Solved

RV042 VPN gateway no longer working after firmware update

Posted on 2014-11-24
3
787 Views
Last Modified: 2014-12-16
I've encountered a bug in the RV042 firmware that came with my router:
- if I have 2 or more Gateway to Gateway VPN tunnels where
- the authentication is "Dynamic IP + FQDN" and
- 2 or more sites have an address of the form branchname1.domain.com, branchname2.domain.com etc
Then only the first connection was successful.
I had to change the second site's FQDN to branchname2.anotherdomain.com, then all the tunnels were working.

The setup worked for a couple of days, then all the tunnels stopped connecting. I had to make them branchname1.domain.org, branchname2.anotherdomain.notcom, essentially I needed to make all FQDNs have different terminations.

This worked, but judging by the progression, at the end of this week I probably would of needed to change the names to not letters or something.

So I searched for an updated firmware and updated to the latest: v4.2.3.03.

Now none of the VPN tunnels work. This is what I get in the RV042 logs:
Nov 24 20:11:59 2014	VPN Log	(g2gips0)[534] 1.2.3.4: [Tunnel Disconnected] instance with peer 1.2.3.4 {isakmp=#0/ipsec=#0}
Nov 24 20:11:59 2014	VPN Log	packet from 1.2.3.4:500: [Tunnel Authorize Fail] 'g2gips0' forbids connection, cause: Aggressive Mode
Nov 24 20:11:59 2014	VPN Log	(g2gips0)[533] 5.6.7.8: [Tunnel Disconnected] instance with peer 5.6.7.8 {isakmp=#0/ipsec=#0}
Nov 24 20:11:59 2014	VPN Log	packet from 5.6.7.8:500: [Tunnel Authorize Fail] 'g2gips0' forbids connection, cause: Aggressive Mode
Nov 24 20:11:49 2014	VPN Log	(g2gips0)[530] 1.2.3.4: [Tunnel Disconnected] instance with peer 1.2.3.4 {isakmp=#0/ipsec=#0}
Nov 24 20:11:49 2014	VPN Log	packet from 1.2.3.4:500: [Tunnel Authorize Fail] 'g2gips0' forbids connection, cause: Aggressive Mode

Open in new window


Looks like a security issue, but from where?

Thank you.
0
Comment
Question by:Dan Craciun
  • 2
3 Comments
 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 40466132
one thing that worked for others was changing the DH group to 2
0
 
LVL 34

Accepted Solution

by:
Dan Craciun earned 0 total points
ID: 40466233
I tried:
DES/MD5/Group1
DES/MD5/Group2
AES128/SHA1/Group1
AES128/SHA1/Group2

The same result.
This looks like a bug to me: the new firmware cannot use Aggressive mode.
I've tried using direct IP authentication and it works without any issues.

Where can I report a bug for Cisco small business routers? I've asked the sales rep that sold the RV042 and the RV180s and he said he's just a salesman and has no idea how to reach Cisco tech support.

Thanks,
Dan
0
 
LVL 34

Author Closing Comment

by:Dan Craciun
ID: 40502227
Probably a bug in firmware. Will try to find where to post bugs at Cisco.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question