Gateway to Gateway VPN Issue

jirvin6878 · ‎07-12-2011

I have a Cisco RV042 installed at our main office. This router is connected to a Netgear GS108 unmanaged switch. There are two PCs and a networked laser printer connected to the Netgear switch.

At a satellite office I have installed a Cisco RVS4000, which is connected to a Linksys router configured as an wireless access point and there are two PCs and an IP phone connected directly to the RV042.

Between these two sites I created a Gateway to Gateway VPN tunnel.

Here's the curious part: the VPN works fine in connecting the IP phone to our internal PBX, and I can also PCAnywhere to a computer on the remote network; however, I cannot connect from either of the PCs at the main site to the RVS4000 router or to the two cameras we have connected to the network at the remote site. They all use port 80, but I don't think this is a problem as I explain below.

It gets even more curious since I can ping all of these devices from the two PCs at the main site with no problem, and the cameras actually respond to my request for a log in--but they just hang after I enter my credentials. The RVS4000 will not even bring up a prompt for credentials when I try to hit the router over the VPN. (I can also get to the RVS4000 if I use the external static IP address over port 8080. It works great!)

In addition, I have a second RVS4000 at a another remote site and have no problem connecting to it over a second tunnel, and I can do this from either PC on the network at the main office.

Okay, now here is a further twist. If I PPTP into the RV042 from the internet (from home on my personal network) I can get to both the remote router (RVS4000) and both cameras.

So, I think we have eliminated the following possibilities:

1) Lack of bandwidth should not be a problem since when I dial into the router from an outside site I can get to the router and the cameras.

2) Port issues should not be a problem since over the gateway to gateway VPN the RVS4000 and the two cameras should use port 80, and when I dial into the router there is no problem connecting over these ports.

3) I don't see how this can be a security issue since I can hit the RVS4000 over the second VPN tunnel and while using either of the PCs connected to the RV042 at the main office.

The only other issue that I can think of is that I have given both of the PCs on the main network static IPs and I have created One-to-One NAT entries between these machines and two external IPs, which work fine. Again, PCAnywhere seems to be no problem, even over the VPN since I can establish a remote PCAnywhere session from the remote site to the main office using the internal IP of either machine on the main network, which both are running the PCAnywhere host.

So, I am totally stumped at this point. Can you suggest anything else to check?

Thanks.

jirvin6878 · ‎07-12-2011

Okay. Here's another wrinkle. From one of the machines on the main network I established a PPTP connection to the router using an internal address. Now I can get to the the remote router and the cameras; however, I also can now not get to that particular machine using a PCAnywhere session unless I use an internal address. The One To One NAT external address I assigned the machine just hangs when I try to make a connection.

There is clearly something going on here with NAT and the use of the One to One NAT assignment.

Still stumped.

praprama · ‎07-25-2011

Hi Jeff,

Since this questions is to do with Cisco's Small business family of routers, you might get a better resposne if you post you query here:

https://supportforums.cisco.com/community/netpro/small-business

Regards,

Prapanch