01-14-2011 09:34 AM
I am having trouble with gateway to gateway VPN tunnel connection using two RV042 units
1. at first location: RV042 is the gateway attached to ADSL modem; public internet IP address is dynamic with DDNS enabled
2. at second location: RV042 is behind BT home hub 2 (BTHH2) gateway with dynamic public internet IP address abd DDNS - for now the BTHH2 DMZ is enabled as the RV042 device (if I ever get this working I will revert to port forwarding IPSEC-IKE etc or NAT traversal through the BTHH2)
PPTP server on both RV042 units work so I am guessing that the IP connectivity through the BTHH2 is correct just the tunnel configuration to sort out.
Followed the user manual configuration for two dynamic IP endpoints but it seems that the RV042 behind the BTHH obviously has a different IP than the DNS resolved IP and is causing problems with connection. This from the first location log file result from attempted connection from second location:
Jan 14 15:04:16 2011 | VPN Log | Received Vendor ID payload Type = [Dead Peer Detection] |
Jan 14 15:04:16 2011 | VPN Log | [Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 1st packet |
Jan 14 15:04:16 2011 | VPN Log | Aggressive mode peer ID is ID_IPV4_ADDR: '192.168.95.139' |
Jan 14 15:04:16 2011 | VPN Log | No suitable connection for peer '192.168.95.139', Please check Phase 1 ID value |
Jan 14 15:04:16 2011 | VPN Log | initial Aggressive Mode packet claiming to be from 81.156.xxx.xx on 81.156.xxx.xx but no connection has been authorized,please check peer ID |
I have tried all possible security gateway types for the second location (both ends identical) but am missing something important.
Is there some way of making the RV042 behind the BTHH properly identifiable to the other end?
Thanks
Steve
01-15-2011 06:42 AM
Ok resolved now but with some minor concerns. Applied: "Dynamic IP + Domain Name(FQDN) Authentication" to second location (behind BTHH2) RV042 as the selected Security Gateway Type - the tunnel can now be connected from the second location only.
NAT traversal works with only UDP port 4500 forwarded by the BTHH2 to the RV042.
My niggling concern is why the tunnel connection cannot be initiated from the first location - does this mean if both locations were behind NAT firewalls the tunnel could not be initiated. Not a serious problem since this works for my current setup.
Regards
Steve
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide