Solved

Cisco rv 180w VPN IPsec SA Not Established

Posted on 2014-11-18
5
547 Views
Last Modified: 2014-11-22
Gateway to Gateway VPN

RV 180w on both ends

This VPN was working till one location experienced a power outage over the weekend. Both locations have Internet access but can't connect VPN.

I checked all VPN settings to make sure nothing had changed in either router, WAN Static IP is still the same on both ends. Next I upgraded firmware to v. 1.0.4.14 on both ends, deleted existing settings in both routers and used the "Basic VPN Setup" option. Same problem - IPsec SA Not Established. I have searched for a VPN log in the menu but haven't found it.
0
Comment
Question by:rettif9
  • 2
  • 2
5 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 40452414
SA is usually a mismatch between encryption methods or the shared secret.

Double check that your isakmp encryption settings match up.
0
 
LVL 7

Accepted Solution

by:
rettif9 earned 0 total points
ID: 40457527
I've spent several hours on the phone with Cisco engineers all settings have been verified. Although this VPN tunnel is still not working The Cisco engineers were able to configure a VPN from their test bench to each of the two routers successfully. The only clue we have so far is; One end has a cable ISP the other end is telco. Using ping x.x.x.x (WAN address) -f -l [Mtu size] we have been able to determine that pings sent from cable ISP end at 1480 (default) are always successful. pings sent from telco end fail if Mtu is above 1440. Working with telco now to resolve.
0
 
LVL 7

Author Comment

by:rettif9
ID: 40459430
MattV-

Since you were the only expert to respond I'll give you the points but actually the Telco caused the problem. as soon as they raised the Mtu everything started working again. Thanks for trying.
0
 
LVL 22

Expert Comment

by:Matt V
ID: 40459432
Thanks rettif9, glad you got it working.

We could also have adjusted the MTU on the tunnel to overcome the telecom settings.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now