01-18-2014 12:49 AM
Hello,
I am struggling to get a site to site VPN to work between two cisco routeurs both behind DSL routers. Would really appreciate your help.
Site A:
Public IP: 1.2.3.4 with a DSL routeur (all ports forwarded to 192.168.0.42)
RV042G Wan set to static IP: 192.168.0.42
RV042G LAN set to: 192.168.105.x
Site B:
Public IP: 5.6.7.8 with a DSL routeur (all ports forwarded to 192.168.1.42)
RV110W Wan set to static IP: 192.168.1.42
RV110W LAN set to: 192.168.111.x
When I try to establish a connection, I get the following error on the RV110W:
26 2014-01-18 9:36:53 AM debug pluto[14811]: "naya" #110: sending encrypted notification INVALID_ID_INFORMATION to 1.2.3.4:500
27 2014-01-18 9:36:53 AM debug pluto[14811]: "naya" #110: no suitable connection for peer '192.168.0.42'
28 2014-01-18 9:36:53 AM debug pluto[14811]: "naya" #110: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.42'
29 2014-01-18 9:36:53 AM debug pluto[14811]: "naya" #110: STATE_MAIN_R2: sent MR2, expecting MI3
30 2014-01-18 9:36:53 AM debug pluto[14811]: "naya" #110: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
32 2014-01-18 9:36:53 AM debug pluto[14811]: "naya" #110: STATE_MAIN_R1: sent MR1, expecting MI2
33 2014-01-18 9:36:53 AM debug pluto[14811]: "naya" #110: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
34 2014-01-18 9:36:53 AM debug pluto[14811]: "naya" #110: responding to Main Mode
The problem is both Cisco routers are advertising their WAN IP instead of the real Public internet IP.
Is there a way to force a connection and avoid this ID check? I used to have VPN routers from another manufacturer when it was possible to manually change the ID.
Thank you very much for your help
02-19-2014 08:21 AM
I had the same isue, i think it's a check created by your VPN security, i'd test with other setting and it's working now
02-20-2014 05:25 PM
The cisco rv series work this way for their site-to-site vpn. I've run into the same problem. It uses the IP address as part of the security check, and when it sees a different address, it fails.
I believe that NAT-T (NAT Traversal) is an option on these and checking this box should help. Also, try using aggressive vs main mode.
For me, I used some older Netgear VPN routers that didn't have this limitation and they work fine in your configuration.
Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
02-22-2014 06:37 AM
Hi
I got this working couple of years ago - let me know if you still need a solution and I will write up the steps and post back to you
Regards
Steve
02-24-2014 09:32 AM
I'd love to hear how you got this working. I've got some rv016s where I had to reconfigure the network to use the site-to-site because of the IP issue.
Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
03-29-2014 08:46 AM
hi - not forgotten was going to write up my solution - just have not had a spare moment - I will get round to it soon as i can
steve
04-28-2014 02:43 PM
ironically have had to replace one of the ageing modems in this setup and now can no longer get the tunnel to work so my solution might not have been that informative - after much trial and error I have resorted to asking for some guidance here:
https://supportforums.cisco.com/discussion/12189026/vpn-tunnel-between-rv042s-behind-adsl-modems
05-22-2014 01:53 AM
Thank you for the reply and update. There's no reason a modem should have caused this to stop working since Internet is Internet as far as the rvs are concerned. I'll check out your other thread.
04-28-2014 08:49 PM
Hi,
Do you try to configure "crypto isakamp identity hostname " on both sides?
05-22-2014 01:52 AM
There are no crypto maps or anything like that on the rv series. The rv series is smb and doesn't use IOS.
01-27-2020 10:32 PM
Hi All,
if you are behind NAT routers you need to configure WAN IP and LAN IP for IKE policy. you can set exact WAN IPs configured in RV routers other than public IPs on NAT routers.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide