cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4481
Views
0
Helpful
1
Replies

rv042 to rv042 vpn tunnel configurat​ion problem with two dynamic IP's

steve-mowbray
Level 1
Level 1

I am having trouble with gateway to gateway VPN tunnel connection using two RV042 units

1. at first location: RV042 is the gateway attached to ADSL modem; public internet IP address is dynamic with DDNS enabled

2. at second location: RV042 is behind BT home hub 2 (BTHH2) gateway with dynamic public internet IP address abd DDNS - for now the BTHH2 DMZ is enabled as the RV042 device (if I ever get this working I will revert to port forwarding IPSEC-IKE etc or NAT traversal through the BTHH2)

PPTP server on both RV042 units work so I am guessing that the IP connectivity through the BTHH2 is correct just the tunnel configuration to sort out.

Followed the user manual configuration for two dynamic IP endpoints but it seems that the RV042 behind the BTHH obviously has a different IP than the DNS resolved IP and is causing problems with connection. This from the first location log file result from attempted connection from second location:

Jan 14 15:04:16 2011    VPN Log   Received Vendor ID payload Type = [Dead Peer Detection]
Jan 14 15:04:16 2011    VPN Log   [Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 1st packet
Jan 14 15:04:16 2011    VPN Log   Aggressive mode peer ID is ID_IPV4_ADDR: '192.168.95.139'
Jan 14 15:04:16 2011    VPN Log   No suitable connection for peer '192.168.95.139', Please check Phase 1 ID value
Jan 14 15:04:16 2011    VPN Log   initial Aggressive Mode packet claiming to be from 81.156.xxx.xx on 81.156.xxx.xx but no connection has been authorized,please check peer ID

I have tried all possible security gateway types for the second location (both ends identical) but am missing something important.

Is there some way of making the RV042 behind the BTHH properly identifiable to the other end?

Thanks

Steve

1 Reply 1

steve-mowbray
Level 1
Level 1

Ok resolved now but with some minor concerns. Applied: "Dynamic IP + Domain Name(FQDN) Authentication" to second location (behind BTHH2) RV042 as the selected Security Gateway Type - the tunnel can now be connected from the second location only.

NAT traversal works with only UDP port 4500 forwarded by the BTHH2 to the RV042.

My niggling concern is why the tunnel connection cannot be initiated from the first location - does this mean if both locations were behind NAT firewalls the tunnel could not be initiated. Not a serious problem since this works for my current setup.

Regards

Steve

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: