Dan Craciun
asked on
RV042 VPN gateway no longer working after firmware update
I've encountered a bug in the RV042 firmware that came with my router:
- if I have 2 or more Gateway to Gateway VPN tunnels where
- the authentication is "Dynamic IP + FQDN" and
- 2 or more sites have an address of the form branchname1.domain.com, branchname2.domain.com etc
Then only the first connection was successful.
I had to change the second site's FQDN to branchname2.anotherdomain.com, then all the tunnels were working.
The setup worked for a couple of days, then all the tunnels stopped connecting. I had to make them branchname1.domain.org, branchname2.anotherdomain. notcom, essentially I needed to make all FQDNs have different terminations.
This worked, but judging by the progression, at the end of this week I probably would of needed to change the names to not letters or something.
So I searched for an updated firmware and updated to the latest: v4.2.3.03.
Now none of the VPN tunnels work. This is what I get in the RV042 logs:
Looks like a security issue, but from where?
Thank you.
- if I have 2 or more Gateway to Gateway VPN tunnels where
- the authentication is "Dynamic IP + FQDN" and
- 2 or more sites have an address of the form branchname1.domain.com, branchname2.domain.com etc
Then only the first connection was successful.
I had to change the second site's FQDN to branchname2.anotherdomain.com, then all the tunnels were working.
The setup worked for a couple of days, then all the tunnels stopped connecting. I had to make them branchname1.domain.org, branchname2.anotherdomain.
This worked, but judging by the progression, at the end of this week I probably would of needed to change the names to not letters or something.
So I searched for an updated firmware and updated to the latest: v4.2.3.03.
Now none of the VPN tunnels work. This is what I get in the RV042 logs:
Nov 24 20:11:59 2014 VPN Log (g2gips0)[534] 1.2.3.4: [Tunnel Disconnected] instance with peer 1.2.3.4 {isakmp=#0/ipsec=#0}
Nov 24 20:11:59 2014 VPN Log packet from 1.2.3.4:500: [Tunnel Authorize Fail] 'g2gips0' forbids connection, cause: Aggressive Mode
Nov 24 20:11:59 2014 VPN Log (g2gips0)[533] 5.6.7.8: [Tunnel Disconnected] instance with peer 5.6.7.8 {isakmp=#0/ipsec=#0}
Nov 24 20:11:59 2014 VPN Log packet from 5.6.7.8:500: [Tunnel Authorize Fail] 'g2gips0' forbids connection, cause: Aggressive Mode
Nov 24 20:11:49 2014 VPN Log (g2gips0)[530] 1.2.3.4: [Tunnel Disconnected] instance with peer 1.2.3.4 {isakmp=#0/ipsec=#0}
Nov 24 20:11:49 2014 VPN Log packet from 1.2.3.4:500: [Tunnel Authorize Fail] 'g2gips0' forbids connection, cause: Aggressive Mode
Looks like a security issue, but from where?
Thank you.
one thing that worked for others was changing the DH group to 2
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Probably a bug in firmware. Will try to find where to post bugs at Cisco.