Cisco 1841 and RV042 VPN and VLANs

Unanswered Question
Jun 10th, 2009

Hello everybody !

I have problem with configuration VPN and VLANs

in Cisco 1841 i have configured IPSec VPN to RV042

VPN is connected

now in C1841 i have ACL with remote and local network, this i have too in RV042, but i need add to ACL more VLANs

in C1841 i can add ACL rule, but in RV042 i have choice only "IP Add." or "Subnet" or "IP range"

How i can set more "Subnet" into RV042? in C1841 i have two VLANs which i need connect to remote RV042.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marcos Hernandez Fri, 06/12/2009 - 13:10

Hi Tomas,

These forums are specific to the SBCS products (the 1800 is not one).



Tomas Chott Mon, 06/15/2009 - 02:55

Hi Marcos,

ok question is how i can set RV042 more "Subnet" in VPN settings.

Regards Tomas

Steven DiStefano Mon, 06/15/2009 - 06:12

Only if the multiple subnets are within the same /24 mask can they be ranged to be shared across the tunnel as a consecutive block, so probably the answer is not really supported on that router....

Local Security Group Type

Select the local LAN user(s) behind the router that can use this VPN tunnel. Local Security Group Type may be a single IP address, a Subnet or an IP range. The Local Secure Group must match the other router's Remote Secure Group.

IP Address: If you select IP Address, only the computer with the specific IP Address that you enter will be able to access the tunnel. The default IP is
: If you select Subnet (which is the default), this will allow all computers on the local subnet to access the tunnel. Enter the IP Address and the Subnet Mask. The default IP is, and default Subnet Mask is

IP Range: If you select IP Range, it will be a combination of Subnet and IP Address. You can specify a range of IP Addresses within the Subnet which will have access to the tunnel. The default IP Range is

Tomas Chott Mon, 06/15/2009 - 09:39

Hello Steve,

i understand this..

we have this subnets

10.1.31.x / 27 - DMZ

10.1.11.x / 26 - DATA

In our lan i can not set remote Subnet or IP range

Steven DiStefano Mon, 06/15/2009 - 09:46

OK.  So DMZ is public and doesnt need to be shared across the tunnel.

So you have one subnet you define as your LOCAL group and put the other subnet of the far end in the REMOTE group.

I think this should be supported, no?

Tomas Chott Mon, 06/15/2009 - 14:44


OK, dont speak about DMZ :-)

now i can set only last part from Remote secure group, for example A.B.C.D - D

future request is set last two A.B.C.D - C.D.

In attach, have diagram

VLAN 11 is IT dept. LAN, using VNC and WEB access to remote RV042

VLAN 31 is servers farm with SNMP monitoring





This Discussion