Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

RV042 VPN gateway no longer working after firmware update

Posted on 2014-11-24
3
Medium Priority
?
936 Views
Last Modified: 2014-12-16
I've encountered a bug in the RV042 firmware that came with my router:
- if I have 2 or more Gateway to Gateway VPN tunnels where
- the authentication is "Dynamic IP + FQDN" and
- 2 or more sites have an address of the form branchname1.domain.com, branchname2.domain.com etc
Then only the first connection was successful.
I had to change the second site's FQDN to branchname2.anotherdomain.com, then all the tunnels were working.

The setup worked for a couple of days, then all the tunnels stopped connecting. I had to make them branchname1.domain.org, branchname2.anotherdomain.notcom, essentially I needed to make all FQDNs have different terminations.

This worked, but judging by the progression, at the end of this week I probably would of needed to change the names to not letters or something.

So I searched for an updated firmware and updated to the latest: v4.2.3.03.

Now none of the VPN tunnels work. This is what I get in the RV042 logs:
Nov 24 20:11:59 2014	VPN Log	(g2gips0)[534] 1.2.3.4: [Tunnel Disconnected] instance with peer 1.2.3.4 {isakmp=#0/ipsec=#0}
Nov 24 20:11:59 2014	VPN Log	packet from 1.2.3.4:500: [Tunnel Authorize Fail] 'g2gips0' forbids connection, cause: Aggressive Mode
Nov 24 20:11:59 2014	VPN Log	(g2gips0)[533] 5.6.7.8: [Tunnel Disconnected] instance with peer 5.6.7.8 {isakmp=#0/ipsec=#0}
Nov 24 20:11:59 2014	VPN Log	packet from 5.6.7.8:500: [Tunnel Authorize Fail] 'g2gips0' forbids connection, cause: Aggressive Mode
Nov 24 20:11:49 2014	VPN Log	(g2gips0)[530] 1.2.3.4: [Tunnel Disconnected] instance with peer 1.2.3.4 {isakmp=#0/ipsec=#0}
Nov 24 20:11:49 2014	VPN Log	packet from 1.2.3.4:500: [Tunnel Authorize Fail] 'g2gips0' forbids connection, cause: Aggressive Mode

Open in new window


Looks like a security issue, but from where?

Thank you.
0
Comment
Question by:Dan Craciun
  • 2
3 Comments
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 40466132
one thing that worked for others was changing the DH group to 2
0
 
LVL 35

Accepted Solution

by:
Dan Craciun earned 0 total points
ID: 40466233
I tried:
DES/MD5/Group1
DES/MD5/Group2
AES128/SHA1/Group1
AES128/SHA1/Group2

The same result.
This looks like a bug to me: the new firmware cannot use Aggressive mode.
I've tried using direct IP authentication and it works without any issues.

Where can I report a bug for Cisco small business routers? I've asked the sales rep that sold the RV042 and the RV180s and he said he's just a salesman and has no idea how to reach Cisco tech support.

Thanks,
Dan
0
 
LVL 35

Author Closing Comment

by:Dan Craciun
ID: 40502227
Probably a bug in firmware. Will try to find where to post bugs at Cisco.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question