RV042 VPN Connection Questions

Similar Messages

• Multiple VPN connection question

  I want to connect two on-premise locations to azure.  The hardware in these locations only support static routing so per the documentation I can only connect on site to site tunnel to the vpn connection in azure.
  Im curious what my options are, can I add two vpn's in azure and make it all work that way?  Also if I wanted could I simply run a VM (windows rras, linux, etc) inside my VNET and make it a VPN server that can accept two tunnels?
  thanks

  Hi Chris,
  Please be advised that for a Multi-Site VPN, you need to have a VPN Device that is compatible with Dynamic Routing.
  You could refer the following link for details about Multi-Site VPN:
  http://msdn.microsoft.com/en-us/library/azure/dn690124.aspx
  And the following link for the list of Azure Compatible VPN Devices and the Routing Configurations they support:
  http://msdn.microsoft.com/en-us/library/azure/jj156075.aspx#bkmk_VPN_Devics
  Also, please be advised Microsoft Azure Virtual Machines do not support Remote Access and Routing Roles.
  You could refer the following link for details:
  http://support.microsoft.com/kb/2721672
  Regards,Malar.

• Cisco RV042 VPN unable to connect to Netgear PS FVS318

  Hello,
  We recently replaced one of two Netgear ProSafe VPN FVS318 with a Cisco RV042 VPN. Both Netgear were configured site-site and was working fine until one of them failed. We copied as much configuration settings from the failed Netgear PS to the RV042 but were unsuccessful in establishing a connection between the two sites.
  The logs on the Cisco router shows this:
  VPN Log packet from 1.1.1.1:500: received Vendor ID payload [RFC 3947]  
  VPN Log packet from 1.1.1.1:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]  
  VPN Log packet from 1.1.1.1:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]  
  VPN Log packet from 1.1.1.1:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]  
  VPN Log packet from 1.1.1.1:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]  
  VPN Log packet from 1.1.1.1:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]  
  VPN Log packet from 1.1.1.1:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]  
  VPN Log packet from 1.1.1.1:500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet  
  VPN Log packet from 1.1.1.1:500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet  
  VPN Log packet from 1.1.1.1:500: initial Main Mode message received on 2.2.2.2:500 but no connection has been authorized with policy=PSK  
  Each time we select a tunnel test connect, that last message appears with "but no connection has been authorized with policy=PSK"
  *replaced actual IP with sample IP.
  Any ideas why this is happening?
  Thank you!

  Hello,
  It looks as RV042 receive phase 1 configuration from Netgear, but due to mismatch with it's phase 1 settings does not reply back.
  I can't be more specific as this could be anything in phase 1 - aggressive/main mode; the WAN IP addresses, encryption or SA lifetime. As well if any of the devices is behind NAT, the option NAT traversal should be checked.
  Regards,
  Kremena

• Question about VPN connections on a E2500 router

  Hello,
  I am working with vpn setups for the first time, so I have some questions I would really appriciate some help with. I would like to be able to connect to a computer on a home network through a linksys E2500 router. I have found alot of documentation on connecting to an external vpn from a computer on the lan side of the router, but nothing on connecting from the outside in. The router does have a static ip address with my internet provider, so I can contact the router from the outside. But makeing the connection to the computer on the other side of the router is where I am missing something or I dont realize that it is not possible. On the lan side I am using DHCP to assign the address to the computer I want to connect to. Perhaps I need to make it have a static address also? I realize that when I configure the connection from the outside that I need to direct the connection to the remote computer in some way, unless vpn connections are fully passed through the router and the connection issue I am haveing is with the "inside" computer.
  Other info:
  I am using windows 7 for the vpn access
  Thank you in advance for your help.

  ChicagoGuy72 wrote:
  Hello,
  I am working with vpn setups for the first time, so I have some questions I would really appriciate some help with. I would like to be able to connect to a computer on a home network through a linksys E2500 router. I have found alot of documentation on connecting to an external vpn from a computer on the lan side of the router, but nothing on connecting from the outside in. The router does have a static ip address with my internet provider, so I can contact the router from the outside. But makeing the connection to the computer on the other side of the router is where I am missing something or I dont realize that it is not possible. On the lan side I am using DHCP to assign the address to the computer I want to connect to. Perhaps I need to make it have a static address also? I realize that when I configure the connection from the outside that I need to direct the connection to the remote computer in some way, unless vpn connections are fully passed through the router and the connection issue I am haveing is with the "inside" computer.
  Other info:
  I am using windows 7 for the vpn access
  Thank you in advance for your help.
  Kindly check these links:
  http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00801e51e2.shtml
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a008009436a...

