Setup of RVS4000 & WRVS4400N VPN not working

vaftech1979 · ‎11-27-2010

Hi all

This is my first Cisco forum post, and my first attempt at a VPN between two Cisco routers. I have setup a RVS4000 router in one location and WRVS in another and I can't get them to setup a VPN.

I have used the VPN setup wizard and get "Make sure the two Routers work normally. Then try it again" when trying to setup Step 1 of 3 via internet remotely. It scans and finds each router properly (It couldn't the first time as I didn't set DMZ) Both ends are able to be pinged, and I have set both routers as DMZ on the modem they connect to. I have search for troubleshooting of this error, but get nothing. Both routers work "normally" as internet and network access is fine at each location. Image of error is attached (I have moved the diag box down so you can see my settings)

I have tried to setup manually, but still no luck. Settings I am using are:

Location 1 (WRVS4400N at 203.45.185.134 )

System Information
Firmware Version:    V2.0.0.8-ETSI
CPU:    STAR 9202
System up time:    6 days, 14:46:29
DRAM:    64MB
FLASH :    16MB
Port Statistics
Network Setting Status
LAN IP:    192.168.1.1
WAN IP:    10.0.0.2
Mode:    Gateway
DMZ:    Off
DNS1:    10.0.0.1
DNS2:
DDNS:    Off

Firewall Setting Status
DoS (Denial of Service):    Off
Block WAN Request:    Off
Remote Management:    On
IPSec VPN Setting Status
IPSec VPN Summary:
Tunnel(s) Used:    1
Tunnel(s) Available:    4

And VPN info is

Local Group Setup
Local Security Gateway Type:    IP Only
IP address:    10.0.0.2
Local Security Group Type: Subnet
IP Address:     192.168.1.0
Subnet Mask:    255.255.255.0

Remote Group Setup
Remote Security Gateway Type: IP Only

IP Adress 165.228.99.184
Remote Security Group Type: Subnet
IP Address: 192.168.2.0
Subnet Mask: 255.255.255.0

IPSec Setup (same for both)

Location 2 (RVS4400 at 165.228.99.184)

System Information

Firmware Version: V1.3.2.0

CPU: STAR 9202

System up time: 1 day, 01:23:07

DRAM: 64MB

FLASH : 8MB

Port Statistics

Network Setting Status

LAN IP: 192.168.2.1

WAN IP: 10.0.1.2

Mode: Gateway

DMZ: Off

DNS1: 8.8.8.8

DNS2: 8.8.4.4

DDNS: Off

Firewall Setting Status

DoS (Denial of Service): Off

Block WAN Request: Off

Remote Management: On

IPSec VPN Setting Status

IPSec VPN Summary:

Tunnel(s) Used: 1

Tunnel(s) Available: 4

And VPN info is

Local Group Setup
Local Security Gateway Type:    IP Only
IP address:    10.0.1.2
Local Security Group Type: Subnet
IP Address:     192.168.2.0
Subnet Mask:    255.255.255.0

Remote Group Setup
Remote Security Gateway Type: IP Only

IP Adress 203.45.185.134
Remote Security Group Type: Subnet
IP Address: 192.168.1.0
Subnet Mask: 255.255.255.0

IPSec Setup (same for both)

I can't figure out what I have done wrong, or why the VPN wizard wont work,

Please help, or advise on best course of action. Let me know if you need aditional info.

Thanks

Joe Genshlea · ‎11-27-2010

First off, I can't be too much help, except that I am attempting the EXACT same thing this weekend. Same model numbers, same objective. If I get the VPN tunnel up, I will let you know.

Just FYI, who is your ISP? My problem is that the RVS4000 is sitting behind a Comcast device SMC8014, so I have a second challenge ( how to pass requests through the Comcast device to the router).

If you figure it out, could you please post a follow up?

Thanks

Joe Genshlea · ‎11-28-2010

Okay, I have the two same models as you do and got the VPN established, so you'll be relieved that it can be done! Before I go much further I must disclose that I am not a very knowledgable network guy, I know how to figure things out, but usually it's through trial and error.

The first thing i did was to use a numeric pass phrase, the first one I used had a bunch of special characters, so I simplified it a little.

I named the IPSec tunnel the same on both sides.

I'm sure you've verified that both routers remote administration works from the opposite location?

The only thing that catches my eye after looking at your configs is the WAN IP address....looks like a class C LAN IP address. My WAN IP addresses were provided by my ISP. I suppose that your WAN IP addresses will work if they are reachable from the outside world. I suspect those WAN IPs are not correct. Here is a screen shot of my settings. I hope it helps you out a little.

vaftech1979 · ‎11-29-2010

Hmmm

My WAN IP is the Cisco routers IP on the Modem/Router. The Modem is 10.0.0.1, and the Cisco router is 10.0.0.2 (modem connects to cisco via Internet port).

I have tried changing the WAN setings on the Cisco to the WAN details provided by my ISP, but I only get internet connection with the WAN IP settings as Automatic-DHCP (which gives 10.0.0.2 / 255.255.255.0 / 10.0.0.1)

How do I change the WAN IP settings (which are the default/unchangeable local IP in VPN settings)? I have set the modem/router to DMZ to 10.0.0.2 (the cisco router) and even tried turning off DHCP on modem/router but still can't connect using Static IP settings provided by ISP (which I have verified are correct)

Thanks

charlesg7 · ‎12-16-2010

Be sure to flash your second router ... And be sure they are both using the most current Firmware version ....