VPN gateway to gateway RV0XX

Greetings,

I have a RV082 and a RV042. I was able to successfully establish a vpn connection from gateway to gateway between the two and I can remotely manage each router through the VPN connection, but I am unable to computers ping from one side of the connection to the other. For example, a computer in the 10.10.1.0 subnet cannot see / ping / communicate with a computer in the 192.168.1.0 subnet.

Here are the configurations for each. Apart from static IP configurations and VPN configurations, no other changes were made to the routers.

RV082

DHCP enabled

Tunnel of status: connected

Configuration of local groups

  • IP only: X.X.X.66
  • Local security group type: subnet
  • IP address: 10.10.1.0
  • Subnet mask: 255.255.255.0

Dear ybrow,

All new discussions of small business (which includes the model of your routers) have been migrated to the Cisco Small Business Support Community. All small businesses existing discussions have been archived here for reference.  We made these changes to better serve all customers of Cisco now and in the future.

Visit the Cisco Small Business Support Community Home Page created specifically for Linksys and Linksys by Cisco community members.

Thank you!

Tags: Linksys Routers

Similar Questions

  • I need VPN gateway to gateway with NAT for several subnets, RV082

    I have a pair of RV082 routers and I would like to configure a gateway to gateway VPN tunnel, as described in a book, "How to configure a VPN tunnel that routes all traffic to the remote gateway," (name of file Small_business_router_tunnel_Branch_to_Main.doc).  I followed this recipe book and found that my while the main office has internet connectivity, the branch subnet is not an internet connection.

    Routing behaves as advertised, where all traffic goes to the seat.  However, the 192.168.1.0 subnet in the branch receives no internet connectivity.  I read in other posts that the main router will provide only NAT for the local subnet, not the Management Office subnet.  Is it possible to configure the RV082 router to provide NAT for all subnets?

    If this is not the case, what product Cisco will provide connectivity VPN Tunnel as well as the NAT for all subnets?  The RV082 can be used as part of the final solution or are my RV082s a wasted expense?

    Here is the configuration that I had put in place, (real IP and IKE keys are false).

    Bridge to bridge

    Remote Head Office

    Add a new Tunnel

    No de tunnel                  1                                               2

    Name of the tunnel:, n1 n1-2122012_n2-1282012-2122012_n2-1282012

    Interface: WAN1 WAN1

    Enable :                   yes                                             yes

    --------------------------------------------------------------------------------

    Configuration of local groups

    Type of local security gateway: IP only IP only

    IP address: 10.10.10.123 10.10.10.50

    Local security group type: subnet subnet

    IP address: 192.168.1.0 0.0.0.0

    Subnet mask: 255.255.255.0 0.0.0.0

    --------------------------------------------------------------------------------

    Configuration of the remote control groups

    Remote security gateway type: IP only IP only

    IP address: 65.182.226.50 67.22.242.123

    Security remote control unit Type: subnet subnet

    IP address: 0.0.0.0 192.168.1.0

    Subnet mask: 0.0.0.0 255.255.255.0

    --------------------------------------------------------------------------------

    IPSec configuration

    Input mode: IKE with preshared key IKE with preshared key

    Group of the phase 1 of DH: Group 5 - 1536 bit group 5 - 1536 bit

    Encryption of the phase 1: of THE

    The phase 1 authentication: MD5 MD5

    Step 1 time in HIS life: 2800 2800 seconds

    Perfect Forward Secrecy: Yes Yes

    Group of the phase 2 DH: Group 5 - 1536 bit group 5 - 1536 bit

    Encryption of the phase 2: of THE

    Phase 2 of authentication: MD5 MD5

    Time of the phase 2 of HIS life: 3600 seconds 3600 seconds

    Preshared key: MyKey MYKey

    Minimum complexity of pre-shared key: Enable Yes Enable

    --------------------------------------------------------------------------------

    If you are running 4.x firmware on your RV082, you must add an additional Allow access rule for the Branch Office subnet (considered one of the multiple subnets in the main office) may have access to the internet. Note the firmware version has more details about it.

    http://www.Cisco.com/en/us/docs/routers/CSBR/rv0xx/release/rv0xx_rn_v4-1-1-01.PDF

  • RV082 VPN gateway to gateway does not solve remote gateway DynDns

    I have two RV082 is connected. Each has a dynamic IP address (generally changes every few weeks). I have configured tunnels on both ends with a local and remote "Remote/Local Security Gateway Type" of "+ IP dynamic authentication with domain name".

    If I look at the State of the VPN tunnel summary, it shows the IP "mondomaine.dyndns.org 0.0.0.0" under the column heading "Remote Gateway". The button "Connect" Tunnel test is n/a.

    I can solve each mondomaine.dyndns.org on both sides of each VPN entry using the Diagnostic DNS search within each router. If I wired a fixed IP address for the Local and the remote gateway, everything works fine. VPN is good.

    I can't seem to get the "mondomaine.dyndns.org" function works. It seems that the router is unable to solve the dynamic IP address of the domain names on each of the routers.

    I am confused, but this is my first time using a Cisco VPN router. Thanks in advance for some ideas.

    Hello MtnSledder,

    You can use only address dynamic IP + domain name (FQDN) of one side of the tunnel. On the other device try to select IP and then the possibility of using the IP by DNS resolved.  You will find this under the remote gateway once you select IP only.

    Give that a try and it must raise the tunnel.

    Christopher Ebert

    Network support - Cisco Small Business Support Center Engineer

  • VPN gateway with the traffic filtering

    I work in his laboratory on a configuration on a small scale in which client PC establishes an IPSEC VPN with Cisco 1921 router, I have two questions in this regard.

    (1) for wireless PC clients, uses an IPSEC VPN Client the best option or should I prefer other options. wireless clients also use Radius Server for authentication.

    (2) I want to make sure no other traffic can reach or pass the interface of local network other than the VPN Client traffic, I need to set up on the router to make sure that no other traffic cannot pass other than traffic APV.

    First: The real IPsec VPN client is the AnyConnect. The VPN-config for AnyConnect (especially for IPsec) gateway on the router IOS is much more difficult, so it's on the SAA. If you still have the possibility of changing the front doors, then go for a SAA. It is also much cheaper from a perspective of license given that no license of AnyConnect Essentials for the router. The Cisco VPN Client to the traditional address is EOL and should not begin a new deployment on this basis.

    Your questions:

    (1) all VPN - users should be authenticated in some way. Send the request to a central directory authentication is a best practice and usually done with RADIUS. In addition to authentication, you can also perform an authorization to control what rights Gets a VPN user.

    (2) If you only want to allow IPsec traffic, you must configure an access list, a permit for UDP/500, UDP/4500 and IP/50 of your router IP. With this config, all other traffic will be dropped.

  • Cannot ping sub interface from my remote site VPN gateways

    I can't ping my gateways to interface my remote vpn connection sub

    I can ping 192.6.1.0 network, but can't ping network 192.6.2.0 or 192.6.3.0

    When I remote desktop in 192.6.1.20 I can ping all the networks, including gateways to interface sub.

    I think that something in my asa is misconfigured or not added

    ASA NAT rules:

    Exempt NAT Interface: inside

    Source 192.6.0.0/16

    Destination 192.6.10.96/27

    Static NAT interface: inside (it's for the local NAT of E0/0 out)

    Source 192.6.1.1/16

    Interface translated outside the Destination: 172.35.221.200

    Dynamic NAT interface: inside

    Source: no

    Destination: outside

    ASA access rules:

    Permit outside

    Source: no

    Destination: out

    Services: udp, tcp, tcp/http

    Static routes:

    Interface: Outside > network: all outdoors DSL (shows no DSL in the graph)

    Some incorrect configuration:

    On the ASA:

    (1) directions are incorrect, the default should point to the next hop route, that is to say: the internet router: 172.35.221.x, as follows:

    Route outside 0.0.0.0 0.0.0.0 172.35.221.x

    ---> where x must be the router internet ip address.

    existing routes need to be removed:

    No route outside 0.0.0.0 0.0.0.0 192.298.47.182 255

    No route outside 0.0.0.0 0.0.0.0 172.35.209.81 in tunnel

    (2) the following declaration of the static NAT is incorrect too and should be removed:

    static (inside, outside) USSLTA01_External USSLTA01 netmask 255.255.255.255

    --> You can not NAT interface on the SAA itself.

    (3) for the SAA within the interface's subnet mask should be 255.255.255.0, no 255.255.0.0. It should be the same as the router interface subnet mask:

    interface Ethernet0/1

    nameif inside

    security-level 100

    IP 192.6.1.254 255.255.255.0

    (4) on the way to access these sub interfaces subnet on the SAA as follows:

    Route inside 192.6.2.0 255.255.255.0 192.6.1.235

    Route inside 192.6.3.0 255.255.255.0 192.6.1.235

    Route inside 192.6.4.0 255.255.255.0 192.6.1.235

    On the router, configure it by default route as follows:

    IP route 0.0.0.0 0.0.0.0 192.6.1.254

  • Default VPN Gateway problem

    Hello guys. We have vpn site to site... and this is my scenairio.

    Site A (ASA 5505).

    VLAN 1 - outside = 200.200.200.x - internet

    VLAN 2-inside 192.168.8.1

    Eth0/1---192.168.8.2

    255.255.255.0

    Gateway 192.168.8.1


    It's my laptop

    Eth0/1 192.168.8.3

    255.255.255.0

    no gateway.

    LINUX Server

    For my site VPN remote B can reach my ip from 192.168.8.2 because of the gateway laptop I put it

    but he can't reach my Linux Sesrver 192.168.8.3 because there is no gateway.

    and I don't want to add a gateway my server for some reason... so please can someone help me out here, it's very important for me.

    You don't add gateway no choice to get connectivity.

    Thank you

    Ajay

  • routing of multiple site-2-site VPN gateways

    I have a strange configuration and need help.

    We have and ISP with a 29 network. We have connected the Ethernet transfer to a 2 layer equipment and connected one end to a Calyptix firewall and the other to our Cisco 2811.

    the router has a default route that points to the Calyptix firewall.

    Currently, the router also has a P2P T1 line at the corp office.

    We would like to install a VPN site-to site of this router in the corp office and use P2P as the backup to local traffic, but everything else goes out the ASA.

    I feel like I should be able to configure a tunnel between the two (branch and corp) public IP addresses, but I can't ping the public IP address of Corp. branch because it passes to the firewall (default route).

    What Miss me?

    I have attached a PDF file of the configuration of the network.

    I tried to configure static routes

    IP route 50.199.17.17 255.255.255.255 72.34.95.209

    &

    IP route 72.34.95.210 255.255.255.255 50.199.17.22

    But this does not work, any ideas or suggestions?

    Hi James,

    1. Please check the traffic from 50.199.17.17 to 72.34.95.210 where he's going. Make an itinerary of track of 72.34.95.210 and check if it goes to 210 OR a.211 (capture the firewall), then to 210

    Note: Maybe traffic flow return of 50.199.17.16--> Firewall (72.34.95.211)--> router based on your current configuration (maybe ISP force to go in this direction)

    (2 Please check that you do not receive this route(50.199.17.16/29) P2P T1 somehow by a trace of 72.34.95.210 to 50.199.17.17.

    3. check that you don't have any inbound ACL on both routers.

    Please mark this message as correct if it works.

  • Remote VPN gateway to gateway problem RV016 to add VLANs

    Hi all I have a little problem with RV016. I have a site to another LAN ipsec virtual and I would like to add a vlan remote for tunneling but RV has only three options

    -IP

    -Subnet

    IP range-

    Now the remote lan for vpn is 192.168.10.0/24 and I would add 10.1.1.0/24

    Can someone help me?

    Glad to hear it

    Please note the post useful and mark it as answered to help other customers of Cisco

    See you soon

    Mehdi

  • Router VPN-gateway, without browsing

    Hi all, I had problems with my RV120w I can't connect via the Internet to my network of workplaces from another site, I ping the router but can´t go, any help will be useful

    Hi isaac mora

    In order to solve your problem, check your VPN configuration using this document

    http://sbkb.Cisco.com/CiscoSB/UKP.aspx?VW=1&docid=469869acd2fa43d1be369e6422facafc_Gateway_to_Gateway_VPN_Tunnel_between_RV120W_routers.XML&PID=4&FCID=&fpid=&slnid=4

    If all goes well, try this:

    Conect a computer directly to your modem.

    get dns address (start-> run-> ¨cmd¨ type-> type ¨nslookup¨)

    Check the connection you get is different than 127.0.0.x and is different from any address of your local network.

    In this case, contact your internet service provider and and request for technical assistance.

    Thank you.

    Best regards and have a nice day.

    Johnnatan Rodriguez Miranda.