• ASA 5510 Anyconnect VPN question-"Hairpin" vpn connection on same external interface

  I have a Cisco ASA 5510, I want to allow a VPN connection to be established by a client on one of the inside interfaces(10.20.x.x) to be able to go out the single External interface and get authenticated by the ASA to create a VPN tunnel to the other inside interface (10.0.X.X) and access resources on that subnet.
  Basically want clients on a WLAN to be able to VPN back in to the LAN with the ASA in the middle to get to company resources,
  Is this possible?
  Thanks,
  Tommy

  When we connect any VPN on a device then it is always a TO THE DEVICE connection and I am afraid we can connect only to the local / nearest interface where user is connected in a network with respect to ASA.
  I have seen this scenario working though earlier with one of my clients wherein he has configured his DNS server accordingly so that depending upon the source of the DNS request an appropriate IP address was provided for same DNS name. For example if user from IP address range 192.168.0.0 range connects to abc.com then it will get IP address 192.168.1.1 and if a user from range IP address10.0.0.0 connects then it will get 10.1.1.1.
  If we configure the same scenario as well then your requirement will be fulfiled with same name however VPN has to be enabled on wireless interface again. If not, then as you have described configuring a new domain name for VPN connection only for wireless users should do the deal.
  Regards,
  Anuj

• RV042 VPN always connected.

  Running lastest 4.2 version. I am trying to create a site 2 site VPN.  Site A I create a VPN connection as soon as a save the connection the status shows connected.  How can that be I have not created the other end yet ( nice bug or what ? ). I Click on disconnect it still shows connected.  Only status change that works is disable ?                 

  Hi Conrad, thank you for using our forum, my name is Luis I am part of the Small business Support community. When you set the other side, did you have any connectivity issue? Is the VPN site-to-site connecting well?
  I hope you find this answer useful
  Greetings,
  Luis Arias.
  Cisco Network Support Engineer.

• Need Help Setup Cisco RV042 vpn

  good day everyone, a month ago my boss purchase 4 pcs cisco rv042 vpn to be used in our small office and to our satelite office, with expectations of simple file sharing and remote troubleshooting and for better and safe data transfer. since the task is given to me as an IT staff it is difficult to me to setup this vpn router since i have a little  idea and many question are on my mind that need to be answered, i read the manual test the vpn router but still no good answered found. i know it is dufficult but with proper guide and step by step on how to use this one i can make it work. please anyone help me i need answers to this questions.
  i am using windows 7 pro sp1 64bit for my test unit, how can i make a vpn server? a client?
  in the past i connect the internet connection in the internet connection port in the back of the router, then another cable from vpn port 1-4 i select #4 port to connect to my pc, since the vpn give the ip on my pc i can easily connect to the firmware of the vpn using the deafault username and password. when i go to the firmware i dont know where to start, and i dont even have the internet connection for my pc.
  i feel sorry for myself beacuse i have no idea in this kind of thing, CISCO people and others out there i am calling for your help.
  thank you in advance
  mel

  Dear Emilio,
  Thank you for reaching Cisco Small Business Support Community.
  If you’d like to setup a Site to Site VPN on your RV042 here is a good step by step guide;
  http://sbkb.cisco.com/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=304
  If you are looking into a remote access VPN, QuickVPN, here is the step by step procedure;
  http://sbkb.cisco.com/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=452
  Just in case here is also a document with Windows operating systems tips;
  http://sbkb.cisco.com/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=2922
  Finally here is a link with the Admin Guide where starting on page 122 you can find everything related to VPN setup on this particular device model, beside info in how to setup your internal network (I suggest you to go through this admin guide so you know everything about the router);
  http://www.cisco.com/en/US/docs/routers/csbr/rv0xx/administration/guide/rv0xx_AG_78-19576.pdf
  Please let me know if there is any further assistance we may assist you with.
  Kind regards,
  Jeffrey Rodriguez S. .:|:.:|:.
  Cisco Customer Support Engineer
  *Please rate the Post so other will know when an answer has been found.

• When will the 4.3.x iOS be fixed to allow VPN connections?

