Cisco RV320 / 325 VPN Ipsec problem

Ray Valencia
Ray Valencia used Ask the Experts™
on
Hi Sir,

Would like to ask for your help about the problem listed below,

[Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xccb797a8) not found (maybe expired)

Hoping that you can help me resolve this matter.


Thank you in advance.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018

Commented:
Are the public IP addresses of both firewalls involved with tunneling static of dynamic?
Ray ValenciaIT Administrator

Author

Commented:
Sir masnrock

Im using Static IP for my Public IP
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Can you lengthen (a bit) the SA timeout values in Phase 1 and Phase 2?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Distinguished Expert 2018

Commented:
Ray - Could you tell us about the firewall at the other end? (Be sure to follow Experience's tip also)
Ray ValenciaIT Administrator

Author

Commented:
Sir,

The firewall im using is the build-in firewall for the Cisco RV320 and 325

Please see attach file

Thank you sir
firewall.docx
Distinguished Expert 2018

Commented:
Let me ask a different way: Are you trying to create a site to site tunnel or are you trying to create a VPN that remote users will connect to?
Ray ValenciaIT Administrator

Author

Commented:
Sir masnrock


Actually im on SITE to SITE connection..its working fine few days ago till yesterday but this morning when i check may connection its disconnected. I look for the VPN logs and thats the problem i saw.

Thank you sir
Distinguished Expert 2018

Commented:
Thanks for the info. And you're mentioning that BOTH routers are using static IP addresses? Sometimes issues arise when one of them is on DHCP, even if the address doesn't change very often.
Ray ValenciaIT Administrator

Author

Commented:
Hi Sir

See Attach files for may IPSec settings for Phase1 and 2 for both VPN router
IPSec-setting-for-rv320.JPG
IPSec-setting-for-rv325.JPG
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
On both settings, Uncheck "Perfect Forward Secrecy" .  Not needed for site to site and can prevent connect. Remove both locations
Ray ValenciaIT Administrator

Author

Commented:
Sir Masnrock,

Since i setup my VPN im using STATIC IP but still im encountering this problem.

Any solution or advise you can give.

Thank you sir
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Our messages may have crossed. Uncheck PFS both ends
Ray ValenciaIT Administrator

Author

Commented:
Hi Sir

Do i need to enable the NAT Traversal on Both side

Thank you sir
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
It depends on the connection. If you have bland, 1 router / VPN at each end, probably not. Try it both ways.
Ray ValenciaIT Administrator

Author

Commented:
Hi Sir EXperienced Member

I will remove the PFS and also for the NAT Travesal.

Thank you sir
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Once you have done PFS, check NAT Traversal both ways. Sometimes I need it; sometimes I do not.
Ray ValenciaIT Administrator

Author

Commented:
Hi Sir,

Im Setting it up right now... Both NAT Traversal is On..





Thank you for the help sir,
Ray ValenciaIT Administrator

Author

Commented:
Sir may VPN connection is working... i can Ping may IP on both sides.


Thank you sir , its helps me a lot..

Thank you for your support to may problem
Business Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
It was PFS blocking you.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
I assume all is now well and so you should close the question.
Ray ValenciaIT Administrator

Author

Commented:
Thank you for the support
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
You are most welcome and I was happy to help you solve this.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial