VPN RV042 to WRVS4400N

[ryanak]

I am trying to create a VPN tunnel between two routers.
The first one is a RV042 the other end is WRVS4400N. The VPN will not come up, but I am unable to determine why.
As a test, I can create a VPN Tunnel from an RV042 at my office to the RV042 at the client main site. I then made one from my office (RV042) to the WRVS4400N and it worked.
But I am unable to create a VPN from the client's main office to their branch office. Both units are running the newest firmware (RV042 is running 1.3.12.19-tm, the WRVS4400N is running v2.0.0.8). I have also confirmed that the MTU size on both ends is correct.

The RV042 is configured as follows:
Local Group:
IP Address (Confirmed Correct)
Subnet
IP Address: 10.10.10.0
Subnet Mask: 255.255.255.0

Remote Group:
IP Address (Confirmed Correct)
Subnet
Ip Address: 10.11.11.0
Subnet Mask: 255.255.255.0

Keying Mode: IKE with Preshared Key
Phase1 DH Group: Group 1
Phase 1 Encryption: 3DES
Phase 1 Authentication: MD5
Phase 1 SA Life Time: 38800
Perfect Forward Security Enabled (checkbox)
Phase2 DH Group: Group1
Phase 2 Encryption: 3DES
Phase2 Authentication: MD5
Phase2 SA Life Time: 3600
Preshard Key: (confirmed as good)

The WRVS4400N is configured as follows

Local Group:
IP Address (Confirmed Correct)
Local Security Group Type: Subnet
IP Address: 10.11.11.0
Subnet Mask: 255.255.255.0

Remote Group:
IP Address (Confirmed Correct)
Local Security Group Type: Subnet
IP Address: 10.10.10.0
Subnet Mask: 255.255.255.0

IKE With Preshared Key
Phase 1:
Encryption: 3DES
Authentication: MD5
Group: 768Bit
Key Lifetime: 28800

Phase 2
Encryption: 3DES
Authentication: SHA1
Perfect Forward Secrecy: Enable
Preshared Key: (Confirmed as Good)
Group: 768-bit
Key Lifetime: 3600


Thanks.

 

[SYQUEST]

What else is different between the two setups, for instance: browser, firewall settings, ISP blocking any ports?

Can you PING the various interfaces and devices?

....JIM....

 

[ryanak]

The browser used to manage both firewalls is Firefox. the firewall settings are identical. the ISP's both report that they are not blocking any ports. I can ping the outside IP of both units.
The test VPN to my office is up and stable, and I can ping their internal devices from my office. The only configuration difference between the test connection to my office and what should be the actual connection is my IP address. Beyond that, they are identical (confirmed by two other individuals).

I am leaning towards a defective WRVS4000N because any changes I make, have to be made multiple times before it stays. That said, if the VPN to my office is stable, the device does NOT seem defective.

Ryan

 

[SYQUEST]

I am not familiar with the WRVS4000N specifically, but Linksys has big history of BAD firmware on most of their products. Look for any updates or release notes or contact Cisco Small Business for support!

....JIM....

 

[ryanak]

Found the solution. The Linksys RV042 has many more features available in the Advanced section for the VPN configuration than is available for the WRVS4000N. One of those features is Dead Peer Detection. This feature is enabled by default. Checking through the logs I found a comment of Dead Peer Detection refusal. I disabled Dead Peer Detection and the VPN came up.

Ryan