WRVS4400N VPN Passthrough issues

I had a WRVS4400N router for 8-9 months. When it is connected to a remote VPN, the PC will go down intermittently to connect to the remote VPN server. Anything running on the connection, such as distance or vSphere client or network file browsing, office will be temporarily unusable, then the connection is re-established. Usually one drop lasts several seconds and varies in frequency.

A few notes:

-I can reproduce the problem with more than one PC.

-Both wired and wireless connections are affected.

-If I use an old Linksys WRT router or connect directly to the internet modem, I don't see the problem.

-J' have tried disabling UPnP, firewall and IPS without success.

I tried using wireshark, but can't identify something specific. The traffic seems to just stop for 5-10 seconds before resuming.

Any suggestions/help would be appreciated.

Mr Champion,


Have you tried just the quickvpn client and the view if your always get disconnected?


If it is stable and pull-out decision still does not work, maybe try to download a fresh firmware of cisco.com, then reflash the router with firmware then reset factory of the router and manually reconfigure your settings and see if your seeing the same issue.


I would like to know how it works.

Tags: Cisco Support

Similar Questions

  • What is VPN Passthrough

    I read in my Configuration 5508 Guide one of the features that this plug controller supported is VPN passthrough.  What is c?

    Thank you

    Kevin

    He let VPN packets around the strategy of web authentication:

    http://www.Cisco.com/en/us/docs/wireless/controller/7.0/Configuration/Guide/c70wlan.html#wpmkr1384237

  • Client VPN routing issue

    I am trying to configure client vpn software ver 5.0 for remote to connect to the local network behind a 1801 users.

    I can get the client saying its connected but traffic is not circulate outside in:

    When I try to ping an address 192.168.2.x behind the 1801 I get a response from the public ip address but then when I try to ping to another address I have no answer.

    I guess the question is associated with NAT.

    Here is my config, your help is apprecited

    horodateurs service debug datetime msec

    Log service timestamps datetime msec

    encryption password service

    !

    host name C#.

    !

    boot-start-marker

    boot-end-marker

    !

    enable password 7 #.

    !

    AAA new-model

    !

    AAA authentication login userauthen local

    AAA authorization groupauthor LAN

    !

    AAA - the id of the joint session

    !

    IP cef

    !

    IP domain name # .local

    property intellectual auth-proxy max-nodata-& 3

    property intellectual admission max-nodata-& 3

    !

    Authenticated MultiLink bundle-name Panel

    !

    username password admin privilege 15 7 #.

    !

    crypto ISAKMP policy 3

    BA 3des

    preshared authentication

    Group 2

    !

    ISAKMP crypto client configuration group 1801Client

    key ##############

    DNS 192.168.2.251

    win 192.168.2.251

    field # .local

    pool VpnPool

    ACL 121

    !

    Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT

    !

    Crypto-map dynamic dynmap 10

    Set transform-set RIGHT

    !

    map clientmap client to authenticate crypto list userauthen

    card crypto clientmap isakmp authorization list groupauthor

    client configuration address map clientmap throwing crypto

    client configuration address map clientmap crypto answer

    10 ipsec-isakmp crypto map clientmap Dynamics dynmap

    !

    Archives

    The config log

    hidekeys

    !

    property intellectual ssh time 60

    property intellectual ssh authentication-2 retries

    !

    interface FastEthernet0

    address IP 87. #. #. # 255.255.255.252

    IP access-group 113 to

    NAT outside IP

    IP virtual-reassembly

    automatic duplex

    automatic speed

    clientmap card crypto

    !

    interface BRI0

    no ip address

    encapsulation hdlc

    Shutdown

    !

    interface FastEthernet1

    interface FastEthernet8

    !

    ATM0 interface

    no ip address

    Shutdown

    No atm ilmi-keepalive

    DSL-automatic operation mode

    !

    interface Vlan1

    IP 192.168.2.245 255.255.255.0

    IP nat inside

    IP virtual-reassembly

    !

    IP pool local VpnPool 192.168.3.200 192.168.3.210

    no ip forward-Protocol nd

    IP route 0.0.0.0 0.0.0.0 87. #. #. #

    !

    !

    no ip address of the http server

    no ip http secure server

    the IP nat inside source 1 interface FastEthernet0 overload list

    IP nat inside source static tcp 192.168.2.251 25 87. #. #. # 25 expandable

    Several similar to the threshold with different ports

    !

    access-list 1 permit 192.168.2.0 0.0.0.255

    access-list 113 allow host tcp 82. #. #. # host 87. #. #. # eq 22

    access-list 113 permit tcp 84. #. #. # 0.0.0.3 host 87. #. #. # eq 22

    access-list 113 allow host tcp 79. #. #. # host 87. #. #. # eq 22

    access-list 113 tcp refuse any any eq 22

    access-list 113 allow host tcp 82. #. #. # host 87. #. #. # eq telnet

    access-list 113 permit tcp 84. #. #. # 0.0.0.3 host 87. #. #. # eq telnet

    access-list 113 allow host tcp 79. #. #. # host 87. #. #. # eq telnet

    access-list 113 tcp refuse any any eq telnet

    113 ip access list allow a whole

    access-list 121 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255

    access-list 121 allow ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

    !

    control plan

    !

    Line con 0

    line to 0

    line vty 0 4

    transport input telnet ssh

    !

    end

    you have ruled out the IP address of the customer the NAT pool

    either denying them in access list 1

    or do road map that point to the loopback address as a next hop for any destent package for your pool to avoid nat

    first try to put this article in your access-lst 110

    access-list 110 deny 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255

    access-list 110 permit 192.168.2.0 0.0.0.255 any

    sheep allow 10 route map

    corresponds to the IP 110

    remove your old nat and type following one

    IP nat inside source overload map route interface fastethernet0 sheep

    rate if useful

    and let me know, good luck

  • Anyconnect VPN migration issues

    Hi, I do Anyconnect VPN from an ASA ASA migration another. I need your suggestion. Migration must transfer customization and anyconnect vpn configuration. After that I reviewed some documents, looks like the configuration and customization are not the only thing that needs to be transferred. Everything can give some suggestion exactly what needs to be transferred in addition to customization and configuration vpn? Thank you

    Hello

    Although the copy of the configuration of one firewall to another will get all the anyconnect rules and the installation program completed, but the flash content (IE anyconnect programs, profiles anyconnect, customizations anyconnect, bookmarks, and dap profiles) is not transferred to the other ASA. They must be downloaded manually to the ASA again.

