Cisco Routers :: RV 042 - Client To Gateway VPN Set Up
Nov 8, 2011
I have a RV042 and I am trying to setup a Client to Gateway VPN for about 12 to 15 remote users. These users travel a lot and need to connect to the server. I have never setup a vpn and have looked at the manual and set it up like it says to. I installed the Quick VPN client on the remote computer and copied the certificate to the remote computer.
I am having two problems.
1. When I run the client on the remote computer and try to connect it tells me the cert is not installed on the local computer. (it is copied to the root program directory C:Program Files Cisco Small Business and the sub directory, C:Program Files Cisco Small Business Quick VPN Client.
2. I can continue and it acts like it's connecting but it does not. If I look at the router VPN summary it shows that I connected for only a brief time.
I set up an RV042 as a VPN gateway for a client a year ago. It is running firmware 1.3.12.19-tm (Feb 13 2009 13:03:21). I created a new certificate. When I download the client certificate, It comes as a .zip file. One the can not be opened by a zip utlity (windows, Winzip or 7 zip). It looks like I can just rename the file to a .pem file, but I want to make sure that is right. They were getting QuickVPN timeouts, but that looks like it was fixed in 1.3.13.
I'm trying to setup an rv180w to connect as a client to an remote vpn gateway and route all the lan traffic behind it direct to the remote vpn gateway. [code]
2) Allow all port 80 connections, and forward to 10.4.20.60
3) Allow all port 443 connections, and forward to 10.4.20.60
4) Allow port 22 connections from specific IP addresses, and forward to 10.4.20.60
5) After a remote client has connected using Client to Gateway VPN, allow that remote client to access anything on the LAN
I'm able to do #1-4 above, but I can't get #5 to work. Or I can get #5 to work, but can't implement the restrictions I need in #1-4. Attached are some relevant screenshots. I think the problem is that I have Forwarding rules set up that require me to have a firewall rule to Deny All Traffic from WAN1 (unless I'm specifically allowing it). In the Access Rules screenshot, rule #6 is the problem. If I enable it (thereby denying all WAN1 traffic), then VPN clinents can't access anything on the LAN. However if disable this rule, VPN clinents can access anything on the LAN, but the firewall also opens up all outside connections to SSH, since that's set up in the Forwarding rules. I would have thought that once a remote client is connected using client to gateway VPN, then that client is considered to be on the LAN, as far as the firewall is concerned. Thus a firewall rule (like #6) that is specified for WAN1 shouldn't effect remote VPN clients.
I am setting up remote access using an RV042 router. Using quickvpn or a client-to gateway vpn and shrewsoft client, I can only access/ping the LAN side of the remote router and one machine on the remote network. The PPTP server and native Windows 7 connection provide access to all machines on the remote network.I have 2 possible reasons for this and would like to find the real reason:
1) The remote RV042 is behind another router, and that router restricts access other than the PPTP traffic.
2) The VPN tunnels other than PPTP only allow access to the remote LAN side of the router and remote machines that have the remote router defined as their gateway in the IP configuration.
I've got two RV082's connected. Each has a dynamic IP (changes typically every few weeks). I've configured the tunnels on both ends with a local and remote "Remote/Local Security Gateway Type" of "Dynamic IP + Domain Name(FQDN) Authentication".If I look at the VPN Summary tunnel status, it shows an IP address of "mydomain.dyndns.org 0.0.0.0" under the "Remote Gateway" column heading. The Tunnel Test "Connect" button is N/A.I can resolve both of the mydomain.dyndns.org entries on both sides of each VPN using the Diagnostic DNS lookup tool within each router. If I hardwire a fixed IP address for the Local and Remote Gateway everything works just fine. VPN is good.
I just can't seem to get the "mydomain.dyndns.org" function to work. It appears the router can't resolve the dynamic IP from the domain names on each of the routers.
I replace our aging rv082 routers with wireless rv220w routers. The gateway to gateway vpn works great, however I am no longer able to manage our print servers port 80 management page. I can ping any host with success, and I can manage hosts that have a port 10000 or 8000 web interface - but no port 80 ones... I had no issues when using the old rv082 routers...
I picked up a pair of RV220W's and before I spent loads of time at a remote site, I figured I'd go through some VPN testing at home to make sure I could get it setup properly. What this means is I've plugged the Internet uplink into a switch, then from the switch into both routers & configured them (using unique static IP's for each) from there. For what its worth: While I have some IT experience, I don't have strong networking experience.
I setup several VLAN's on the local RV220W, and the end result is to make it so that an asset at the remote site with an IP in any of the ranges (192.168.121.0/24, 192.168.131.0/24, 192.168.141.0/24 and any future VLANs) can communicate with/access resouces at the local site. Likewise, an asset at the local site with an IP in any of the ranges (.121, .131, .141 + any future VLANs) should be able to reach the remote resources (currently just 192.168.181.0/24, but future VLANs as well).
This evening I tried to focus on the relevant VPN pages of the Administration Guide to get the VPN up. Leaving the defaults I got as far as establishing a link between both sites and it seems that things are working right: From the remote site (.181) I can access the local site (.121, .131, .141); and from the local site I can at least ping resources (a laptop) on the remote site. (Yay!)
However, when I physically connected an asset that had a 192.168.121.X, 192.168.131.X and 192.168.141.X IP addresses to the remote RV220W (which is 192.168.181.0/24), I couldn't see it from the remote or local sites.I assume this is expected. But I'm reaching out to the community to see what other possibilities might be available becuase networking is a weak area for me. I figured it might be something like a Static [or Dynamic] Route but I really am not 100% sure.
'TECHNICAL' SPECS
Local Router LAN/WAN Settings: LAN IP: 192.168.121.1 on default VLAN (1) VLAN 13 defined 192.168.131.1 with DHCP enabled; Reservations created outside of DHCP scope VLAN 14 defined 192.168.141.1 with DHCP enabled, Reservations created outside of DHCP scope Inter VLAN Routing enabled for all VLANs
Can I have use a Gateway-to-Gateway IPSec tunnel whereby a user can surf the Internet using his local Internet connection and at the same time connect through the IPSec tunnel to a remote subnet using RVS4000 routers?
I have two Cisco RV042 Routers, they are being used to connect two offices, i have created a standard gateway to gateway connection, fixed public ip addresses on both sides and everything works fine, except when the tunnel gets disconnected, it does not connect back automatically, i have to log into either router console and click the connect button to get the tunnel working again, this is really annoying since it happens once or twice a day at least.
New hardware here, requesting a bit of your knowledge, We are tryingin to setup a simple gateway to gateway VPN
HomeA Has an RV016 with a public static IP Local Group Security Gateway type is IP Only with the IP Local Security Group Type is Subnet, with the local IP class 192.160.0.0 Remote Security Gateway Type: Dynamic + Email Email address some@emailaddress.com Remote Security Group Type: Subnet IP Address 192.168.1.0 IPSec Setup as default with nice password.
HomeB has an RV082 with a dynamic ADSL link Local Group Security Gateway type is DynamicIP +Email Email address some@emailaddress.com Local Security Group Type is Subnet, with the local IP class 192.160.1.0 Remote Security Gateway Type: IP Only Remote Security Group Type: Subnet IP Address 192.168.0.0 IPSec Setup as default with nice password.
The idea is for HomeB which has a dynamic IP, to reach HomeA, which has a static IP and connect. But they just wont. I have not clue what's wrong, I followed the instructions, maybe i miss interpreted something. I could share the VPN logs for both., Im getting a lot of errors there.
I have a pair of RV082 routers and I'd like to configure gateway to gateway VPN tunnel as described in a cookbook, "How to configure a VPN tunnel that routes all traffic to the Remote Gateway," (file name Small_business_router_tunnel_Branch_to_Main.doc). I followed this cookbook and found that my while the Main office has internet connectivity, the branch subnet doesn't have internet connectivity.
Routing does behave as advertised, where all traffic does go to the main office. However, the 192.168.1.0 subnet in the branch office does not get internet connectivity. I've read in other posts that the Main office router will only provide NAT for the local subnet, not the branch office subnet. Is there a way to configure the RV082 router to provide NAT for all subnets?
If not, which Cisco product will provide the VPN Tunnel connectivity as well as the NAT for all subnets? Can the RV082 be used as part of the final solution or are my RV082s a wasted expenditure?
Following is the configuration that I'd implemented, (real IP and IKE keys are bogus).
Gateway To Gateway Remote Main Office Add a New Tunnel Tunnel No. 1 2 Tunnel Name : n1-2122012_n2-1282012 n1-2122012_n2-1282012 Interface : WAN1 WAN1
I have two Cisco RV8082 Routers which I would like to setup a VPN Tunnel with Gateway to Gateway. One location is a static IP Address. The other location is a dynamic IP address.
I am trying to set up a gateway to gateway VPN connection between a RV042G (central site) and a RV110W (newest firmware) which is used for presentation purposes on various customer's sites. The RV042G has a static IP. The RV110W has different IPs, depending on where it is used.
Basic VPN settings are clear to me (we have another VPN between two RV042G with static IPs). I set up the VPN connection on the RV042G wth the following settings for "Remote Group Setup":
Remote Security Gateway Type : IP + Domain Name (FQDN) Authentication IP by DNS resolved: mydomain.no-ip.org Domain Name: router12345
The value "router12345" is what I have configured in the RV110W as "Host name" in the network settings.
This configuration does not work so I am obviously doing something wrong. Do I have to use "router12345.mydomain.local" instead if I configured "mydomain.local" as the domain name in the RV110Ws network settings? For my tests the RV110W has a WAN-IP of 192.168.178.100 because it is located behind a DSL-Router. The external IP of this DSL-router is 178.0.x.x. The resolved IP from mydomain.no-ip-org is 192.168.178.100 but when I look in the RV042G log I see the requests coming withg the external IP (178.0.x.x). Is this the problem? The last message I see in the log is "no connection has been authorized with policy=PSK".
Or can I use "IP + Email Address (USER FQDN) Authentication" instead (where can I enter this email address in the RV110W?). Or do I have to use "Dynamic IP"?
I exchanged a RV042 v1.2 (Firmware 1.3.13.02) by a new RV042G v3. (Firmware 4.2.1.02).
My problem is now the following: The old RV042 established the Gateway to gateway VPN connection as soon as an IP- address of the remote location was requested. The new RV042G stays on „Waiting for connection“ all the time and does nothing at all. The connection works by clicking „CONNECT“ or by ticking Keep-Alive in the advanced tunnel settings but NOT automatically as before. Is this a firmware issue or have I to configure something additional?
I am considering upgrading our 5508 WLCs to version 7.4.1 to take advantage of the Bonjour gateway. What I want to do is allow clients on our guest wireless network to access things like the Apple TV in our conference rooms. My intention would be to have the Apple TVs on a separate vlan. Obviously, the Bonjour gateway would allow for access between these 2 networks. The question I have is this. If I have client isolation turned on my guest wireless network, is it still possible for these devices to access Apple TVs on another network?
I've just installed a standard Cisco wireless install (5508, 3502i, local and flexconnect setups) all working swimmingly.
The customer has asked for a new WLAN for a particular group of staff that will route to a different gateway than the general wireless staff.
The 5508 is connected to a older Avaya L3 switch that is the customers core swtich, but it isn't capable of PBR so it routes on desitnation only and its default route is not where I need the new WLAN traffic to route to. An ASA will be connected to the Avaya switch (which is the alternate gateway I need to get the new WLAN users to). So my question is probably routing 101, but if the ASA interface, the Avaya swtich and the WLAN interface all reside in the same VLAN, can I give the wireless clients the ASA as their gateway via DHCP and successfully get their traffic to the ASA?
Client is having 1 file server running small business windows server 2003. Server is not configured with domain, it is working only on workgroup. We have around 15 users who are using that server as file server only. Now my main question is do i need to configure DNS server in that server?we also have internet connection running (have problem in that also, will explain next time) with wireless router to connected with switch. So do I need to setup dns in server also or just put static ip (I prefer static then dhcp) & dns server from ip will be ok? If I put dns which I got from ISP, so will it create any problem with using those file from server?the second question is..
What IP address, Default gateway and dns address I should use for Server & also client pc. router ip - 192.168.1.1 server ip - 192.168.1.10 Currently no DNS setupcurrent configuration - Server IP - 192.168.1.10 subnet- 255.255.255.0 gateway - 192.168.1.1 dns - 213.42.20.20 (from ISP) dns2 - xxx.xx.xx.xx (from ISP)current configuration - Client IP - 192168.1.111(to 115) subnet - 255.255.255.0 gateway - 192.168.1.1 dns 1 - 192.168.1.10 (File Server) dns 2 - 213.42.20.20 (from ISP)
We recently upgraded from a Linksys WRT54G router to a Cisco RV042 to gain "gateway-to-gateway" automated VPN access. However, we are unable to get "client to gateway" access working.
With the Linksys WRT54G we used a "username" "password" pair for remote client authenication. This worked for both Windows and Mac OS X users using the built-in PPTP client. We found we had to set "encryption" value to "none" on the client side.
I am confused by the setup screens on the RV042. It looks like I must setup a "tunnel" (VPN->Client to Gateway), there is (VPN->VPN Client Access) where I can enter a username/password, and also (VPN->PPTP Server) where another username/password pair can be entered. I have tried all sorts of combinations but "no love". I am particularly mystified by the (VPN->Client to Gateway) settings for "Remote Client Setup"; the client can be calling in from anywhere and there is an option for "Dynamic IP + Email Address" but I'm not sure how that maps onto the client (do they use the email address as their account name?). I have also looked at defining a "Group VPN" where I am given other options. But nothing works from the client.
I just need to come up with some setup that works, that I can document to both PC and Mac users at a miniumum.
This is terminating on an ASA c5510 sec+ running 8.3(2) Client devices running XP with the same VPN client get an address from the ASA pool e.g. 10.10.50.1 with no default gateway. Users are able to connect without a problem. Windows 7 (32bit) clients with this same VPN client get this address but get a default gateway 10.10.50.2 and are unable to connect for obvious reasons.
After we change the firewal from PIX515E to Fortigate311B, one notebook which installed Cisco PN client 5.0.7.440 in WIN7 64bits can not access VPN because the default gateway is not correct. For example the IP get from Ip pool is 172.28.22.10 but the default gateway IP is 172.28.22.1. ?
I've got half a dozen RV042 routers in various locations. They are running v4.0.0.07. Seemingly randomly, I got the 502 Bad GatewayThe CGI was not CGI/1.1 compliant. error when attempting to log into the web interface with google chrome (same with IE too). This happens from the LAN side. I actually didn't notice it until my Opsview monitoring software threw up a critical when it didn't get an http response. The router is otherwise actually working just fine.Since the first occurrence, more of my routers have developed the same error.
I've tried different browsers, clearing caches, though I'm not surprised those efforts were fruitless, as there is clearly a problem even when no browser is involved (nagios). The nagios http check also returns a 502 Bad Gateway.
I'm having problems setting up VLANs on my RV110W Small Business Router. I have updated the firmware to the latest : 1.1.0.9 Here is my set up :
WAN settings : IP : 192.168.1.252 / 255.255.255.0 - Gateway 192.168.1.254 VLAN1 (default) : IP : 192.168.2.254 / 255.255.255.0 VLAN3 (test) : IP : 192.168.16.254 / 255.255.255.0
Inter-VLAN routing option is checked.
Symptoms :
- The communication from VLAN1 to WAN is fine
- The communication from VLAN3 to VLAN1 is fine
- The communication from VLAN1 to VLAN3 is not working
My routing table is :Routing table Entry ListDestination LAN IPSubnet MaskGatewayInterface192.168.2.0255.255.255.0192.168.2.254LAN192.168.1.0255.255.255.0192.168.1.252WAN192.168.16.0255.255.255.00.0.0.0LAN0.0.0.00.0.0.0192.168.1.254WAN
As you can see, the gateway for VLAN3 is set to 0.0.0.0, which is wrong I believe. I don't know how to update that. I tried to add a a static route for the subnet, but the router did not let me do that.
I gave setup a vpn gateway between two cisco RV120W. The connection is established.
Active IPsec Security Association Table: Policy NameEndpointPacketsKBytesStateActionRxTxRxTxVPN-INTERDIO87.65.38.62000.000.00IPsec SA Established Poll Interval: (Seconds)
The problem is that there is no trafic. Even ping te remote internal nework is not working. For testing i have disabeld at both sites te firewall and have configured both with an access rule any to any.
I have RV042 on my remote network, i have problems with VPN connection , user can connect to RV042 but only inside IPs that can ping from vpn user.Is it any way to make the traffic from Rv042 will back to RV042 . maybe with nat.. in example below 192.168.5.100 is my lan IP from my DSL dhcp, and 172.27.0.20 ip on remote, traffic not back to my pc/vpn client, what i want is to translate 192.168.5.100 to RV042 LAN ip address
We have just purchased a license L-PL-GW-100MAX-3= Protect Link Gateway: Unlimited Web + 100 Max Email Seats,3YR. I found that it does not include IPS license. I cannot find anywhere where I can purchase an IPS license for SA540 gateway. It seems to be available only as a bundled product when purchasing the hardware.
