Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1693
Views
0
Helpful
2
Replies

RV082-RV082 No Connection

joelpotter
Level 1
Level 1

‎04-12-2011 09:11 AM

I have two RV082's (firmware 2.0.0.7) both with public static IPs. I'm attempting to setup a gateway-gateway vpn between them.

My configuration:

Router A:

Local Security Gateway Type: IP Only

IP Address: 12.*.*.*

Local Security Group Type: Subnet

IP Address 192.168.3.0

Subnet Mask: 255.255.255.0

Remote Security Gateway Type: IP Only

IP Address: 70.*.*.*

Remote Security Group Type: Subnet

IP Address 192.168.1.0

Subnet Mask: 255.255.255.0

Keying Mode: IKE with Preshared key

Phase1 DH Group: Group 1

Phase1 Encryption: DES

Phase1 Authentication: MD5

Phase1 SA Life Time: 28800

Perfect Forward Secrecy: Enabled

Phase2 DH Group: Group 1

Phase2 Encryption: DES

Phase2 Authentication: MD5

Phase2 SA Life Time: 3600

Aggressive Mode: Enabled

Dead Peer Detection (DPD): Enabled

Router B:

Local Security Gateway Type: IP Only

IP Address: 70.*.*.*

Local Security Group Type: Subnet

IP Address 192.168.1.0

Subnet Mask: 255.255.255.0

Remote Security Gateway Type: IP Only

IP Address: 12.*.*.*

Remote Security Group Type: Subnet

IP Address 192.168.3.0

Subnet Mask: 255.255.255.0

Keying Mode: IKE with Preshared key

Phase1 DH Group: Group 1

Phase1 Encryption: DES

Phase1 Authentication: MD5

Phase1 SA Life Time: 28800

Perfect Forward Secrecy: Enabled

Phase2 DH Group: Group 1

Phase2 Encryption: DES

Phase2 Authentication: MD5

Phase2 SA Life Time: 3600

Aggressive Mode: Enabled

Dead Peer Detection (DPD): Enabled

-------------

When I try to connect the tunnel, the log shows:

Apr 12 09:18:12 2011    VPN Log   [Tunnel Negotiation Info] >>> Initiator Send Aggressive Mode 1st packet
Apr 12 09:18:12 2011    VPN Log   initiating Aggressive Mode #1814, connection "ips0"
Apr 12 09:18:12 2011    VPN Log   STATE_AGGR_I1: initiate
Apr 12 09:18:25 2011    VPN Log   Received Vendor ID payload Type = [Dead Peer Detection]
Apr 12 09:18:25 2011    VPN Log   [Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 1st packet
Apr 12 09:18:25 2011    VPN Log   Initial Aggressive Mode message from 12.*.*.* but no (wildcard) connection has been configured

When I disable aggressive mode I get:

Apr 12 09:08:34 2011    VPN Log   Initiating Main Mode
Apr 12 09:08:34 2011    VPN Log   [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
Apr 12 09:08:34 2011    VPN Log   Received Vendor ID payload Type = [Dead Peer Detection]
Apr 12 09:08:34 2011    VPN Log   [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
Apr 12 09:08:34 2011    VPN Log   (NATT)Initial Main Mode message received on 70.*.*.*:500 but no connection has been authorized. Please check your tunnel endpoint (gateway) setting
Apr 12 09:08:34 2011    VPN Log   Dynamic VPN client in Main Mode is only supported for Microsoft VPN client, please use Aggressive mode instead.

Any suggestions on what's wrong with my configuration? Both routers are directly connected to their respective modems.

Labels:
0 Helpful
2 Replies 2

joelpotter
Level 1
Level 1

‎04-12-2011 09:14 AM

There are some errors in that form copy paste:

Perfect Forward Secrecy IS enabled on both

Phase 2 Encryption => DES on both

Phase 2 Authentication => MD5 on both

0 Helpful

joelpotter
Level 1
Level 1
In response to joelpotter

‎04-12-2011 04:16 PM

http://serverfault.com/questions/258961/rv082-gateway-gateway-vpn-wont-connect

So much more useful than this site...

In short. Delete the tunnels... recreate them.

0 Helpful
Customers Also Viewed These Support Documents