    Another way to do this is through ASDM,

    Go to tools > configuration backup:

    Select the components of the VPN you want to create a backup for.

    NOTE *.
    This backup will be restored as a whole via ASDM and substitute another configuration.
    So, you might want to restore the backup to a fresh firewall and then import the configuration and the images of the SAA.

    Otherwise, you can go the ususal path, the anyconnect first configuration copy and then manually transfer components anyconnect flash of one ASA to another.

    **********

    Kind regards
    Dinesh Moudgil

    PS Please rate helpful messages.

  • RVS4000 / WRVS4400 VPN routing issue.

    I would like to simplify my installation a bit, but unfortunately I do not know how to do this.

    I have a triangle of CSB RVS, 2 RVS4000, 1 WRVS4400 devices

    each router has a VPN gateway to gateway with 2 others, to any one of the 3 sites, you can access resources on the other 2.

    It also works well, if for some reason, one of the legs of the VPN breaks down, it passes through the other router.  at least it seems to work that way when it is tested.

    Now enter my problem.  I have 2 laptops that go around, Mine and at the office.  If any of these are off site and connect to a router via the QuickVPN client.  they can see the resources on the router, to which they connect.

    How would I be able to connect to the Router 1 and be able to access resources on other VPN routers ' ed?

    It is not so much a problem on the router because it is on the QuickVPN. When you go to an IP address that is not on the local network from the router, the QuickVPN does not and it that the request is sent to the internet.

    The only way to access the other site and resources would be to unplug the first router and connect to each other.

  • VPN MTU issue

    Hello

    I have a router 2901, building a private network to a dynamic virtual third party peripheral.  The VPN initially was hurt by the way some of the traffic.  Pings worked, would not HTTP.  So, I made a few captures of packets and saw that she needed to become fragmented.  So I put the external interface mtu around 1380, and the VPN began to work perfectly.  However, he "broke" regular web access.  Now a few other sites (on the Internet/non-VPN) attended the same behavior.

    My topology is very simple hand-off ISP - router 2901 - internal Ethernet switch.

    What is the correct design of MTU for this scenario?

    Thank you

    Edit: Here is a broad generalization

    Unless you need to worry about protocols large datagram twist MSS instead of MTU.

    Or adjust the MTU (and MSS) on logical interfaces (tunnel or VT)

    M.

  • Any concerns of connection VPN security issue.

    Hi guys,.

    I set up a VPN on Cisco ASA & our mobility users are able to connect VPN successfully and access my LAN environment but our senior management says there provide less security & any hacker can hack easily.

    Someone can help me on this point, how can provide more security in Anyconnect VPN, I think on the Anyconnect host control features, but I think it works only with the secure desktop.

    Kind regards

    Nafis Ashique

    In short, you have just a few steps:

    1. enroll the certificate root of your PKI to customers and to the ASA (if not already done).
    2. enroll certificates from the client to the customers. It will be easier if they are in the user store. As far as I know, you cannot use the certificates stored in the IPsec VPN client store.
    3. reconfigure the ASA to use certificate authentication

    In a little more detail found in this document.

  • Cisco ASA 5505 VPN passthrough

    Hello

    @home i'f installed a Cisco asa 5505 because the provider has the modem cable in transparent mode. So I have the public IP address to my firewall.

    Also for the training because we have in the work of the asa. So I have no feeling with her.

    but sometimes I have to build a VPN session to a server at work. But I do not get a connection to the server. If I remove the ASA 5505, then the connection to the server of work is great. But if to ASA 5505 is back in its place. It does not log VPN to the outside world.

    Could someone point me in the right direction?

    It is possible to create a connection out to the Cisco ASA5505 VPN.

    Thanks in advance

    Greetings

    Palermo

    Hi Palermo,

    You do not have to mention the type of VPN connection, you use.

    If the PPTP protocol then you need to inspect the traffic for the SAA allow again from 'outside '. Try the following:

     ! class-map inspection_default match default-inspection-traffic ! policy-map global_policy class inspection_default inspect pptp ! service-policy global_policy global !

    see you soon,

    SEB.

  • Easy vpn server issues of Cisco 800 series.

    Hello.

    I want to deploy the easy vpn server on cisco 876 and 877 10 routers and access from a remote location (company headquarters). When I leave the firewall of the router off the vpn server works. When I turn it on it doesn't.

    Although I allow all traffic to my ip for example 80.76.61.158 I can't access the vpn server.

    I tried a place to let the firewall off and it worked fine.

    I use SDM to configure the vpn server. Any ideas what I can do with the cause of firewall I really can't leave it "open."

    Thanks in advance.

    It would be a good idea to paste the configuration of the VPN server to the firewall.

    Kind regards

    Kamal

  • Remote vpn routing issue

    Hi, please find the attachment.

    I want remote access client vpn server that connect you to my ASA 5510 outside interface.

    Is this possible via the static route set or something else?

    Thank you very much!!!

    Hello

    There is not enough information to give a good answer. This should be possible, but your level ASA software firewall and VPN Client configurations factor in this also.

    If you have a customer VPN Split Tunnel configuration, then you must add a rule to the existing ACL and say the IP address of the server. If you use Client VPN full Tunnel while you don't have to worry about the same thing only with Split Tunnel.

    Then you will probably need the configuration "permit same-security-traffic intra-interface" so that traffic can enter the 'outside' and leave 'outside' to the server. It won't work without the mentioned order.

    You will also need a PAT Dynamics example

    If you use a software 8.2 or below and have this dynamic PAT defect for LAN users

    Global 1 interface (outside)

    NAT (1 x.x.x.x y.y.y.y inside)

    Then for the Pool of Client VPN you can add this

    NAT (outside) 1 20.20.20.0 255.255.255.0

    More often, this should be sufficient to allow the traffic to arrive on the VPN Client user ASA and out of 'outside' interface and head to the server.

    Hope this helps

    Don't forget to mark the reply as the answer if it answered your question.

    -Jouni

  • VPN / Natting issue - connectivity to 3rd Party Partner Site

    Hello

    I received a request to provide a connectivity solution between our private server 10.102.x.y and a3rd advantage partner server. 10.247.x.y solution of VPN site to site. I want to hide our real IP of 10.102.x.y and replace 10.160.x.y (using Natting).

    The configuration is the following:

    3rd party partner server->

    		 3rd party ASA FW-> Tunnel VPN IPSec Internet-> Our ASA FW-> Our server private
    10.247.x.y

    10.102.x.y private IP

    NAT'd IP10.160.xy

    My dogs entered so far (still awaiting 3rd party to set up their ASA)

    name 10.160.x.y OurNat'dServer

    crypto ISAKMP policy 6
    preshared authentication
    aes-256 encryption
    sha hash
    Group 5
    lifetime 28800

    Crypto ipsec transform-set 3rd Party esp-aes-256 esp-sha-hmac

    3rd party ip host 10.160.x.y host 10.247.x.y allowed extended access list

    tunnel-group 80.x.x.x type ipsec-l2l
    80.x.x.x group of tunnel ipsec-attributes
    pre-shared key xxxxxxxxx

    football match 117 card crypto vpnmap address 3rd party

    card crypto vpnmap 117 counterpart set 80.x.x.x

    card crypto vpnmap 117 the transform-set 3rd Party value

    public static 10.160.x.y (Interior, exterior) 10.102.x.y netmask 255.255.255.255

    The config goes to meet my requirements and the solution envisaged, or is my inaccurate understanding?

    Any help on this would be appreciated.

    Thanks in advance,

    Select this option.

    Hello

    Who will break actually internet traffic with this server because the external address that is sent over the internet is considered to be a 10.160.x.y.  In the past, I did something like this:

    public static 10.160.x.y (Interior, exterior), list-dest-3rdParty access policy

    policy-dest-3rdParty of the ip host 10.102.x.y host 10.247.x.y allowed extended access list

    Who will ONLY perform NAT traffic on this server if traffic is coming from the 10.247.x.y.

  • VPN routing issues...

    Here's my problem, with a bit of luck can someone help...

    I use the Cisco client to establish a connection with a client.  Once the connection is established that I can navigate is more on my local network.  Here are the results of the command ipconfig for the local card and the VPN adapter.

    Any help would be greatly appreciated.

    Windows IP configuration

    Name of the host...: nvcadmin06

    Primary Dns suffix...:

    ... Node type: unknown

    Active... IP routing: No.

    Active... proxy WINS: No.

    Ethernet connection to the Local network card:

    The connection-specific DNS suffix. :

    ... Description: Broadcom NetXtreme 57xx Gigabit Controller

    Physical address.... : 00-18-8B-00-5C-B1

    DHCP active...: No.

    ... The IP address: 10.20.0.5

    ... Subnet mask: 255.0.0.0.

    ... Default gateway. : 10.0.0.1.

    DNS servers...: 10.0.0.1.

    208.67.222.222

    Ethernet connection to the network space 2 card:

    The connection-specific DNS suffix. :

    ... Description: Cisco Systems VPN card

    Physical address.... : 00-05-9A-3C-78-00

    DHCP active...: No.

    ... The IP address: 10.10.10.197

    ... Subnet mask: 255.0.0.0.

    ... Default gateway. :

    DNS servers...: 192.168.2.19

    Thank you in advance.

    Hi Eric,.

    Unfortunately not, this is controlled by the VPN server.

    You can try changing the routing on your machine by using static routes, but it is not supported, because it is considered a security risk.

    I would recommend you to communicate with the remote administrator and explain that you must "split tunneling" instead of "tunnelall".

    Thank you.

    Portu.

    Please note all useful posts

  • RV042 VPN connection issues

    Hello

    I've successfully connected two RV042s to establish a VPN gateway to connect to a VPN gateway. I have follow up questions, please comment:

    1. I want to keep the time of indefinite VPN tunnel connection. Is it enough by ticking the 'Keep-Alive' on the VPN-> gateway-to-gateway-> page in advance? Or, I ping the RV042 periodically?

    2. the "Phase 1/Phase 2 times of HIS life" (on-> page from gateway to gateway VPN) settings have no impact on the maintenance of indefinite time of VPN connection? What are the optimal values for them?

    3. is there an API, command or a script to replace a manual by clicking on the button "CONNECT" to establish the VPN to VPN tunnel-> summary page? Or, is there a way to achieve the power upward?

    4. is there a way to establish a VPN tunnel bypassing the connection and clicking on the button "CONNECT"? (Auto connect to power up)?

    Thank you in advance for the comments.

    Steve

    Hello Stephen

    I have a question as well. We have a RV042 that does not restore the connection

    unless we hit the Connect button. Then everything is fine - after a while he gave up the connection

    Yet once and we have to connect and log in again

    Still having the problem?

    Mike

  • Unable to phase 1 estabislt of site to site VPN

    Hi Experts,

    Site-B(router)---Modem---Internet---Site-A(router)

    I am trying to create a VPN Site-to-stie Ipsec between cisco2900 & cisco 861 and here is the scenario. Please find attached file connectivity diagram.

    The issue is there is a modem provided by the ISP on Site-B and 861 cisco router is connected to that modem and the connection is given through RJ11 and there is no available on Site-B router ADSL port.

    Based on the above mentioned scenario here is the config

    Site b: -.

    crypto ISAKMP policy 1
    BA 3des
    md5 hash
    preshared authentication
    Group 2

    ISAKMP crypto key CITDENjan2014 address 80.227.xx.xx

    Crypto ipsec transform-set ETH-Dxb-esp-3des esp-md5-hmac
    tunnel mode

    crypto map 1 VPN ipsec-isakmp
    the value of 80.227.xx.xx peer
    game of transformation-ETH-to-Dxb
    match address 110

    FA 4 interface
    IP 192.168.1.254 255.255.255.0
    VPN crypto card

    IP route 0.0.0.0 0.0.0.0 192.168.1.1

    IP access-list ext 110
    ip permit 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255

    Screenshots of good will find ADSL modem for the information below

    Double configuration on the LAN interface of the ADSL modem with ip address

    I did port forwarding on the modem, although I did not port forwarding before I'm not sure whether it is correct or not.

    Site-one router Config: -.

    crypto ISAKMP policy 1
    BA 3des
    md5 hash
    preshared authentication
    Group 2

    ISAKMP crypto key CITDENjan2014 address 197.156.xx.xx

    Crypto ipsec transform-set Dxb ETH esp-3des esp-md5-hmac
    tunnel mode

    map-Dxb-Nigeria 20 ipsec-isakmp crypto
    the value of 197.156.xx.xx peer
    game of transformation-Dxb-to-ETH
    match address 120

    interface GigabitEthernet0/1
    IP address 80.227.xx.xx 255.255.255.252
    card crypto Dxb-to-Nigeria

    IP route 0.0.0.0 0.0.0.0 GigabitEthernet0/1

    access-list 120 permit ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255
    access-list 101 deny ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255
    access-list 101 permit ip 192.168.10.0 0.0.0.255 any

    IP nat inside source map route SDM_RMAP_1 interface GigabitEthernet0/1 overload

    allowed SDM_RMAP_1 1 route map
    corresponds to the IP 101

    Connects to router B-Site: -.

    * 13:02:06.735 Apr 16: ISAKMP (0): packet received 80.227.xx.xx dport 500 sport 1 Global (N) SA NEWS
    * 13:02:06.735 Apr 16: ISAKMP: created a struct peer 80.227.xx.xx, peer port 1
    * 13:02:06.735 Apr 16: ISAKMP: new position created post = 0x886B0310 peer_handle = 0x8000001D
    * 13:02:06.735 Apr 16: ISAKMP: lock struct 0x886B0310, refcount 1 to peer crypto_isakmp_process_block
    * 13:02:06.735 Apr 16: ISAKMP: 500 local port, remote port 1
    * 13:02:06.735 Apr 16: ISAKMP: find a dup her to the tree during the isadb_insert his 88776 A 88 = call BVA
    * 13:02:06.735 Apr 16: ISAKMP: (0): entry = IKE_MESG_FROM_PEER, IKE_MM_EXCH
    * 13:02:06.735 Apr 16: ISAKMP: (0): former State = new State IKE_READY = IKE_R_MM1

    * 16 Apr 13:02:06.735: ISAKMP: (0): treatment ITS payload. Message ID = 0
    * 16 Apr 13:02:06.735: ISAKMP: (0): load useful vendor id of treatment
    * 16 Apr 13:02:06.735: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 69
    * 13:02:06.735 Apr 16: ISAKMP (0): provider ID is NAT - T RFC 3947
    * Apr 16
    ETH - CIT # 13:02:06.735: ISAKMP: (0): load useful vendor id of treatment
    * 16 Apr 13:02:06.735: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 245
    * 13:02:06.739 Apr 16: ISAKMP (0): provider ID is NAT - T v7
    * 16 Apr 13:02:06.739: ISAKMP: (0): load useful vendor id of treatment
    * 16 Apr 13:02:06.739: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 157
    * 16 Apr 13:02:06.739: ISAKMP: (0): provider ID is NAT - T v3
    * 16 Apr 13:02:06.739: ISAKMP: (0): load useful vendor id of treatment
    * 16 Apr 13:02:06.739: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 123
    * 16 Apr 13:02:06.739: ISAKMP: (0): provider ID is NAT - T v2
    * 13:02:06.739 Apr 16: ISAKMP: (0): pair found pre-shared key matching 80.227.xx.xx
    * 16 Apr 13:02:06.739: ISAKMP: (0): pre-shared key local found
    * 13:02:06.739 Apr 16: ISAKMP: analysis of the profiles for xauth...


    * 13:02:06.739 Apr 16: ISAKMP: (0): audit ISAKMP transform 1 against the policy of priority 1
    * 13:02:06.739 Apr 16: ISAKMP: 3DES-CBC encryption
    * 13:02:06.739 Apr 16: ISAKMP: MD5 hash
    * 13:02:06.739 Apr 16: ISAKMP: group by default 2
    * 13:02:06.739 Apr 16: ISAKMP: pre-shared key auth
    * 13:02:06.739 Apr 16: ISAKMP: type of life in seconds
    * 13:02:06.739 Apr 16: ISAKMP: life (IPV) 0 x 0 0 x 1 0 x 51 0x80
    * 13:02:06.739 Apr 16: ISAKMP: (0): atts are acceptable. Next payload is 0
    * 13:02:06.739 Apr 16: ISAKMP: (0): Acceptable atts: real life: 0
    * 13:02:06.739 Apr 16: ISAKMP: (0): Acceptable atts:life: 0
    * 13:02:06.739 Apr 16: ISAKMP: (0): fill atts in his vpi_length:4
    * 13:02:06.739 Apr 16: ISAKMP: (0): fill atts in his life_in_seconds:86400
    * 13:02:06.739 Apr 16: ISAKMP: (0): return real life: 86400
    * 13:02:06.739 Apr 16: ISAKMP: (0): timer life Started: 86400.

    * 16 Apr 13:02:06.739: ISAKMP: (0): load useful vendor id of treatment
    * 16 Apr 13:02:06.739: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 69
    * 13:02:06.739 Apr 16: ISAKMP (0): provider ID is NAT - T RFC 3947
    * 16 Apr 13:02:06.739: ISAKMP: (0): load useful vendor id of treatment
    * 16 Apr 13:02:06.739: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 245
    * 13:02:06.739 Apr 16: ISAKMP (0): provider ID is NAT - T v7
    * 16 Apr 13:02:06.739: ISAKMP: (0): load useful vendor id of treatment
    * 16 Apr 13:02:06.739: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 157
    * 16 Apr 13:02:06.739: ISAKMP: (0): provider ID is NAT - T v3
    * 16 Apr 13:02:06.739: ISAKMP: (0): load useful vendor id of treatment
    * 16 Apr 13:02:06.739: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 123
    * 16 Apr 13:02:06.739: ISAKMP: (0): provider ID is NAT - T v2
    * 13:02:06.739 Apr 16: ISAKMP: (0): entry = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
    * 13:02:06.739 Apr 16: ISAKMP: (0): former State = new State IKE_R_MM1 = IKE_R_MM1

    * 16 Apr 13:02:06.739: ISAKMP: (0): built of NAT - T of the seller-rfc3947 ID
    * 16 Apr 13:02:06.739: ISAKMP: (0): 80.227.xx.xx my_port 500 peer_port 1 (R) package is sent MM_SA_SETUP
    * 13:02:06.739 Apr 16: ISAKMP: (0): sending a packet IPv4 IKE.
    * 13:02:06.739 Apr 16: ISAKMP: (0): entry = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
    * 13:02:06.739 Apr 16: ISAKMP: (0): former State = new State IKE_R_MM1 = IKE_R_MM2

    * 13:02:06.995 Apr 16: ISAKMP (0): packet received 80.227.xx.xx dport 500 sport 1 Global (R) MM_SA_SETUP
    * 13:02:06.995 Apr 16: ISAKMP: (0): entry = IKE_MESG_FROM_PEER, IKE_MM_EXCH
    * 13:02:06.999 Apr 16: ISAKMP: (0): former State = new State IKE_R_MM2 = IKE_R_MM3

    * 16 Apr 13:02:06.999: ISAKMP: (0): processing KE payload. Message ID = 0
    * 16 Apr 13:02:07.027: ISAKMP: (0): processing NONCE payload. Message ID = 0
    * 13:02:07.027 Apr 16: ISAKMP: (0): pair found pre-shared key matching 80.227.xx.xx
    * 16 Apr 13:02:07.027: ISAKMP: (2028): load useful vendor id of treatment
    * 16 Apr 13:02:07.027: ISAKMP: (2028): provider ID is DPD
    * 16 Apr 13:02:07.027: ISAKMP: (2028): load useful vendor id of treatment
    * 16 Apr 13:02:07.027: ISAKMP: (2028): addressing another box of IOS!
    * 16 Apr 13:02:07.027: ISAKMP: (2028): load useful vendor id of treatment
    * 16 Apr 13:02:07.027: ISAKMP: (2028): provider ID seems the unit/DPD but major incompatibility of 241
    * 16 Apr 13:02:07.027: ISAKMP: (2028): provider ID is XAUTH
    * 13:02:07.027 Apr 16: ISAKMP: receives the payload type 20
    * 13:02:07.027 Apr 16: ISAKMP (2028): NAT found, both nodes inside the NAT
    * 13:02:07.027 Apr 16: ISAKMP: receives the payload type 20
    * 13:02:07.027 Apr 16: ISAKMP (2028): NAT found, both nodes inside the NAT
    * 13:02:07.027 Apr 16: ISAKMP: (2028): entry = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
    * 13:02:07.027 Apr 16: ISAKMP: (2028): former State = new State IKE_R_MM3 = IKE_R_MM3

    * 16 Apr 13:02:07.027: ISAKMP: (2028): 80.227.xx.xx my_port 500 peer_port 1 (R) package is sent MM_KEY_EXCH
    * 13:02:07.027 Apr 16: ISAKMP: (2028): sending a packet IPv4 IKE.
    * 13:02:07.027 Apr 16: ISAKMP: (2028): entry = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
    * 13:02:07.027 Apr 16: ISAKMP: (2028): former State = new State IKE_R_MM3 = IKE_R_MM4

    ETH - CIT #.
    ETH - CIT #.
    * 16 Apr 13:02:17.027: ISAKMP: (2028): transmit phase 1 MM_KEY_EXCH...
    * 13:02:17.027 Apr 16: ISAKMP (2028): increment the count of errors on his, try 1 5: retransmit the phase 1
    * 16 Apr 13:02:17.027: ISAKMP: (2028): transmit phase 1 MM_KEY_EXCH
    * 16 Apr 13:02:17.027: ISAKMP: (2028): 80.227.xx.xx my_port 500 peer_port 1 (R) package is sent MM_KEY_EXCH
    * 13:02:17.027 Apr 16: ISAKMP: (2028): sending a packet IPv4 IKE.

    Connects to the router Site-one: -.

    * 13:15:28.109 Apr 16: ISAKMP (1263): packet received dport 500 sport Global 500 (I) MM_KEY_EXCH 197.156.xx.xx
    * 16 Apr 13:15:28.109: ISAKMP: (1263): package of phase 1 is a duplicate of a previous package.
    * 16 Apr 13:15:28.109: ISAKMP: (1263): retransmission due to phase 1 of retransmission
    * 16 Apr 13:15:28.609: ISAKMP: (1263): transmit phase 1 MM_KEY_EXCH...
    * 13:15:28.609 Apr 16: ISAKMP (1263): increment the count of errors on his, try 4 out 5: retransmit the phase 1
    * 16 Apr 13:15:28.609: ISAKMP: (1263): transmit phase 1 MM_KEY_EXCH
    * 16 Apr 13:15:28.609: ISAKMP: (1263): package 197.156.xx.xx my_port 4500 peer_port 4500 (I) sending MM_KEY_EXCH
    * 13:15:28.609 Apr 16: ISAKMP: (1263): sending a packet IPv4 IKE.
    DXB - CIT #.
    * 13:15:38.109 Apr 16: ISAKMP (1263): packet received dport 500 sport Global 500 (I) MM_KEY_EXCH 197.156.xx.xx
    * 16 Apr 13:15:38.109: ISAKMP: (1263): package of phase 1 is a duplicate of a previous package.
    * 16 Apr 13:15:38.109: ISAKMP: (1263): retransmission due to phase 1 of retransmission
    * 16 Apr 13:15:38.609: ISAKMP: (1263): transmit phase 1 MM_KEY_EXCH...
    * 13:15:38.609 Apr 16: ISAKMP (1263): increment the count of errors on his, try 5 of 5: retransmit the phase 1
    * 16 Apr 13:15:38.609: ISAKMP: (1263): transmit phase 1 MM_KEY_EXCH
    * 16 Apr 13:15:38.609: ISAKMP: (1263): package 197.156.xx.xx my_port 4500 peer_port 4500 (I) sending MM_KEY_EXCH
    * 13:15:38.609 Apr 16: ISAKMP: (1263): sending a packet IPv4 IKE.
    DXB - CIT #.
    * 13:15:47.593 Apr 16: ISAKMP: set new node 0 to QM_IDLE
    * 13:15:47.593 Apr 16: ISAKMP: (1263): SA is still budding. Attached new request ipsec. (local 80.227.xx.xx, remote 197.156.xx.xx)
    * 13:15:47.593 Apr 16: ISAKMP: error during the processing of HIS application: failed to initialize SA
    * 13:15:47.593 Apr 16: ISAKMP: error while processing message KMI 0, error 2.
    * 16 Apr 13:15:48.609: ISAKMP: (1263): transmit phase 1 MM_KEY_EXCH...
    * 13:15:48.609 Apr 16: ISAKMP: (1263): peer does not paranoid KeepAlive.

    * 13:15:48.609 Apr 16: ISAKMP: (1263): removal of reason ITS status of 'Death by retransmission P1' (I) MM_KEY_EXCH (197.156.xx.xx peer)
    * 13:15:48.609 Apr 16: ISAKMP: (1263): removal of reason ITS status of 'Death by retransmission P1' (I) MM_KEY_EXCH (197.156.xx.xx peer)
    * 13:15:48.609 Apr 16: ISAKMP: Unlocking counterpart struct 0x23193AD4 for isadb_mark_sa_deleted(), count 0
    * 13:15:48.609 Apr 16: ISAKMP: delete peer node by peer_reap for 197.156.xx.xx: 23193AD4
    DXB - CIT #.
    DXB - CIT #.
    * 13:15:48.609 Apr 16: ISAKMP: (1263): error suppression node 1134682361 FALSE reason 'IKE deleted.
    * 13:15:48.609 Apr 16: ISAKMP: (1263): error suppression node 680913363 FALSE reason 'IKE deleted.
    * 13:15:48.609 Apr 16: ISAKMP: (1263): error suppression node 1740991762 FALSE reason 'IKE deleted.
    * 13:15:48.609 Apr 16: ISAKMP: (1263): entry = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
    * 13:15:48.609 Apr 16: ISAKMP: (1263): former State = new State IKE_I_MM5 = IKE_DEST_SA

    DXB - CIT #.
    DXB - CIT #shoc cry
    DXB - CIT #sho isa scream his
    IPv4 Crypto ISAKMP Security Association
    DST CBC conn-State id
    197.156.XX.XX 80.227.xx.xx MM_NO_STATE 1263 ACTIVE (deleted)

    IPv6 Crypto ISAKMP Security Association

    * 16 Apr 13:16:17.593: IPSEC (key_engine): request timer shot: count = 2,.
    local (identity) = 80.227.xx.xx:0, distance = 197.156.xx.xx:0,
    local_proxy = 192.168.10.0/255.255.255.0/256/0,
    remote_proxy = 192.168.1.0/255.255.255.0/256/0
    * 16 Apr 13:16:17.609: IPSEC (sa_request):,.
    (Eng. msg key.) Local OUTGOING = 80.227.xx.xx:500, distance = 197.156.xx.xx:500,
    local_proxy = 192.168.10.0/255.255.255.0/256/0,
    remote_proxy = 192.168.1.0/255.255.255.0/256/0,
    Protocol = ESP, transform = esp-3des esp-md5-hmac (Tunnel),
    lifedur = 3600 s and KB 4608000,
    SPI = 0 x 0 (0), id_conn = 0, keysize = 0, flags = 0 x 0
    * 16 Apr 13:16:17.609: ISAKMP: (0): profile of THE request is (NULL)
    * 13:16:17.609 Apr 16: ISAKMP: created a struct peer 197.156.xx.xx, peer port 500
    * 13:16:17.609 Apr 16: ISAKMP: new created position = 0x23193AD4 peer_handle = 0 x 80001862
    * 13:16:17.609 Apr 16: ISAKMP: lock struct 0x23193AD4, refcount 1 to peer isakmp_initiator
    * 13:16:17.609 Apr 16: ISAKMP: 500 local port, remote port 500
    * 13:16:17.609 Apr 16: ISAKMP: set new node 0 to QM_IDLE
    * 13:16:17.609 Apr 16: ISAKMP: find a dup her to the tree during the isadb_insert his 270A2FD0 = call BVA
    * 13:16:17.609 Apr 16: ISAKMP: (0): cannot start aggressive mode, try the main mode.
    * 13:16:17.609 Apr 16: ISAKMP: (0): pair found pre-shared key matching 197.156.xx.xx
    * 16 Apr 13:16:17.609: ISAKMP: (0): built of NAT - T of the seller-rfc3947 ID
    * 16 Apr 13:16:17.609: ISAKMP: (0): built the seller-07 ID NAT - t
    * 16 Apr 13:16:17.609: ISAKMP: (0): built of NAT - T of the seller-03 ID
    * 16 Apr 13:16:17.609: ISAKMP: (0): built the seller-02 ID NAT - t
    * 13:16:17.609 Apr 16: ISAKMP: (0): entry = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
    * 13:16:17.609 Apr 16: ISAKMP: (0): former State = new State IKE_READY = IKE_I_MM1

    * 16 Apr 13:16:17.609: ISAKMP: (0): Beginner Main Mode Exchange
    * 16 Apr 13:16:17.609: ISAKMP: (0): package 197.156.xx.xx my_port 500 peer_port 500 (I) sending MM_NO_STATE
    * 13:16:17.609 Apr 16: ISAKMP: (0): sending a packet IPv4 IKE.
    * 13:16:17.865 Apr 16: ISAKMP (0): packet received dport 500 sport Global 500 (I) MM_NO_STATE 197.156.xx.xx
    * 13:16:17.865 Apr 16: ISAKMP: (0): entry = IKE_MESG_FROM_PEER, IKE_MM_EXCH
    * 13:16:17.865 Apr 16: ISAKMP: (0): former State = new State IKE_I_MM1 = IKE_I_MM2

    * 16 Apr 13:16:17.865: ISAKMP: (0): treatment ITS payload. Message ID = 0
    * 16 Apr 13:16:17.869: ISAKMP: (0): load useful vendor id of treatment
    * 16 Apr 13:16:17.869: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 69
    * 13:16:17.869 Apr 16: ISAKMP (0): provider ID is NAT - T RFC 3947
    * 13:16:17.869 Apr 16: ISAKMP: (0): pair found pre-shared key matching 197.156.xx.xx
    * 16 Apr 13:16:17.869: ISAKMP: (0): pre-shared key local found
    * 13:16:17.869 Apr 16: ISAKMP: analysis of the profiles for xauth... ciscocp-ike-profile-1
    * 16 Apr 13:16:17.869: ISAKMP: (0): pre-shared xauth authentication
    * 13:16:17.869 Apr 16: ISAKMP: (0): audit ISAKMP transform 1 against the policy of priority 1
    * 13:16:17.869 Apr 16: ISAKMP: 3DES-CBC encryption
    * 13:16:17.869 Apr 16: ISAKMP: MD5 hash
    * 13:16:17.869 Apr 16: ISAKMP: group by default 2
    * 13:16:17.869 Apr 16: ISAKMP: pre-shared key auth
    * 13:16:17.869 Apr 16: ISAKMP: type of life in seconds
    * 13:16:17.869 Apr 16: ISAKMP: life (IPV) 0 x 0 0 x 1 0 x 51 0x80
    * 13:16:17.869 Apr 16: ISAKMP: (0): atts are acceptable. Next payload is 0
    * 13:16:17.869 Apr 16: ISAKMP: (0): Acceptable atts: real life: 0
    * 13:16:17.869 Apr 16: ISAKMP: (0): Acceptable atts:life: 0
    * 13:16:17.869 Apr 16: ISAKMP: (0): fill atts in his vpi_length:4
    * 13:16:17.869 Apr 16: ISAKMP: (0): fill atts in his life_in_seconds:86400
    * 13:16:17.869 Apr 16: ISAKMP: (0): return real life: 86400
    * 13:16:17.869 Apr 16: ISAKMP: (0): timer life Started: 86400.

    * 16 Apr 13:16:17.869: ISAKMP: (0): load useful vendor id of treatment
    * 16 Apr 13:16:17.869: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 69
    * 13:16:17.869 Apr 16: ISAKMP (0): provider ID is NAT - T RFC 3947
    * 13:16:17.869 Apr 16: ISAKMP: (0): entry = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
    * 13:16:17.869 Apr 16: ISAKMP: (0): former State = new State IKE_I_MM2 = IKE_I_MM2

    * 16 Apr 13:16:17.869: ISAKMP: (0): package 197.156.xx.xx my_port 500 peer_port 500 (I) sending MM_SA_SETUP
    * 13:16:17.869 Apr 16: ISAKMP: (0): sending a packet IPv4 IKE.
    * 13:16:17.869 Apr 16: ISAKMP: (0): entry = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
    * 13:16:17.869 Apr 16: ISAKMP: (0): former State = new State IKE_I_MM2 = IKE_I_MM3

    * 13:16:18.157 Apr 16: ISAKMP (0): packet received dport 500 sport Global 500 (I) MM_SA_SETUP 197.156.xx.xx
    * 13:16:18.157 Apr 16: ISAKMP: (0): entry = IKE_MESG_FROM_PEER, IKE_MM_EXCH
    * 13:16:18.157 Apr 16: ISAKMP: (0): former State = new State IKE_I_MM3 = IKE_I_MM4

    * 16 Apr 13:16:18.157: ISAKMP: (0): processing KE payload. Message ID = 0
    * 16 Apr 13:16:18.181: ISAKMP: (0): processing NONCE payload. Message ID = 0
    * 13:16:18.181 Apr 16: ISAKMP: (0): pair found pre-shared key matching 197.156.xx.xx
    * 16 Apr 13:16:18.181: ISAKMP: (1264): load useful vendor id of treatment
    * 16 Apr 13:16:18.181: ISAKMP: (1264): provider ID is the unit
    * 16 Apr 13:16:18.181: ISAKMP: (1264): load useful vendor id of treatment
    * 16 Apr 13:16:18.181: ISAKMP: (1264): provider ID is DPD
    * 16 Apr 13:16:18.181: ISAKMP: (1264): load useful vendor id of treatment
    * 16 Apr 13:16:18.185: ISAKMP: (1264): addressing another box of IOS!
    * 13:16:18.185 Apr 16: ISAKMP: receives the payload type 20
    * 13:16:18.185 Apr 16: ISAKMP (1264): NAT found, both nodes inside the NAT
    * 13:16:18.185 Apr 16: ISAKMP: receives the payload type 20
    * 13:16:18.185 Apr 16: ISAKMP (1264): NAT found, both nodes inside the NAT
    * 13:16:18.185 Apr 16: ISAKMP: (1264): entry = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
    * 13:16:18.185 Apr 16: ISAKMP: (1264): former State = new State IKE_I_MM4 = IKE_I_MM4

    * 13:16:18.185 Apr 16: ISAKMP: (1264): send initial contact
    * 13:16:18.185 Apr 16: ISAKMP: (1264): ITS been pre-shared key, using id ID_IPV4_ADDR type authentication
    * 13:16:18.185 Apr 16: ISAKMP (1264): payload ID
    next payload: 8
    type: 1
    address: 80.227.xx.xx
    Protocol: 17
    Port: 0
    Length: 12
    * 13:16:18.185 Apr 16: ISAKMP: (1264): the total payload length: 12
    * 16 Apr 13:16:18.185: ISAKMP: (1264): package 197.156.xx.xx my_port 4500 peer_port 4500 (I) sending MM_KEY_EXCH
    * 13:16:18.185 Apr 16: ISAKMP: (1264): sending a packet IPv4 IKE.
    * 13:16:18.185 Apr 16: ISAKMP: (1264): entry = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
    * 13:16:18.185 Apr 16: ISAKMP: (1264): former State = new State IKE_I_MM4 = IKE_I_MM5

    DXB - CIT #.
    * 13:16:28.157 Apr 16: ISAKMP (1264): packet received dport 500 sport Global 500 (I) MM_KEY_EXCH 197.156.xx.xx
    * 16 Apr 13:16:28.157: ISAKMP: (1264): package of phase 1 is a duplicate of a previous package.
    * 16 Apr 13:16:28.157: ISAKMP: (1264): retransmission due to phase 1 of retransmission
    * 16 Apr 13:16:28.657: ISAKMP: (1264): transmit phase 1 MM_KEY_EXCH...
    * 13:16:28.657 Apr 16: ISAKMP (1264): increment the count of errors on his, try 1 5: retransmit the phase 1
    * 16 Apr 13:16:28.657: ISAKMP: (1264): transmit phase 1 MM_KEY_EXCH
    * 16 Apr 13:16:28.657: ISAKMP: (1264): package 197.156.xx.xx my_port 4500 peer_port 4500 (I) sending MM_KEY_EXCH
    DXB - CIT #.
    * 13:16:28.657 Apr 16: ISAKMP: (1264): sending a packet IPv4 IKE.
    DXB - CIT #.
    DXB - CIT #.
    DXB - CIT #.
    DXB - CIT #.
    DXB - CIT #.
    DXB - CIT #.
    DXB - CIT #u all
    All possible debugging has been disabled
    DXB - CIT #.
    DXB - CIT #.
    * 13:16:38.157 Apr 16: ISAKMP (1264): packet received dport 500 sport Global 500 (I) MM_KEY_EXCH 197.156.xx.xx
    * 16 Apr 13:16:38.157: ISAKMP: (1264): package of phase 1 is a duplicate of a previous package.
    * 16 Apr 13:16:38.157: ISAKMP: (1264): retransmission due to phase 1 of retransmission
    * 13:16:38.609 Apr 16: ISAKMP: (1263): purge the node 1134682361
    * 13:16:38.609 Apr 16: ISAKMP: (1263): purge the node 680913363
    * 13:16:38.609 Apr 16: ISAKMP: (1263): purge the node 1740991762
    * 16 Apr 13:16:38.657: ISAKMP: (1264): transmit phase 1 MM_KEY_EXCH...
    * 13:16:38.657 Apr 16: ISAKMP (1264): increment the count of errors on his, try 2 of 5: retransmit the phase 1
    DXB - CIT #.
    DXB - CIT #.
    DXB - CIT #.
    DXB - CIT #.
    * 16 Apr 13:16:38.657: ISAKMP: (1264): transmit phase 1 MM_KEY_EXCH
    * 16 Apr 13:16:38.657: ISAKMP: (1264): package 197.156.xx.xx my_port 4500 peer_port 4500 (I) sending MM_KEY_EXCH
    * 13:16:38.657 Apr 16: ISAKMP: (1264): sending a packet IPv4 IKE.

    Hello

    your configuration looks correct. I was wondering that nat work very well, because I do not see ip nat inside and ip nat outside configured on A router.

    Please chceck whether ESP (50) is permitted (probably VPN passthrough) modem and also try to allow UDP 4500 (IPSEC NAT - T).

    Best regards

    Jan

  • RV180w - Firmware update - VPN unfit to work

    Hi all

    I'm starting this topic for may a response that I face a problem with VPN and most likely with the PORTS.

    My firmware is 1.0.0.30 and I update it 1.0.1.9.

    When I try to connect with my VPN, I am unable to reach with error 800. MS wrote that your firmware is too old, so you get this error.

    At the same time for VNC and other stafs was necessary for open ports. So far, it seems that the router does not open ports.

    What should I do? Retrun to the old firmware? Any change extremely new firmware so they add more optios for ports?

    All the configuration is exactly the same as it was before the upgrade.

    For more details let me know.

    Thank you.

    Andreas

    Hello

    Please use our forum

    Hi explorasi, my name is Johnnatan and I'm part of the community of support to small businesses.

    Did reboot you your router after the update of the Firmware? Sometimes the device needs her, also ensure your Vpn traffic is allowed on both sites, go VPN > VPN Passthrough. If the problem persists, please share some screenshots of your configuration (be careful with the confidential data).

    I hope you find this helpful answer * please mark the issue as response or note the answer so that other know when an answer has been found.

    Greetings,

    Johnnatan Rodriguez Miranda.

    Support of Cisco network engineer.

Maybe you are looking for

  • I lost the my computer icon on my screen.

    My computer icon disappeared from my office.  I used the time capsule to try back-up at an earlier date and perhaps recover it, without success. I can always find my applications... I tried to copy the icon in the finder and paste them into a folder

  • Utility TOSHIBA Power Saver for Satellite L40 - 17R

    Hi all... Firstly, thank you for the answer to my previous question, which got much help. I have another question. I had a laptop Tecra A4 before that ships with Toshiba Power Saver utility that can control the brightness and the different profiles o

  • Satellite Pro 6100 Wireless does not work after restoring from HARD drive

    After that restore disks for installing a new HD and use and to update XP sp2, the Wireless does not work and if the card is installed XP hangs then works in fits and starts. If the card not in place, not bad at all. Booting from a Linux CD, the card

  • EHCI USB 2.0 for windows XP drivers?

    I just bought a LG Portable Super Multidrive and it says that I need the driver for USb 2.0 can use it. I searched the entire site and couldn't ' find anything. It's a LG GPO8 Lite if that helps any. Help, please!

  • Need help for upgrade of Windows 10

    * Original title: update Windows I have a PC HP 8 years with Windows Vista Home Premium 32-bit, Windows 9, Version: 9.0 8112.16421 What can upgrade my computer with ie, Windows 11 Windows 10? and how do I go about it. Six months ago I bought a new co