  Hello there,
  Our company has recently purchased two new Ipad 2's and can not get VPN connections working.
  We can connect through VPN on our Ipad 1's (4.2.1) But not on our second generation Ipad 2's (4.3.3).  After a quick search I have found similar problems reported when using OS 4.3.1 and later, with no current fixes being available.
  See thread: https://discussions.apple.com/thread/2778039?start=0&tstart=0   (22,000 views)
  My questions are, will there be a fix anytime soon or is it advisable to wait until iOS 5 is released?
  Is there any option to downgrade iOS versions?
  Why hasn't this been posted on the official Apple website as this clearly is false advertising?
  Regards,
  Kai.

  I am talking about APPLE'S in-built VPN option. Not anyone else's VPN solution. read: apple....
  Working fine for me with PPTP to a Cisco RV042, L2TP to a Windows 2003 server, and IPSec to a Cisco ASA5505.  All using iOS4.3.3 built-in VPN client.
  After a quick search I have found similar problems reported when using OS 4.3.1 and later, with no current fixes being available.
  Read through that thread you gave as an example very slowly, deliberately, and carefully.  I was very active in that thread and based in part on the info from that specific thread, IMHO the specific make and model of VPN endpoint you're connecting seems to be significant.  Once you filter out the numerous "me too" posts, it seems to me that many of the failures are connecting to Linux based VPN endpoints, particularly DD-WRT.  And as I've said in that thread and other threads, since it appears to be fine on Cisco and Windows "enterprise grade" equipment, everyone that is experiencing problems needs to call Apple with detailed info of their VPN endpoints so that it can get passed on to the engineering folks.  Just more "me too" calls doesn't help resolve the issue since if you take a setup like mine "everything is fine" so what more is there to "fix"?

• RV042 - loosing connection

  Hi there.
  My problem is as follows
  Setting the device up with static WAN is no problem, I get internet access and everything works perfect - using WAN1.
  But when connecting a LAN port to a switch with a dmz lan, the WAN port looses connection
  The LAN address of the RV042 VPN Router is set to: 10.10.20.5 with subnet 255.255.255.248
  Other equipment is connected to the switch with 10.10.20.6, 10.10.20.4 and 10.10.20.2 with same subnet.
  10.10.20.2 is a routing device that connects to 172.16.10.2 and further to 10.10.10.2 (LAN) with servers
  The device working mode is currently set as Router. Setting it as gateway makes no difference to the problem.
  Can you clarify what goes wrong?
  Regards

  Hi Taras, 
  As I understand you have Dual WAN and Load balancing , my question do you setup a protocol binding to bind the Voice traffic to go through only one WAN 
  with protocol binding you can dedicate WAN1 for example for voice Traffic 
  Protocol binding is working from LAN to WAN under protocol binding setting you have to choose the source IP range , you can have Range of IP for the phone 
  Destination 0.0.0.0 - 0.0.0.0  and select WAN 1 for example and enable it and save the configuration
  Please let me know after your testing
  thanks
  Mehdi

• How can i use an existing vpn connection without using the option "Send all traffic over vpn connection"?

  I have been trying to get my computer (os x.7) to astablish a remote desktop connection to my work computer via a vpn tunnel. In fact I have just discovered that it works fine if i select to "send all traffic over vpn connection" from the options in the advanced setup of the vpn.
  If the option is selected microsofts "Remote desktop connection for mac" works just fine. However without selecting the option it is not taking advantage of the tunnel but tries to connect as if the tunnel would not exist.
  Now the question is how do I get program to use the vpn tunnel without checking the above option?
  Thanks for any hints and pointers.

  Then can her computer be authorized to both accounts?
  Absolutely. You can authorize any given computer to up to five iTunes Store accounts.
  If purchases are made on her account, to a computer authorized to my account, can I put those songs on my iPod?
  If you connect your iPod to her computer, yes. Tracks download only to the computer from which they're purchased, regardless of which iTunes Store account is used for the purchase. Or you could copy the tracks from her computer to yours and then authorize your computer to her iTunes Store account. But that's sort of defeating the original purpose, it would seem to me.
  is it better to buy music through Amazon downloads and/or actually purchasing CDs to avoid the security features iTunes puts on its music?
  That's certainly an option. If it's an entire album I want, I buy CDs. That way I can import them at the quality I want and to whichever of my systems I want. Amazon or one of the other download stores that offer tracks as MP3 are also an option, though for me download stores are best when you just want a couple of tracks off a given CD.

• ASA 5505 VPN Connection Issue

  Good morning everyone,
  At my last position I was IT Director whose area of expertise was database and application development. All of the company's networking planning and maintainence I entrusted to my sysadmin, Salvadore. Back in 2004 we began implementing major changes in the network. Salvadore recommended SonicWALL firewalls. He did a fantastic job of securing our valuable server assets. Among the many improvements Salvadore established VPN access to the datacenter assets for mobile employees. What I remember especially well was the ease-of-use: start the VPN Client then RDP to a server or connect with SQL Server, in addition to connecting to all devices on my home network. It was absolutely beautiful!
  Fast forward to today. I have since retired. I do a little bit of daytrading on the side for entertainment. I leased a dedicated server to run an application that runs continuously 24 hours a day, 5 days a week. I contacted Salvadore to do a security audit on the server. As expected the server was under constant assault by bots trying to hack the RDP port. Salvadore recommended a firewall. The datacenter host offered us two choices of Cisco firewalls, one of which we chose: ASA 5505.
  Today I have a secure server which pleases me. The one thing that bothers me however is that I lose access to my home network devices while the VPN Client is connected. Here are the symptoms:
  I cannot send an email with Outlook as I normally do by relaying off of my Internet provider's SMTP server.
  I cannot connect to the TradeStation servers with my TradeStation application using login credentials that are authorized for my home network only.
  I cannot access my Seagate network storage drive.
  This is what I discovered:
  My wireless adapter (which I use from this laptop) identifies itself as "Wireless LAN adapter Wireless Network Connection" in IPCONFIG. IPv4 address is 192.168.0.5. Default Gateway: 192.168.0.1.
  After I connect the VPN Client, IPCONFIG reports a new adapter: "Ethernet adapter Local Area Connection 2". IPv4 address is 10.0.10.4. Default Gateway: 10.0.10.1.
  When I launch Windows Task Manager and click on the Networking tab, I see those two adapters.
  When launch IE and go to bandwidthplace.com to run a test, I see all of the network traffic going over "Ethernet adapter Local Area Connection 2".
  When I disconnect VPN and then rerun the bandwidth test, I see that all of the network traffic now goes over "Wireless LAN adapter Wireless Network Connection".
  This explains all of the symptoms:
  My Internet Provider will only allow me to relay off of their email servers if I am connected to their network.
  TradeStation refuses connection to their network because my credentials do not match my network address.
  There is no Seagate network storage device on the remote server network.
  My questions to the Cisco Support Community are:
  Is this the best I can hope for?
  Must all traffic be routed through the VPN connection?
  Is there any way to route traffic destined for 10.0.*.* through VPN and everything else through the default connection?
  Thank you everyone for your help. I would be happy to provide additional detailed information.

  Hi Brian,
  you can route traffic destined to 10.0.*.* over the VPN and keep normal internet traffic unencrypted over the default connection - this setup is known as VPN Split Tunnelling.
  This doc shows how to setup the access control list and apply this to the tunnel policy.
  Hope this helps
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml

• VPN License question on 5505 ASA Firewall

  Inherited a firewall project, it's getting a VPN running on a ASA 5505 Firewall for remote workers.  Firewall was configured by someone else who isn't available. 
  Basic question on the License: The current license is good for 2 SSL VPN Peers, and 20 "Total VPN Peers".  Can anyone elaborate on "Total VPN Peers"?  Can I configure Clientless SSL VPN connections, or do I need to go IPSec to get the 20 VPN sessions?
  Thank you in advance,
  Jeff

  Hi Linda,
  The default IKE SA lifetime is 86,400 seconds and the default IPSEC SA lifetime is 28,800 seconds. However, these values are configurable so you'll need to check your 5505 configuration to answer these questions. You can look at the output of 'show run crypto' to see the configured values.
  -Mike

• Yet Another ASA VPN Licensing Question :)

  I have a pretty good understanding of ASA VPN concepts, but not sure about this scenario.  Two questions regarding 5525 VPN SSL Anyconnect Premium Licensing.
  1.  Assuming we already own a ASA 5525-x with 750 Anyconnect Essentials and Mobile ( p/n ASA5525VPN-EM750K9 ) and want the ability for 200 Clientless (Anyconnect Premium) VPN connections, including mobile devices, what part number do I need?  
  2.  Assuming we do not yet own a ASA5525, but want the same 200 clientless VPN connections plus mobile device connectivity, what part number do I need?   I'm assuming this is correct  >>  ASA5525VPN-PM250K9
  Thanks!

