cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1736
Views
0
Helpful
7
Replies

RV082 Failing Credit Card processing security scan

toddah
Level 1
Level 1

Hello,

I have an RV082 setup as the home unit for a small business VPN network and the unit is actuall in a town 30 miles from my office. I have the web interface setup so I can manage the VPN as well as open and close ports as required for remote desktop access to the facility. We have started processing credit cards with a new vendor and they do a quarterly security scan on the system. I have 2.0.0.19 firmware loaded on it. They failing my RV082 because it supports less than 128 bit on port 443.

Is there a way I can configure it to only accept 128 or 256 only?

I have never worked with the CLI on this unit just the GUI.

Thanks in advance

7 Replies 7

Tiya Rabb
Level 1
Level 1

It sounds as if you are referring to PCI compliance and SSHv3? Am I correct with this?

Tiya,

Yes that is correct, PCI compliance is the goal. I passed the test last quarter but no I have failed it this time around.

It would be very nice if I could access from different locations as I never lknow where I will be (ip address) when I am needed to provide assistance. I generally log into the firewall and open a RDT port to a specific machine for the duration of the support session and then back out and close the port. I was hoping there was some way configuration wise I could upgrade or limit the encryption strength so I could pass the test and keep things secure.

Toddah

Brian Bergin
Level 4
Level 4

Create an ACL to only allow your IP to the router and PCI compliance scans will pass with no problem.  Better yet, just turn off outside configuration and VPN to the LAN and do it over the VPN from an inside IP address.

I am running WIndows 7 on my support machine will anyconnect work withthe RV082 as a VPN client? I have only done hardware clients up to this point with this RV0 unit

Toddah

Hello toddah

It would be very nice if I could access from different locations as I
never lknow where I will be (ip address) when I am needed to provide
assistance. I generally log into the firewall and open a RDT port to a
specific machine for the duration of the support session and then back
out and close the port. I was hoping there was some way configuration
wise I could upgrade or limit the encryption strength so I could pass
the test and keep things secure.

I see. You were using RDP ports to access your network, and this process is no longer perceived as PCI compliant. You are correct in that a VPN connection may work for you. Being that you have an RV082, you have 3 options to establish a VPN connection to your RV082's network:

1. IPSec Client - to - gateway, 2. Cisco Quick VPN, and 3. PPTP VPN. I am unsure as to which method will satisfy PCI compliance thoroughly.

will anyconnect work withthe RV082 as a VPN client?

I have not tested this, so I cannot state whether this will work. I can say that the RV082 allows IPSec VPN connections and works with clients that are built on Windows IPSec policies. In other words, this may work for you, but I would be unable to say for certain.

You can download the Cisco Quick VPN client from the Cisco.com Website.

I certainly hope this helps.

For PCI if you change your RDP port to something like 3390 you will pass.  Also, Anyconnect is SSL VPN and isn't supported on the RV082, at least not with the current firmware, as SSL VPN didn't exist when the RV082 was introduced in the early 2000's.

The real question is why do you need to manage this device so often?  I have customers' RV082's that with the exception of upgrading to the 2.0 firmware, haven't had config changes done in years.


Finally, the other option you have is to use the PPTP VPN server and DDNS.  VPN to the network that way and then you don't have to fool with QVPN (which to use the term buggy is being gentle) or Anyconnect (which isn't supported) and you also don't have to open any other ports to make it work.

toddah
Level 1
Level 1

Thanks Everyone,I had forgotten all about just setting up an IpSec connection. that works just fine and I did pass the last scan.

Thank you again.

Toddah

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: