cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
662
Views
0
Helpful
2
Replies

Site-toSite VPN from RV110W to RV130W

epicolo
Level 3
Level 3

Hi, we are trying to configure a VPN IPSEC (site-to-site) between RV110W and RV130W. They both are running the latest FW version.

The RV130W have fixed public IP (the concetrator)

The RV110W MUST work behind NAT (it will be connected to a standard DSL/cable modem) and have DHCP client at WAN interface.

*It is using DDNS.

We had some unsuccessful tests, always indicating "IPSec SA Not Established" at RV110W and not_connected at RV130W side.

Any tip regarding what to configure at RV130W as Remote Identifier (since the RV110W is using dynamic IP at WAN interface)?

Thanks

2 Replies 2

epicolo
Level 3
Level 3

After a lot of tests, this is what we got at RV130 log:

1    2016-04-17 12:45:56 AM    warning    pluto[7648]: "VPN_from_RV110W": deleting connection    
2    2016-04-17 12:45:55 AM    warning    pluto[7648]: "VPN_from_RV110W" #3: deleting state (STATE_MAIN_I1)    
3    2016-04-17 12:45:55 AM    warning    pluto[7648]: "VPN_from_RV110W": terminating SAs using this connection    
4    2016-04-17 12:45:52 AM    warning    pluto[7648]: "VPN_from_RV110W" #3: initiating Main Mode    
5    2016-04-17 12:45:50 AM    warning    pluto[7648]: added connection description "VPN_from_RV110W"    
6    2016-04-17 12:45:49 AM    warning    pluto[7648]: "VPN_from_RV110W": deleting connection    
7    2016-04-17 12:45:48 AM    warning    pluto[7648]: packet from X.X.X.X: initial Main Mode message received on A.B.C.D:500 but no connection has been authorized with policy=PSK    
8    2016-04-17 12:45:48 AM    warning    pluto[7648]: packet from X.X.X.X: received Vendor ID payload [Dead Peer Detection]    
9    2016-04-17 12:45:48 AM    warning    pluto[7648]: packet from X.X.X.X:41: ignoring unknown Vendor ID payload [4f457e717f6b5a4e727d576b]    
10    2016-04-17 12:45:48 AM    warning    pluto[7648]: "VPN_from_RV110W" #2: deleting state (STATE_MAIN_I1)    
11    2016-04-17 12:45:48 AM    warning    pluto[7648]: "VPN_from_RV110W": terminating SAs using this connection    
12    2016-04-17 12:45:45 AM    warning    pluto[7648]: "VPN_from_RV110W" #2: initiating Main Mode    
13    2016-04-17 12:45:43 AM    warning    pluto[7648]: added connection description "VPN_from_RV110W"

Any ideas?

Well, I opened a Cisco SR at TAC and the engineer said that it is not possible to use the RV110W behind NAT because it do not Support NAT-Traversal. She suggested to try to configure the DSL Modem in bridge mode to have the public IP direclty at WAN interface and send the feedback to the case.

After this, I did some more tests and log verifications and after to configure the RV110W with fixed  fixed IP (local address for DSL modem. eg: 192.168.1.10) and put this IP as RemoteID at RV130W side, the tunnel was up. No other configuration at DSL was needed. The only concern is that the Public IP used by the DSL connection must be know, to configure at RV130W side (The RV130W do not work fine if we point to FQDN and RV110W configure its WAN (local IP in my case) to a Dynamic DNS.

It is now working fine.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: