IPSec VPN with Cisco RV180. Aggressive mode not compatible?

markwstar · February 26, 2016, 2:58am

Howdy,

We are trying to use the Max Br1 with our Cisco Rv180s to create an IPSec tunnel back for management. We have a static on our hosted site but not one with our Max Br1. This is fine as aggressive mode allows this configuration. However when setting up the devices I am using User-FQDN for our remote identifier and the Cisco will not allow the ‘@’ character.

EG: Max Br1

Local identifier: Type U-FQDN: cisco@peplink
Remote identifier: peplink@cisco

Cisco Rv180s

Local identifier: Type U-FQDN: cisco@peplink - “Rejects @ symbol”
Remote identifier: peplink@cisco

Is there a way around this config rejection? It seems that this is the only way with aggressive mode for access using a single side static. Has anyone set up a Max Br1 with a Cisco Rv180s in aggressive mode succesfully?

EDIT: Link to error on cisco Imgur: The magic of the Internet

Ron_Case · February 26, 2016, 3:13am

Do note the RV180 is part of the LINKSYS line and they do not have the same IOS as other Cisco devices.

markwstar · March 5, 2016, 3:59am

On the same note, connecting this rv180s to a FusionHub in a star configuration, is that possible as well?

TK_Liew · March 6, 2016, 4:02pm

Hi,

Based on the article here, U-FQDN is supported by Cisco RV180 router. You may need to confirm with Cisco.

Alternatively, you may try to put IP address as U-FQDN. We do support this. I noticed Cisco RV180 router also supported this based on the article above.

Thank you.

markwstar · March 7, 2016, 5:32am

U-FQDN does not work with these two devices evidently. The Peplink wants an @ character between devices which the RV180 rejects.

FusionHUB IPSEC settings
EG Local FQDN: peplink@cisco
Remote FQDN: cisco@peplink

Cisco RV180: peplink@cisco - ERR “you may not use an @ sign”

I’ve tried working around this with using a " . " in place of the @ on the peplink, which the cisco accepts, but the peplink only takes @.

sitloongs · March 7, 2016, 11:00am

Hi,

Please refer to the URL below:

http://sbkb.cisco.com/CiscoSB/GetArticle.aspx?docid=74d10d8ca7344c8fa1e4030d9d01668e_IKE_Policy_Settings_on_RV180_and_RV180W_VPN_Routers.xml&

Base on the above article, ‘@’ should be accept for RV180 (You may need to further verify with product principle)

Alternatively, please try to put IP address for the “Local ID” & “Remote ID” fields.

Beside that, possible to share us the firmware version running for the MAX BR1 ?

Thank You

markwstar · March 8, 2016, 1:12am

I actually ended up replacing the Rv180 with a Balance 20 and used PepVPN for everything. Much easier!

Jarid_Petermann · March 8, 2016, 1:20am

Thanks for the update and good to hear! As always, should you have future questions/inquiries don’t hesitate to reach out.