loosain
asked on
No connection when setting up VPN between 2 cisco devices RV320 when one device is behind another router.
Hi,
i am trying to create a vpn-tunnel between 2 cisco devices (RV320). My problem is, that one of the devices is behind another router. Because of the ISP there we have to use this router.
Here the details:
network A: 192.168.1.0
255.255.255.0
router A: 192.168.1.1
network B (behind another router): 192.168.178.0
255.255.255.0
router B: 192.168.178.1
I set up WAN of the cisco B to static IP with 192.168.178.254 and gateway to 192.168.178.1
I think the problem is that the vpn-settings don´t allow to change the "local ip". It is automaticaly set to 192.168.178.254
But without another router between cisco and internet there is normally the ip provided to the router from ISP.
Please help me what to setting i have to change. Both sides always say "waiting for connection".
Firewall is disabled, ports (UDP 500, UDP 4500, ESP, TCP10000) re forwarded to 192.168.178.254 from Router B.
Thanks for helping me
loosain
i am trying to create a vpn-tunnel between 2 cisco devices (RV320). My problem is, that one of the devices is behind another router. Because of the ISP there we have to use this router.
Here the details:
network A: 192.168.1.0
255.255.255.0
router A: 192.168.1.1
network B (behind another router): 192.168.178.0
255.255.255.0
router B: 192.168.178.1
I set up WAN of the cisco B to static IP with 192.168.178.254 and gateway to 192.168.178.1
I think the problem is that the vpn-settings don´t allow to change the "local ip". It is automaticaly set to 192.168.178.254
But without another router between cisco and internet there is normally the ip provided to the router from ISP.
Please help me what to setting i have to change. Both sides always say "waiting for connection".
Firewall is disabled, ports (UDP 500, UDP 4500, ESP, TCP10000) re forwarded to 192.168.178.254 from Router B.
Thanks for helping me
loosain
ASKER
I tried to set up with dyndns: The log says:
[g2gips0]: [Tunnel Disconnected]
[g2gips0]: [Tunnel Disconnected]
Try again with DynDNS and check all the settings I gave you.
Try also without DynDNS
Try also without DynDNS
ASKER
I set everything like you... Is there any chance to get more information. "tunnel disconnected" is not helping much to find the problem...
ASKER
i just tried to switch the remote group gateway type to "ip only" and used "IP by DNS resolved".
Now i get a new error:
[g2gips0] #126: [Tunnel Authorize Fail] malformed payload in packet
Now i get a new error:
[g2gips0] #126: [Tunnel Authorize Fail] malformed payload in packet
Set up Logging, restart the router, attempt to make a connection and look in the System Error Messages. What do these tell you.
I gave you one end. Is the IP Sec setup at the other end the same as the local end (except for IP addressing)?
I gave you one end. Is the IP Sec setup at the other end the same as the local end (except for IP addressing)?
It sounds like a basic connection issue. Check System Error messages as I suggested.
ASKER
i tried this, but no success...
So i switched back to "dynamic ip + domain name auth"
With thisi have to use aggressive mode.
Both endpoints have same settings (except of ip).
Error log only says: [g2gips0]: [Tunnel Disconnected]
Irritating is that the cisco A with the static ip shows 0.0.0.0 for the remote gateway under the dyndns fqdn.
Maybe this is the problem ?
So i switched back to "dynamic ip + domain name auth"
With thisi have to use aggressive mode.
Both endpoints have same settings (except of ip).
Error log only says: [g2gips0]: [Tunnel Disconnected]
Irritating is that the cisco A with the static ip shows 0.0.0.0 for the remote gateway under the dyndns fqdn.
Maybe this is the problem ?
Remote gateway cannot be 0.0.0.0 ! Try resetting both ends and setting up without DynDNS.
ASKER
Seems that the cisco cant resolve the ip. But if i resolve the ip from diagnostic in the device it resolves the right ip.
The other cisco is behind of another router. Is it possible to setup dyndns if the cisco isn´t making the dialup. I only setup static ip for WAN.
Cisco A --static IP ------ web ------ Static IP --- Router --- static local IP---Cisco B
192.168.1.1 ---- x.x.x.x ---web ---- y.y.y.y --- 192.168.178.1 --- 192.168.178.254 (WAN ip)
The other cisco is behind of another router. Is it possible to setup dyndns if the cisco isn´t making the dialup. I only setup static ip for WAN.
Cisco A --static IP ------ web ------ Static IP --- Router --- static local IP---Cisco B
192.168.1.1 ---- x.x.x.x ---web ---- y.y.y.y --- 192.168.178.1 --- 192.168.178.254 (WAN ip)
I set up for Static IP address and have no difficulty making a connection.
192.168.178.1 --- 192.168.178.254 (WAN ip) <-- I do not understand this. My local IP is 192.168.x.1. There is no 254 address.
1. Did you try resetting your RV325 to factory settings?
2. Did you set up logging and what messages do you have in the System Error message log?
192.168.178.1 --- 192.168.178.254 (WAN ip) <-- I do not understand this. My local IP is 192.168.x.1. There is no 254 address.
1. Did you try resetting your RV325 to factory settings?
2. Did you set up logging and what messages do you have in the System Error message log?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Found the error !!!
In the one router there was an old port forwarding for ipsec used ports to a none existing nas... This makes the vpn to timeout for missing pakets...
In the one router there was an old port forwarding for ipsec used ports to a none existing nas... This makes the vpn to timeout for missing pakets...
Thanks for the update. I was happy to help and glad you found the issue.
Hi Sir,
Can you help me regarding Cisco RV320 Gateway to Gateway VPN Setup
Im always get error
[g2gips0]#7: [Tunnel Authorize Fail] malformed payload in packet
Hoping you for your assistance
Thank you
Can you help me regarding Cisco RV320 Gateway to Gateway VPN Setup
Im always get error
[g2gips0]#7: [Tunnel Authorize Fail] malformed payload in packet
Hoping you for your assistance
Thank you
Ray - you should probably start a question of your own for this issue .
RV320 gateway to gateway setups do not present any specific issue and normally work.
Turn on Logging on both ends, try a connection and see what is creating the error.
Thanks.
RV320 gateway to gateway setups do not present any specific issue and normally work.
Turn on Logging on both ends, try a connection and see what is creating the error.
Thanks.
Local IP: 198.168.x.1 easily settable.
Local External IP: 99.x.x.x
Local External Gateway: 99.x.x.1 (both set by ISP)
DNS: As set by ISP
Local DHCP: 192.168.x.100 - 149
Firewall: All enabled: Remote Management on port 443
Tunnel Setup:
Interface: WAN 1
Local group setup:
Type: IP Only
IP Address: External not settable
Local security type: Subnet
IP Address: 192.168.x.0
Subnet Mask: 255.255.255.0
Remote group setup:
Remote Gateway Type: IP Only
IP Address: Other end IP
Remote Security Group: Subnet
IP address: 192.168.z.0
Subnet: 255.255.255.0
IPsec Setup
IKE Pre-share
Phase 1: Group 2, 3DES, SHA1 or greater
PFS not enabled
Phase 2: Group 2, 3DES, SHA1 or greater
Pre-shared key: enter key
Aggressive mode: no
Compress: no
Keep Alive: yes
AH Hash: no
Net Bios broadcast: no
NAT Traversal: varies, often yes for me
Dead Peer Detect: yes 10 seconds.