Page 1 of 1

RV042 VPN drop outs

PostPosted: Fri Oct 16, 2009 9:55 am
by stephen
I have a WAN VPN with two RV042 at each end of the link.
One of the RV024 is set up as a Dual WAN with two ADSL connections,
My problem is that the VPN link stops working. but the VPN Connection says connected.

To get the link to work I have to click disconnect at one of the routers and then the link is restablished automatically and the tunnel now works until the next drop out.

I am running the latest firmware Version:, downloaded from the CISCO web site.

Local Security Gateway type is IP only
Remote Security Gateway type is IP only
Keying Mode is IKE with Preshared key
Perfect Forward Security is ticked.
In the Advanced at the remote end we have ticked:
Aggressive Mode and
In the Advanced at the head office end we have ticked
Aggressive Mode and
Compress ticked
Keep Alive
Dead Peer Detection interval 10 seconds

Researched this site which says to Uncheck Perfect Forward Secrecy
However unchecking Perfect Forward Secrecy did not fix the problem.

I have also tried the suggestions at
But these have not helped either.

The remote site that has just one WAN connection was set up as Dual Wan, I have now changed that so that WAN2 is set as DMZ pointing to a non existent ip of mask and will see if that helps the problem.
Changing the Dual Wan to DMZ has not fixed the problem the drop outs still occur.

Re: RV042 VPN drop outs

PostPosted: Mon Nov 09, 2009 7:46 pm
by stephen
I have logged a call with the Cisco Small Business Support,
They have recommended to reset the RV042 routers to factory default then re-flash the firmware to version, then reset to factory defaults then manually key in the router settings.

I have done the above at the 3 sites where the routers are located. However this has not fixed the problem. The VPN still shows connected but the users cannot access the remote server down the VPN pings to the server time out. It is only after disconnecting the VPN and letting the tunnel reconnect that the tunnel starts functioning again.

Re: RV042 VPN drop outs

PostPosted: Mon Nov 09, 2009 7:57 pm
by stephen
Franki from Hon Kong has reported a fix for the broken VPN problem

I found that the problem occurred when I set "Phase2 Encryption".

Finally, I found a solution to fix it.
1. Set "Phase2 Encryption" as NULL
2. In "Advanced" option, set "AH Hash Algorithm" as MD5
3. Enable "Aggressive Mode"
4. Enable "Compress (Support IP Payload Compression Protocol(IPComp))"
5. Enable "Keep-Alive"
6. Enable "Dead Peer Detection (DPD) Interval 10 seconds"

My VPN links is very stable without any problem up to now.

Re: RV042 VPN drop outs

PostPosted: Tue Nov 17, 2009 5:57 am
by stephen
I tried Franki's suggestion but the router is still drop out.

I contacted Cisco and they had me take note of all the RV042 router settings then reset the router to default settings, then re-install the latest firmware, then reset to default settings, then manually rekey the settings back into the RV042 router. I did this at both the head office site and the remote site.
But this did not fix the problem.

We have found that the VPN drop outs occur when the activity on the tunnel is low eg when the users have breaks, or overnight.

Temporary Solution is to run a regular ping or tracert from one side of the vpn tunnel to the other. So on one of the servers or PC's at the one end of the tunnel we run every 5 minutes a tracert to the local ip address at the end of the tunnel at the head office. eg tracert where the is an ip address of a PC at the local side of the VPN tunnel at the remote end.

Re: RV042 VPN drop outs

PostPosted: Wed Nov 25, 2009 5:32 am
by stephen
The next option suggested from Cisco was to swap out one of the routers.
I swapped the router and the link stayed up a bit longer but the VPn drop out still occures.

I have found a solution that seems to keep the tunnel from dropping out.
I have managed to get the STC GGA tunnel to stay up by turning on the Netbios broadcast option in the Advanced section of the tunnel configuration.