  It's no problem - I sometimes look for an answer to a question myself and find my own 2 year old post explaining the answer. As long as I don't find my 2 week old answer, I'm OK with that. :)
  Anyhow, no there's not a SKU to upgrade Essentials to Premium. All the Premium upgrade SKUs are between Premium licensed user tiers (10-25, 25-50, 50-100 etc.).
  If you're a persuasive customer and make a strong case with your reseller they may be able to get a deal with Cisco outside the normal channels to get some relief as a customer satisfaction issue. That's very much a case by case thing though and not the normal fulfillment method.

• ASA VPN client question

  Hello.
  I have a question about a connection between an asa5505-sec-bun-k9 (that acts as Easy VPN client) and a EASY VPN server.
  The connection with the Easy VPN server is OK but I cannot more connect to internet and create VPN connections to my ASA5505 when I enable the feature.
  Is this a normal condition with Easy VPN Client enabled?

  u need to do split tunneling on ur vpn server and apply it to the vpn client config on the vpn server that encypt only traffic destined to the server side pravite network
  lets say the private network behind the vpn server is 192.168.1.0/24
  so make a standard ACL
  access-list split standard permit 192.168.1.0 255.255.255.0
  group-policy [ur grop policy name] attributes
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value split
  then when u connect from the easy client only traffic to 192.168.1.0 will go through the tunnel other traffic will not be part of encrypted traffic
  good luck
  Rate if helpful

• ASA 5505 vpn connection issues

  Hello I am having some issues with getting my vpn connection working on a new site. I get no internet connection when hooking up the asa. My current config is below. I have included a packet trace from my remote site to my main site. Any help would be appriciated, I am not very experanced in coniguring the devices.
  hostname ciscoasa
  domain-name .com
  enable password w3iW.W8jLtqmhFnt encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Vlan1
   nameif inside
   security-level 100
   ip address 10.10.10.1 255.255.255.0
  interface Vlan2
   nameif outside
   security-level 0
   ip address 72.xxx.xx.xx 255.255.255.0
  interface Ethernet0/0
   switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  ftp mode passive
  dns server-group DefaultDNS
   domain-name .com
  access-list NONATACL extended permit ip 10.10.10.0 255.255.255.0 192.1.1.0 255.2
  55.255.0
  access-list VPNACL extended permit ip 10.10.10.0 255.255.255.0 192.1.1.0 255.255
  .255.0
  access-list OUTSIDEACL extended permit icmp any any
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/flash
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list NONATACL
  nat (inside) 1 0.0.0.0 0.0.0.0
  access-group OUTSIDEACL in interface outside
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  http 0.0.0.0 0.0.0.0 inside
  http 10.10.10.1 255.255.255.255 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESPDESMD5 esp-des esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto map VPNMAP 13 match address VPNACL
  crypto map VPNMAP 13 set peer 68.xx.xxx.xxx
  crypto map VPNMAP 13 set transform-set ESPDESMD5
  crypto map VPNMAP interface outside
  crypto isakmp identity address
  crypto isakmp enable outside
  crypto isakmp policy 13
   authentication pre-share
   encryption des
   hash md5
   group 2
   lifetime 86400
  telnet 10.10.10.0 255.255.255.0 inside
  telnet 192.1.1.0 255.255.255.0 outside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd dns 192.1.1.6 192.1.1.4
  dhcpd wins 192.1.1.6 192.1.1.4
  dhcpd ping_timeout 750
  dhcpd domain .com
  dhcpd auto_config outside
  dhcpd address 10.10.10.10-10.10.10.40 inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  tunnel-group 76.xxx.xxx.xx type ipsec-l2l
  tunnel-group 76.xxx.xxx.xx ipsec-attributes
   pre-shared-key *
  tunnel-group 68.xx.xxx.xxx type ipsec-l2l
  tunnel-group 68.xx.xxx.xxx ipsec-attributes
   pre-shared-key *
  class-map inspection_default
   match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
   parameters
    message-length maximum 512
  policy-map global_policy
   class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:229af8a14b475d91b876176163124158
  : end
  ciscoasa(config)#reciated

  Hello Belnet,
  What do the logs show from the ASA.
  Can you post them ??
  Any other question..Sure..Just remember to rate all of the community answers.
  Julio