RVS? I realize that settings will need to be in agreement on both sides of the tunnel, but I'm just looking for a very simple configuration to make sure that this at least works.