dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
924
share rss forum feed

svcs

join:2013-02-20

Cisco VPN

VPN issues
please help I am trying to set up a gateway to gateway VPN connection. Cisco RV042 to RV082. Same provider - 3 hops from ip to ip. Phase 1 pass - phase 2 fail - ports 500 and 4500
ISP says they do not filter - cisco support reps claim they do
I am stuck in the middle.

towerdave

join:2002-01-16
O Fallon, IL
Conference in Cisco and the ISP on the same call. Let them fight it out.

TD


JLevinworth

@embarqhsd.net
reply to svcs
said by svcs:

VPN issues
please help I am trying to set up a gateway to gateway VPN connection. Cisco RV042 to RV082. Same provider - 3 hops from ip to ip. Phase 1 pass - phase 2 fail - ports 500 and 4500
ISP says they do not filter - cisco support reps claim they do
I am stuck in the middle.

»Virtual Private Networking

»VPN to bind multiple locations together?
»Complex VPN Configuration with multiple Linksys RV042
Expand your moderator at work

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to svcs

Re: Cisco VPN

Does telnet to the other end of the VPN endpoint on port 500 and 4500 show "OPEN"?
If so, then that just confirms the ISP's not blocking / filtering.

Also the fact you mentioned that phase 1 completes indicates you've got basic endtoend
connectivity operating.

When you say phase 2 fails, any error messages present?

Any logs from either the RV042 or RV082 that can help you troubleshoot?

Have you done a stare and compare between the two devices' VPN configs to ensure
they match?

Just my 00000010bits

Regards

Crypto_Bug

join:2001-05-31
Torrington, CT
reply to svcs
Why not use netcat to test and ensure the ports are in fact not being blocked by the ISP
--
Certs: CCNA, GPEN, GCIH, GCFW, GSEC, GCIA, GCFA, GCWN


Caedmon

@qwest.net
reply to svcs
If Phase 1 completes then it is very unlikely that ports 500 and 4500 are blocked since one or both of those ports are used to complete phase 1.

The most likely problem for phase 2 not completing are a mis-match of transforms or proxy's on each end since those are what is negotiated during phase 2. Logs should tell you what is mis-matched.