RV082 Gateway-Gateway VPN Won’t Connect

cisco-vpnipsecsite-to-site-vpnvpn

I have two RV082's (firmware 2.0.0.7) both with public static IPs. I'm attempting to setup a gateway-gateway vpn between them.

My configuration:

Router A:

Local Security Gateway Type: IP Only
IP Address: 12...*
Local Security Group Type: Subnet
IP Address 192.168.3.0
Subnet Mask: 255.255.255.0

Remote Security Gateway Type: IP Only
IP Address: 70...*
Remote Security Group Type: Subnet
IP Address 192.168.1.0
Subnet Mask: 255.255.255.0

Keying Mode: IKE with Preshared key
Phase1 DH Group: Group 1
Phase1 Encryption: DES
Phase1 Authentication: MD5
Phase1 SA Life Time: 28800
Perfect Forward Secrecy: Enabled
Phase2 DH Group: Group 1
Phase2 Encryption: DES
Phase2 Authentication: MD5
Phase2 SA Life Time: 3600

Aggressive Mode: Enabled
Dead Peer Detection (DPD): Enabled

Router B:

Local Security Gateway Type: IP Only
IP Address: 70...*
Local Security Group Type: Subnet
IP Address 192.168.1.0
Subnet Mask: 255.255.255.0

Remote Security Gateway Type: IP Only
IP Address: 12...*
Remote Security Group Type: Subnet
IP Address 192.168.3.0
Subnet Mask: 255.255.255.0

Keying Mode: IKE with Preshared key
Phase1 DH Group: Group 1
Phase1 Encryption: DES
Phase1 Authentication: MD5
Phase1 SA Life Time: 28800
Perfect Forward Secrecy: Enabled
Phase2 DH Group: Group 1
Phase2 Encryption: DES
Phase2 Authentication: MD5
Phase2 SA Life Time: 3600

Aggressive Mode: Enabled
Dead Peer Detection (DPD): Enabled

When I try to connect the tunnel, the log shows:

..[Tunnel Negotiation Info] >>> Initiator Send Aggressive Mode 1st packet
..initiating Aggressive Mode #1814, connection "ips0"
..STATE_AGGR_I1: initiate
..Received Vendor ID payload Type = [Dead Peer Detection]
..[Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 1st packet
..Initial Aggressive Mode message from 12...* but no (wildcard) connection has been configured

When I disable aggressive mode I get:

..Initiating Main Mode
..[Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
..Received Vendor ID payload Type = [Dead Peer Detection]
..[Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
..(NATT)Initial Main Mode message received on 70...*:500 but no connection has been authorized. Please check your tunnel endpoint (gateway) setting
..Dynamic VPN client in Main Mode is only supported for Microsoft VPN client, please use Aggressive mode instead.

Any suggestions on what's wrong with my configuration? Both routers are directly connected to their respective modems.

Best Answer

I have a site to site VPN beween two rv082's also. Checking my settings they show on both sides:

Local Security Gateway Type: IP Only
IP Address: external address
Local Security Group Type: Subnet
IP Address 192.168.188.0
Subnet Mask: 255.255.255.0

Remote Security Gateway Type: IP Only
IP Address: external address
Remote Security Group Type: Subnet
IP Address 192.168.166.0
Subnet Mask: 255.255.255.0

Keying Mode: IKE with Preshared key
Phase1 DH Group: Group 1
Phase1 Encryption: DES
Phase1 Authentication: MD5
Phase1 SA Life Time: 28800
Perfect Forward Secrecy: Enabled
Phase2 DH Group: Group 1
Phase2 Encryption: DES
Phase2 Authentication: MD5
Phase2 SA Life Time: 3600

Aggressive Mode: Disabled
Dead Peer Detection (DPD): Enabled

The only difference I see is agressive mode, but you tried that. Obviously you have a matching preshared key. Interface is WAN1 on both. So you don't have anything glaring - but maybe disable aggressive mode. I also remember having to delete and recreate them a few times to get it connected. Have you tried that?

Related Topic