Solved: Re: VPN connection between Cisco RV215W and Cisco RV325 routers

HaRRison · ‎08-25-2021

Hello everyone!

Dear community, I ask for your help in solving my problem.

I have 2 routers: "Cisco RV215W Wireless-N VPN Firewall" and "Cisco RV325 Gigabit Dual WAN VPN Router".

Required scheme: from the "192.168.154.0/24" network (on the first router RV215W) all traffic towards the "82.193.96.0/24", "82.193.97.0/24" and "82.193.98.0/24" networks should not go directly through the provider of the first router, but through the VPN tunnel and go through the second router RV325 ("192.168.54.0/24" network).

The crux of the problem: A VPN connection is established between the two routers (referred to as "IPSec SA Established"), but there is no access from one router to the other. ICMP Ping does not pass from the first router to the second or from the second router to the first.

Both routers have a dedicated static IP address, which is issued by the provider via DHCP.

Please help me solve the problem!

HaRRison · ‎12-06-2021

I came to the conclusion that the equipment needs to be replaced.
Irrelevant topic, thanks for the help.

View solution in original post

nagrajk1969 · ‎08-31-2021

Hi

Your statement mentions below:

>>>ICMP Ping does not pass from the first router to the second or from the second router to the first.

- and your vpn tunnel policy is to protect traffic between "192.168.154.1 <> 192.168.54.1" - so iam assuming that both these ipaddresses are the ipaddress of the lan-interfaces of RV215 and RV325?

1. So how and from where are you sending the Pings? from a cli-console of RV215/325?

2. If your network deployment is as below:

PC1(192.168.154.2)---154.1/lan[rv215]----internet/ipsec-tunnel----[rv325]54.1/lan-----(192.168.54.2)PC2

Note: ensure that PC1 default-gateway ipaddr is configured as 192.168.154.1 & PC2's default-gw ipaddr is configured as 192.168.54.1

a) then i would suggest that you change the ipsec-vpn policy on both routers to as below:

On RV215:

local-subnet 192.168.154.0 / 255.255.255.0

Remote-subnet: 192.168.54.0/255.255.255.0

On RV325:

local-subnet 192.168.54.0 / 255.255.255.0

Remote-subnet: 192.168.154.0/255.255.255.0

b) and then once the ipsec tunnel is established (or it will get established once you) start sending ping traffic between PC1 and PC2

c) and once the ping traffic between PC1 and PC2 works....you may also try this below:

- from PC1 send ping to 192.168.54.1

and/or

- from PC2 send ping to 192.168.154.1

3. I dont think you have cli-console access on either of the routers, so in that case if you are sending "diagnostic ping traffic" in GUI from either of the routers to the remote-router's lan-ipaddress, and if it is failing, then it means it means its failing for a good reason, becos

a) when you are sending ping "from the router RV215" to say 192.168.54.1 from the GUI...what is happening is that the src-ipaddr of the ping that is generated from RV215 will be 195.x.x.x and NOT 192.168.154.1...and therefore this ping traffic will NOT go thru the ipsec tunnel

b) the same is the case of the ping from GUI of RV325 to 192.168.154.1 (the lan-interface ipaddr of RV215)...it will fail becos the src-ipaddr of this ping traffic will be 85.x.x.x and it will NOT match the configured ipsec-policy and therefore will NOT be sent via the ipsec tunnel that is established

c) Instead if you apply the config as in point-2 above, then i think point-2c "may" work...iam saying "may" becos it depends on what vpn-bypass firewall rules are automatically getting applied on both routers...

- kindly please dont try to add any firewall rules (permits/deny, etc) yourselves to solve this...it wont work

hope this is useful info for you and it solves your present issues

HaRRison · ‎12-06-2021

I came to the conclusion that the equipment needs to be replaced.
Irrelevant topic, thanks for the help.