I have created a connection gateway-to-gateway between RV220W and RVL200, is doing without any problems.For example, I can ping the gateway on the other side. But when I connect trough RV220W QuickVPN (or PPTP) I can not reach the gateway (RVL200) or any host behind it.
I have router Linksys RV042 v1.2 with latest firmware Version: 1.3.13.02-tm. And I'm using QuickVPN v 1.4.1.2. I've setup VPN connection with values, below: But every time I'm trying to connect to router by VPN it always popup a window "Remote Gateway not responding".It occurs when I'm trying to connect to VPN behind other router, when I'm connected directly to Internet the connection is established.But I'm connecting to other networks using VPN and it's working properly (behind the same router), so I think it's problem with RV042 configuration but I don't now weher.
I am trying to setup the following. We have an RV042 Router and are using it as our gateway at the office. In the office we are using a Windows Domain abc.lan with DHCP of 10.0.0 - 10.0.0.254. The Router/Gateway is setup with a Static IP of 10.0.0.100.A couple of our office employees would like to work from home via VPN using their laptops. With the many options available for this router, I am not clear as to which options and what settings I should set.
I have a RV110W which is am using as a router (not gateway), because it is connected to the DSL modem (not planning to bridge it) through its WAN port. The DSL modem forwards all PPTP traffic to the RV110W.The only pupose of the RV110W for me is to use it as a VPN router.
Info: Firmware version: 1.1.0.9
Below are the settings I have:
WAN: LAN:N.B. The modem runs a DHCP server, so I am relaying the requets to it VPN:N.B. Also tried with 192.168.0.0 and 12.168.2.0 networks; same thing.
Routing Settings:
Routing Table:NB: 192.168.1.11 and 10 are VPN clients (created automatically).
Firewall:Users are being able to successfully connect to the VPN; however, there are couple of problems:
1. They are not assigned a gateway; hence, not internet connectivty (i want them to use the remote gateway)
2. They are not able to access the 192.168.0.0 network; hence unable to reach their DNS server and other hosts (run a tracert; they couldn't go beyond the RV110W VPN server IP). For this, i tried to turnoff the firewall on the RV110W, and also tried to create and Access Rule to allow all outboud and inbound traffic between LAN and WAN, but no success.
I am setting up a dual WAN network in our small business office and I am confussed on the set up of the RV042.
On WAN1 I have a satellite modem connected
On WAN2 I have a cradlepoint CTR35 Router with a verizon aircard
The satellite has lag issues and will drop out during poor weather but has a 17GB dowload limit. The verizon aircard has only 5GB download limit but normally works in poor weather. Code...
Do I select obtain DNS automatically on both WAN1 and 2? Do I set this up as a gateway or a router?
I am trying to install a Cisco VPN Router RV120W behind this router. I have setup the Cisco and can access the internet from the device. I also setup the Actiontec router with the DMZ host as the Cisco router. When I try to connect to the VPN tunnel however I connect but receive an "Gateway is not responding" error message after 30sec. Is there anything else I need to setup on the actiontec router to allow VPN passthough or something like that?
Actiontec Lan IP: 192.168.1.1 Cisco Wan IP: 192.168.1.2 Cisco Wan SN: 255.255.255.0 Cisco Wan Gateway: 192.168.1.1 Cisco WAN DNS: 192.168.1.1 71.250.0.12 Cisco Lan IP: 192.168.20.1
Edit: I have also tried this connection from a Windows 7 Pro with Firewall enabled and also Windows XP with the same error.
Quick VPN log:
2011/12/30 00:05:58 [STATUS]OS Version: Windows 7 2011/12/30 00:05:58 [STATUS]Windows Firewall Domain Profile Settings: ON 2011/12/30 00:05:58 [STATUS]Windows Firewall Private Profile Settings: ON 2011/12/30 00:05:58 [STATUS]Windows Firewall Private Profile Settings: ON 2011/12/30 00:06:10 [STATUS]OS Version: Windows 7 2011/12/30 00:06:10 [STATUS]Windows Firewall Domain Profile Settings: ON (code )
