IPSec Site-to-Site VPN w/ RV220W Pair Troubleshooting Request

scorpio0679 · ‎08-05-2012

Hello,

I have a pair of RV220W routers acting as gateway, at the main office location and at my home office. The business is running Microsoft SBS 2011 Standard with shared folders, intranet, etc. I have followed the instructions to set up an IPSec tunnel connecting the two locations. The tunnel connected and for a time (several months) worked almost as intended, granting my home office desktop access to the domain as if connected directly. Note I said almost as intended because computers connected to the home wireless could not access network resources without connecting via PPTP protocol to the SBS server. I do not know why that was the case.

Well, I recently had some work done on the network which required resetting and reconfiguring the routers. The VPN tunnel is now broken and I cannot seem to figure out how to get it back online. I configured the appliances with the built-in "basic" VPN setup settings as this really should be all that is necessary. The home office subnet is 192.168.0.0 and 255.255.255.0 and the main office is 192.168.1.0 and 255.255.255.0. I have a static IP addresses at each site, with the SBS server occupying a separate static IP address by way of a One-to-One NAT configuration.

Under the "IPsec Connection Status" option, both sides of the VPN indicate "IPsec SA Established". So it should be good to go, right? The only problem is that it isn't. Network resources are not discoverable and are unavailable. All pings time out. There just doesn't seem to be any connectivity between the two LANs, although it does appear that there is data that travels across the VPN as indicated by the SA table.

This is a problem for me because I have plans to spin up additional connections and have already ordered an additional RV220W for this purpose for a new remote user. Any advice / help would be fantastic!

Thanks!

UPDATE: I don't know if this "solved" the issue, but I've regained access by installing certificates on both routers issued by the SBS domain CA as well as on the computer which is running on the home office network, followed by reboot of all appliances and machines (except server). Actually, I can't necessarily say that is the cause but it is the only thing I've done since I posted this question.

UPDATE: Solved; see below.

Message was edited by: Adam Sudbury

scorpio0679 · ‎08-23-2012

The problem is not resolved; anybody have any answers?

scorpio0679 · ‎09-10-2012

Alright, so after a couple of weeks of tinkering, reading stuff, and web searching on many different topics, I finally got the solution. So I'm going to post this just in case anyone else runs into a similar problem.

The problem I was experiencing didn't have anything to do with the IPSec SA. The SA was establishing correctly, but the main site network was unreachable by anything on the home office network. So apparently, this was a DNS problem. In the Networking>LAN (Local Network)>IPv4 LAN (Local Network) settings (on the left sidebar of the Cisco RV220W), I entered a different Domain Name from the main site, checked the DNS Proxy to Enable and entered the IP address of the main site DNS server, and voila! Like magic, all devices began seeing the home office network "as" the main site domain network.

Note that none of the computers on the home office network could "see" the domain network until DNS Proxy was enabled AND the home office gateway router was pointed at the internal IP address of the main site DNS server.

Hope this helps anyone else who might be looking for solutions!