[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 504
  • Last Modified:

network/vpn issue

I have a client with 2 networks in the same building.  They want to be able to communicate between the networks. The option to combine into 1 network is not an option.  Current the topology is this

                                                                                      Gateway
                                                                         |                                  |
                                                         Static ip cisco RV082                static ip cisco RVS4000
                                                                     

I attempted to setup a vpn between the 2 routers but it will not connect, any ideas?  
0
cnesupport
Asked:
cnesupport
  • 7
  • 6
2 Solutions
 
ipajonesCommented:
Why do you need a VPN ?

Can you not just segregate the LANs with different subnets and then route the appropriate traffic between them using ACLs if required.

Generally the purpose of a VPN IS to join 2 networks over an insecure medium such as the Internet.

Can you be more specific about the requirements and objectives ?

--IJ
0
 
John HurstBusiness Consultant (Owner)Commented:
First, make sure the subnets on each end are different. They might be the same.

Make sure on the RV082 that you are using Gateway to Gateway VPN and not Gateway to Client. Check the similar setting on the RVS4000. Check that the VPN settings including Phase 1 and Phase 2 are identical on both routers. Then check in the VPN Advanced Settings (RV082) for Aggressive Mode. I have it unchecked but check both routers for this setting. Also check NAT Traversal. You may need it set on at one end. Check both settings.

... Thinkpads_User
0
 
cnesupportAuthor Commented:
currently the rv082 is 192.168.0.251  the rvs4000 is 10.3.0.1  

basically the boss want to be able to walk around and no matter which network he is at he can get to the data on either side.  

Yes Thinkpads user it is gateway to gateway and all the phases on the same
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
John HurstBusiness Consultant (Owner)Commented:
So now check in the Advanced Settings. I had to enable NAT Traversal a couple of times to get a connect. It depends on the situation, but do check NAT and Agressive Mode.

.... Thinkpads_User
0
 
cnesupportAuthor Commented:
tried that same result
0
 
John HurstBusiness Consultant (Owner)Commented:
There are logs in both RV boxes. Turn on logging and see what it tells you.

 ... Thinkpads_User
0
 
cnesupportAuthor Commented:
log from the rv082

ct 17 05:28:31 2011           VPN Log          [Tunnel Negotiation Info] >>> Initiator Send Aggressive Mode 1st packet
Oct 17 05:28:31 2011           VPN Log          initiating Aggressive Mode #37, connection "ips0"
Oct 17 05:28:31 2011           VPN Log          STATE_AGGR_I1: initiate
Oct 17 05:28:34 2011           VPN Log          [Tunnel Negotiation Info] >>> Initiator Send Aggressive Mode 1st packet
Oct 17 05:28:34 2011           VPN Log          initiating Aggressive Mode #38, connection "ips0"
Oct 17 05:28:34 2011           VPN Log          STATE_AGGR_I1: initiate
Oct 17 05:29:44 2011           VPN Log          [Tunnel Negotiation Info] >>> Initiator Send Aggressive Mode 1st packet
Oct 17 05:29:44 2011           VPN Log          initiating Aggressive Mode #39 to replace #38, connection "ips0"
Oct 17 05:29:44 2011           VPN Log          STATE_AGGR_I1: initiate
Oct 17 05:30:54 2011           VPN Log          [Tunnel Negotiation Info] >>> Initiator Send Aggressive Mode 1st packet
Oct 17 05:30:54 2011           VPN Log          initiating Aggressive Mode #40 to replace #39, connection "ips0"
Oct 17 05:30:54 2011           VPN Log          STATE_AGGR_I1: initiate
Oct 17 06:45:31 2011           VPN Log          [Tunnel Negotiation Info] >>> Initiator Send Aggressive Mode 1st packet
Oct 17 06:45:31 2011           VPN Log          initiating Aggressive Mode #41, connection "ips0"
Oct 17 06:45:31 2011           VPN Log          STATE_AGGR_I1: initiate
Oct 17 06:46:41 2011           VPN Log          [Tunnel Negotiation Info] >>> Initiator Send Aggressive Mode 1st packet
Oct 17 06:46:41 2011           VPN Log          initiating Aggressive Mode #42 to replace #41, connection "ips0"
Oct 17 06:46:41 2011           VPN Log          STATE_AGGR_I1: initiate
0
 
cnesupportAuthor Commented:
rvs4000 log

Oct 17 06:45:22 - [VPN Log]: "trend" #2: initiating Aggressive Mode #2, connection "trend"
Oct 17 06:46:32 - [VPN Log]: "trend" #2: max number of retransmissions (2) reached STATE_AGGR_I1
Oct 17 06:47:57 - [VPN Log]: "trend" #3: initiating Aggressive Mode #3, connection "trend"
Oct 17 06:49:07 - [VPN Log]: "trend" #3: max number of retransmissions (2) reached STATE_AGGR_I1
0
 
John HurstBusiness Consultant (Owner)Commented:
Check through your main settings and check the use of Agressive Mode at each end. The logs suggest you are not getting to first base at all. I don't see any phase 1 packets.  ... Thinkpads_Use
r
0
 
cnesupportAuthor Commented:
They are both set to use agressive mode, I know it seems like they can't see each other at all.  I am wondering if there is some kind of block on the gateway or since they both use the same gateway if there is a problem with that as well.
0
 
John HurstBusiness Consultant (Owner)Commented:
You might need some local networking assistance with your network. As noted by ipajones earlier, VPN normally expects Internet to be in the middle, and I have not connected a VPN without an external IP.  

... Thinkpads_User
0
 
cnesupportAuthor Commented:
that is what I am think as well, but not being able to find anything useful online yet.
0
 
cnesupportAuthor Commented:
thanks for the help, turned out the isp had the routing all messed up on the gateway.  vpn is up and running normally now.
0
 
John HurstBusiness Consultant (Owner)Commented:
Thanks for the update and I am glad you got it up and running. ... Thinkpads_User
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now