MegafabTech
asked on
Cisco RV082 VPN Issue - Possibly due to being located in China
We've had a usable, yet fairly unstable connection between our site in the central US to our site in China. However, as of last Tuesday, the VPN connection has been stuck in a "waiting for connection" state and won't come back up.
On our end, we use a cisco asa. This hasn't been a problem beyond initial setup.
It appears that China's routing infrastructure is very unreliable. Possibly due to the overzealous traffic monitoring that takes place.
Example: A China employee tried using the cisco VPN client from home and it kept failing. A tracert from both sides of the network had proven an issue existed somewhere within the China network as the connections were interrupted on that end. She had to call her ISP and I'm uncertain if they resolved her issue.
Similar problem here, perhaps. I am able to run ping tests from the Router itself and it is intermittent. Fails and succeeds.
I've attached a few screenshots to display what I'm seeing. Any insight would be most valuable.
Tracert-from-US-to-China.jpg
Continuous-Ping.jpg
Unstable.jpg
Router---VPN-Screen.jpg
VPN-Log.jpg
On our end, we use a cisco asa. This hasn't been a problem beyond initial setup.
It appears that China's routing infrastructure is very unreliable. Possibly due to the overzealous traffic monitoring that takes place.
Example: A China employee tried using the cisco VPN client from home and it kept failing. A tracert from both sides of the network had proven an issue existed somewhere within the China network as the connections were interrupted on that end. She had to call her ISP and I'm uncertain if they resolved her issue.
Similar problem here, perhaps. I am able to run ping tests from the Router itself and it is intermittent. Fails and succeeds.
I've attached a few screenshots to display what I'm seeing. Any insight would be most valuable.
Tracert-from-US-to-China.jpg
Continuous-Ping.jpg
Unstable.jpg
Router---VPN-Screen.jpg
VPN-Log.jpg
I do not have any insight, because we have no real idea what is going on at the other end.
You can try, in the VPN setup screen for your overseas connection, down in the Advanced Section, changing the setting for NAT Traversal. It is probably unchecked (default). Make a note, try setting it, and test. Any change? Put it back if no change.
Also, for consideration, and if you believe the RV082 is at fault, you can export the configuration, reset the router and the restore the configuration. Take care before doing this and make sure you back up the config and make some paper notes before moving ahead. I suggest this only if you believe the RV082 is at fault.
.... Thinkpads_User
You can try, in the VPN setup screen for your overseas connection, down in the Advanced Section, changing the setting for NAT Traversal. It is probably unchecked (default). Make a note, try setting it, and test. Any change? Put it back if no change.
Also, for consideration, and if you believe the RV082 is at fault, you can export the configuration, reset the router and the restore the configuration. Take care before doing this and make sure you back up the config and make some paper notes before moving ahead. I suggest this only if you believe the RV082 is at fault.
.... Thinkpads_User
ASKER
This was actually checked already (by our previous admin). I did go ahead and toggle this off and back on for testing purposes. Still no luck.
I don't believe it's the Router itself. I think it has to do with China's network as I've run into strange issues like this before (the employee using vpn at home as an example). I went ahead and updated the firmware from 2.0.0.91 to 2.0.2.01. Again, no love.
I don't believe it's the Router itself. I think it has to do with China's network as I've run into strange issues like this before (the employee using vpn at home as an example). I went ahead and updated the firmware from 2.0.0.91 to 2.0.2.01. Again, no love.
>>> I think it has to do with China's network <--- I think you are right. The NAT Traversal was a shot in the dark. I have NAT traversal set on my home RV042 because I have NAT'd networks on each end. There is never any guarantee it works - it did in my case.
Another setting to toggle and check (again in Advanced) is Aggressive Mode. I have it set ON for some older tunnels (older Juniper Netscreen OS) and set OFF for a newer Netscreen OS tunnel. You can try it, but again, it is a shot in the dark.
Overall it appears to be the country network. .... Thinkpads_User
Another setting to toggle and check (again in Advanced) is Aggressive Mode. I have it set ON for some older tunnels (older Juniper Netscreen OS) and set OFF for a newer Netscreen OS tunnel. You can try it, but again, it is a shot in the dark.
Overall it appears to be the country network. .... Thinkpads_User
ASKER
Tried toggling the aggressive mode as well. It was already on due to some previous issues. Thank you so much for putting effort into resolving this with me, regardless of the outcome. =)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Closing question.
ASKER