Solved

RV042 VPN gateway no longer working after firmware update

Posted on 2014-11-24
3
811 Views
Last Modified: 2014-12-16
I've encountered a bug in the RV042 firmware that came with my router:
- if I have 2 or more Gateway to Gateway VPN tunnels where
- the authentication is "Dynamic IP + FQDN" and
- 2 or more sites have an address of the form branchname1.domain.com, branchname2.domain.com etc
Then only the first connection was successful.
I had to change the second site's FQDN to branchname2.anotherdomain.com, then all the tunnels were working.

The setup worked for a couple of days, then all the tunnels stopped connecting. I had to make them branchname1.domain.org, branchname2.anotherdomain.notcom, essentially I needed to make all FQDNs have different terminations.

This worked, but judging by the progression, at the end of this week I probably would of needed to change the names to not letters or something.

So I searched for an updated firmware and updated to the latest: v4.2.3.03.

Now none of the VPN tunnels work. This is what I get in the RV042 logs:
Nov 24 20:11:59 2014	VPN Log	(g2gips0)[534] 1.2.3.4: [Tunnel Disconnected] instance with peer 1.2.3.4 {isakmp=#0/ipsec=#0}
Nov 24 20:11:59 2014	VPN Log	packet from 1.2.3.4:500: [Tunnel Authorize Fail] 'g2gips0' forbids connection, cause: Aggressive Mode
Nov 24 20:11:59 2014	VPN Log	(g2gips0)[533] 5.6.7.8: [Tunnel Disconnected] instance with peer 5.6.7.8 {isakmp=#0/ipsec=#0}
Nov 24 20:11:59 2014	VPN Log	packet from 5.6.7.8:500: [Tunnel Authorize Fail] 'g2gips0' forbids connection, cause: Aggressive Mode
Nov 24 20:11:49 2014	VPN Log	(g2gips0)[530] 1.2.3.4: [Tunnel Disconnected] instance with peer 1.2.3.4 {isakmp=#0/ipsec=#0}
Nov 24 20:11:49 2014	VPN Log	packet from 1.2.3.4:500: [Tunnel Authorize Fail] 'g2gips0' forbids connection, cause: Aggressive Mode

Open in new window


Looks like a security issue, but from where?

Thank you.
0
Comment
Question by:Dan Craciun
  • 2
3 Comments
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40466132
one thing that worked for others was changing the DH group to 2
0
 
LVL 34

Accepted Solution

by:
Dan Craciun earned 0 total points
ID: 40466233
I tried:
DES/MD5/Group1
DES/MD5/Group2
AES128/SHA1/Group1
AES128/SHA1/Group2

The same result.
This looks like a bug to me: the new firmware cannot use Aggressive mode.
I've tried using direct IP authentication and it works without any issues.

Where can I report a bug for Cisco small business routers? I've asked the sales rep that sold the RV042 and the RV180s and he said he's just a salesman and has no idea how to reach Cisco tech support.

Thanks,
Dan
0
 
LVL 34

Author Closing Comment

by:Dan Craciun
ID: 40502227
Probably a bug in firmware. Will try to find where to post bugs at Cisco.
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Internet link load balancer 6 67
Router Question 12 55
Cisco WRVS4400N 11 37
Windows 7 Internet issue 14 54
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question