    Support of Cisco network engineer.

  • Question card crypto for VPN gateway router

    I'm moving my VPN environment at 2811 routers. I move a seller more tomorrow which has two sources who need to connect to each of our IPs, those inside the IPs are NAT had real IPS at the firewall behind the router. I know I'll find out tomorrow, but thought I would see if anyone see a problem with this ACL that is used for the encryption card, is there a problem with multiple sources (50.50.50.1 et.2 in file) connection to the same destinations? The IP addresses in this file are not real output IPs. Thank you.

    If I understand you correctly, no it should not be a problem at all. Each entry in your crypto ACLs card will create a separate IPSEC security association pair and there is no overlap.

    Let me know if I misunderstood your question.

    Jon

  • Problem VPN gateway to gateway Cisco RV042 861

    Hello. I have problems with tunneling IPSec between a RV042 and a Cisco 861. I configured the IKE, turn the value, the access list and the Crypto map into the pit 861 the console and I configured the tunnel in the RV042 web application with the same IKE encryption, Diffie-Hellman group and authentication but the connection does not work. Advice or review for this type of connection? Thank you.

    Your default traffic will be natting to the outside world.

    You need without Nat Traffc of Source ip to Destination ip that you authorized in the VPN access list.

    Mean simply to deny source ip to destination ip in NAT ACL.

  • thinapps does not start when you use a VPN gateway access

    Hello

    We have a test lab that we use for demo/test Horizon Workspace.  When we use a Windows 7 VM inside the field of local laboratory which the vApps Horizon are on, all the features - including ThinApps - works fine.  However, when we VPN for the lab and try to launch a Thinapp of Horizon, seems to fail. No error message - just thinapp does not launch.

    I have attached the diagnosis local Horizon of my phone files that I used to try to launch Thinpps all in VPNed in, if someone could help me I would be really grateful.  Thank you.

    -Allen

    Today there is no real solution for this. If you want to manage ThinApps clients must be in the same domain as the ThinApp/workspace repository.

  • RV082 VPN gateway to gateway does not connect


    These products are processed by the Cisco Small Business support community. (URL: https://supportforums.cisco.com/community/netpro/small-business )

  • RV082 to RV016 gateway to gateway VPN

    Hello. I currently have a RV082 to setup VPN gateway to gateway RV016 between my office and home. The tunnel is connected and I have an installation Avaya IP phone and work. The problem is when I try to open a network folder shared on my server in the office. I ping the server and at the office. I can access some folders on the server using internet explore using the method 'name \\server\folder. But I can't open the files I have premapped. When I'm on the network in the office everything is ok. When I get home I get the message "path not found network". I tried to remap and go home empty-handed. Initially, I thought that maybe it's a setting on my server but rejected since I can ping and access through the method of EI. Any ideas? I get very frustrated here! Thank you.

    I thought about it by chance after reading several other posts of similar problems.  Under the gateway to gateway VPN configuration, you must navigate to the tab advanced for the IPSec configuration.  Both options of NAT Traversal and broadcast NetBIOS must be enabled at both ends and it works!

    Thanks for your help.

  • What do the acl when configuring a router as gateway VPN?

    Hi all

    my predecessor has set up our VPN gateway on our secondary router. Here's the relevant part of the config.

    ISAKMP crypto group customer VPN-CLIENT-HOST configuration

    key XXXX-XXXX

    192.168.177.7 DNS 192.168.100.1

    win 192.168.177.7

    XXXX.local field

    pool SDM_POOL_1

    ACL 104

    Im still trying to catch up in a few areas of programming and Im not sure this that set the ACL in this command is for or how it will affect users who connect to the gateway.

    Can someone point me in the direction of a useful Cisco document or explain it please? Ive been everywhere on Cisco's Web site and keep it going round in circles (its as if Cisco wants to sell me something; his tent like out of a Vegas casino without having spent the slots)

    Thanks in advance.

    Paul

    Hello Paul,

    Parminder response is correct, this ACL is used to match the interesting traffic (which will be sent via encrypted VPN tunnel).

    You will need to classify the traffic originating from your end because it's the traffic that will be encrypted, in your ACL it (coming from the other site or customers) it is already encrypted and you'll decripted as soon as he arrive at your end.

    I hope this has been informative.

    Kind regards

    Julio

Maybe you are looking for