Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1787
Views
25
Helpful
12
Replies

Cisco RV180W VPN Router Ping issue

tekservices.inc
Level 1
Level 1

‎03-17-2013 12:25 AM

Hello,

Hopefully someone can help me, because I've been fiddling around with this for the last 3 days and no progress.

I'm setting up 2 sites for a customer of mine, a Main office and a branch office with a single active directory domain and an RODC on the other end (Branch Office)

I installed a Cisco RV180W on each end of the locations and established a working successful IPsec connection between both public IP's. It states it in the "IPsec connection status" section in the router settings.

At the main office, the internet connection is DSL from Bell Canada and the modem is DMZ'd to the Cisco Router and at the branch office, there's a Cable Internet connection from Rogers connected directly to the same model router.

I setup 2 different subnets, at the main office is the 192.168.0.1 and the branch office is 192.168.1.1

Also, I disabled all firewalls in Windows Server for the sake of testing it out to allow ICMP traffic and also created exemptions on the Cisco Routers for inbound and outbound ICMP (Type-8) traffic.

Now, I cannot ping the remote location whatsover from both locations. I tried traceroute and the traffic fails right after it gets to the local ISP IP address.

I would appreciate any feedback or help I can get

Thanks

Labels:
0 Helpful
12 Replies 12

Javier Portuguez
Level 9
Level 9

‎03-17-2013 05:53 PM

Hi Ali,

If you check the stats for this IPsec tunnel on the Routers do the TX and RX value increase in time?

What if you run Wireshar on the servers, any ICMP packets from the remote end?

Can you ping from Router to Router (inside interface)? Or from the server to the inside IP of the remote Router?

HTH.

Portu.

0 Helpful

tekservices.inc
Level 1
Level 1
In response to Javier Portuguez

‎03-17-2013 08:10 PM

Hey Javier,

Generally speaking, yes, I am seeing increased TX and RX values. I haven't ran wireshark, so I'm not sure

As far as ping, I cannot ping the gateway from either end to the remote host. I'm trying from Server to Gateway Router, and no response.

Anything I can do?

Thanks

Javier Portuguez
Level 9
Level 9
In response to tekservices.inc

‎03-17-2013 08:42 PM

Ali,

I am sorry, your post is not clear to me.

Can the servers ping the default-gateway?

Is it possible to ping from Router to Router (internal interface) to isolate any routing issue?

Thanks.

0 Helpful

tekservices.inc
Level 1
Level 1

‎03-17-2013 08:48 PM

Hello,

Unfortunately I cannot ping from router to router. The server can only ping its own gateway, not the remote gateway.

Sent from Cisco Technical Support iPhone App

0 Helpful

Javier Portuguez
Level 9
Level 9
In response to tekservices.inc

‎03-17-2013 09:08 PM

Ali,

At this point I recommend double-checking the VPN, ACL's and routing settings of the Routers. Reload the units if possible and test the VPN connection.

Also, take a look at the number of TX and RX on each site, there is chance that even the ISP is blocking the packets.

0 Helpful

tekservices.inc
Level 1
Level 1

‎03-17-2013 10:55 PM

Possibly. Initially I didn't configure anything with the routing table though, did I have to create static routes on each end? Maybe that's why I can't ping. The only thing I did was setup the VPN connection and established a connection. As you can see, this is the first time I physically set up a site to site VPN and try to get a network going remotely.

Would appreciate help if there was any other configuration that was supposed to take place initially to get the connection up

Thanks


Sent from Cisco Technical Support iPhone App

Javier Portuguez
Level 9
Level 9
In response to tekservices.inc

‎03-17-2013 11:29 PM

Hi Ali,

Please check this out:

Configuring VPN and Security - Chapter 5

HTH.

Don't forget to rate helpful posts

0 Helpful

tekservices.inc
Level 1
Level 1

‎03-17-2013 11:37 PM

Hey Javier

I already went through this manual and read it word for word, that's how I got the VPN setup initially. My issue now is 'what's next?' I have an established VPN technically as the routers state...but I can't ping or access any resources from either end.

My question is, is there any other configuration to do? Do I have to manually add any static routes in the routing table? Do I need to add NAT rules? Enable or open any ports on the router firewall itself?

I know I'm missing something

Thanks for all your help so far though, I'm grateful

Sent from Cisco Technical Support iPhone App

Javier Portuguez
Level 9
Level 9
In response to tekservices.inc

‎03-18-2013 07:00 AM

Ali,

At this point, it would be hard to tell you what the issue is, since you have checked pretty much everything:

1- Each Router has a default route pointing to the Internet.

2- There is no ACL or similar dropping the traffic.

3- There is not a NAT rule which may affect this connection.

4- The tunnel seems to be, you even see encaps and decaps.

5- You have checked the configuration guide and your tunnel seems to properly set up.

6- A packet-capture on the each server to check ICMP connectivity, is not possible at the present time.

At this point, if you considered that everything is OK, then I would recommend to open a case with the Small Business team.

HTH.

Portu.

tekservices.inc
Level 1
Level 1

‎03-18-2013 09:47 PM

Hey buddy,

I actually resolved the issue and was able to ping properly.

I had to manually add a static route to the routing table on the branch office router to point to the second subnet and voila, all worked fine

Just working on setting up my read only domain controller now.

Thanks for your help, really appreciate it

Sent from Cisco Technical Support iPhone App

Javier Portuguez
Level 9
Level 9
In response to tekservices.inc

‎03-18-2013 09:56 PM

Great job! Feel proud of it man!! It was not easy at all, I give you more than five starts!!

Keep it up

Please rate any helpful posts and mark this post as answered

0 Helpful

tekservices.inc
Level 1
Level 1
In response to Javier Portuguez

‎04-03-2013 10:35 PM

Hello again,

I was having issues with my VPN Tunnel as i figured out that I could only ping from one side and not from the both as suggested earlier.

So to try to solve the problem, I updated both routers to the latest firmwares 1.0.2.6 and reset them to factory default.

I configured the VPNs site-to-site once again with identical settings, i was able to get an "IPsec SA Established" on both ends, but now I cannot ping from either side. I don't see any packet exchange on both ends, the RX and TX are at 0, even after 30 minutes of continuous connection.

The way I set it up is with 2 different subnets. My first router (Main) has a 192.168.0.1 Gateway and the second (Branch) has a 192.168.1.1 Gateway

This is how I set up my VPNs on both ends Main and Branch Locations:

Main:

Branch:

Also, the IKE policies are identical.

I'm very lost and honestly fed up with this setup, I'm not sure what else I can do to fix it

I can also provide you with images of my Routing tables to see if that has to do with it. BTW, I added static routes for both subnets on both tables, but no luck.

If anyone can help, Thanks in advance

0 Helpful
Customers Also Viewed These Support Documents