[2x Cisco RV220W] Site-2-site VPN works only in one direction?

[Netson]

Hello everyone!

For the purpose of a remote backup between 2 QNAP NAS devices, I have setup a site to site VPN using 2 Cisco RV220W routers. Although VPN connects just fine, I can only access Network B from network A, but not the other way around. I believe it could be related to ip ranges/subnets, but since I am no expert, I thought I'd ask here!

here's what I have so far:

Network A:

• Hardware: Cisco RV220W
• VPN Type: IPSec
• Router IP: 192.168.8.1
• Router subnet: 255.255.255.0
• Router DHCP: 192.168.8.100 - 192.168.8.254
• QNAP fixed IP: 192.168.8.3

Network B:

• Hardware: Cisco RV220W
• VPN Type: IPSec
• Router IP: 192.168.3.1
• Router subnet: 255.255.255.128
• Router DHCP: 192.168.3.100 - 192.168.3.120
• QNAP fixed IP: 192.168.3.3

Status

• IPSec VPN connects successfully (IPSec SA Established)
• From network A I can connect to any device on network B (qnap smb, ssh, cisco web interface, printer, laptops, etc)
• From network B, I can ping any device on network A, I can access the cisco web interface from network A, and nothing else. If I try to access the web interface for the qnap on network A from a device in network B, no luck, it seems to hang. I also tried issuing a wget command from the qnap (ssh) on network B to fetch the web interface of the qnap on network A, and it says connected, but then hangs.

I've tried lots of different settings (creating static routes, dynamic routes, changing subnets, etc), but without any luck.

I really hope you guys and girls have the answer for me! If you need any more info, please ask!

 

[Netson]

A few months have passed and I still haven't figured it out; I've changed the IP range on Network B to 10.1.1.x, subnet is still the same.

I have also tried changing the subnet to 255.255.255.128 but I get the exact same results.

Is there anyone who can point me in the right direction?
Looking forward to your replies!

 

[jdabbs]

• From network B, I can ping any device on network A, I can access the cisco web interface from network A, and nothing else.

If you can successfully ping from B hosts to A hosts, and vice versa, sounds like you've got connectivity. I'd discount a VPN or routing issue.

I would look at firewall shenanigans like filtering/ACLs. Port forwarding could also be a cause. Something innocuous like inbound port 80 traffic being forwarded to a web server, except the router fails to distinguish between Internet and VPN traffic.

 

[Netson]

thanks for the tip!

I actually finally found the answer to this issue; as it turns out i had the freak situation where a firmware bug seemed to cause the issue.

Specifically for the RV220W, firmware version 1.0.1.0 contained a bug where, if you used Agressive mode for the site-to-site VPN, "irregular and unexpected" behaviour could occur. After upgrading the firmware AND changing the Agressive mode to Normal, traffic in both directions works without issues!

I do have a new issue now, but will do some research before bothering people here with it!