RVS4000 IPsec

Unanswered Question
Apr 5th, 2010

I'm trying to configure an RVS4000 (running latest firmware V1.3.1.0) for IPsec connection.

My usecase is that of connecting into my office over IPsec.

There are broadly 2 approaches that I'm familiar with;

1. IPsec with passphrase

2. IPsec with certificates

My travelling equipment (roadwarriors) consists of Linux equipment running Racoon and standard PC's running XP.

Question(s)

1. does the RVS4000 support both the IPsec approaches? (passphrase and certificates)

2. does anyone have a howto configure the RVS4000 + Linux box and/or PC?

I understand that GreenBox PC client is very popular - is this the best option for PCs?

thanks in advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
David Hornstein Tue, 04/06/2010 - 07:54

Hi earlpenny,

In your case half the answer is in the RVS4000 Administration guide, refer to URL below;

http://www.cisco.com/en/US/docs/routers/csbr/rvs4000/administration/guide/RVS4000_Admin_Guide.pdf

Check out the section around page 136. It talks about distributing certificates to QuickVPN users.  But road warriors will need a certificate in their quickVPN directory as per the manual and also use login and password.

Regarding using a  Linux client, I have no experience and await the community to comment. But since we are Using GPL code on the RVS4000, I would suspect that there are client already that will work with linux PC's.  But acocdotal information for another post shows no luck in getting linux client to work;

https://www.myciscocommunity.com/message/31781#31781

I hope a partial answer is better than nothing.

regards Dave

earlpenny Tue, 04/06/2010 - 08:57

Hi Dave,

Much appreciate the pointers - thanks.

From what I see, it looks like I should be able to establish IPsec connection (using passphrase approach) from a Linux machine. This would be what the Cisco manual refers to us site to site (tunnel) connection. i.e. not the VPN client account

As for the "VPN client" connection, this is not pure IPsec as it requires some SSL (443) preamble. So I won't be pursuing that route. (no pun intended) It does work though with the QVPN PC software. Bit of a pain to setup as it required SP3 or a patch. (details in the QVPN ZIP). Also, IPSEC service needed to be manually started. (run services.msc)

There are a number of docs around that describe various approaches for pure IPsec - one for Mac clients (https://www.myciscocommunity.com/servlet/JiveServlet/downloadBody/10585-102-2-19654/QVPN%20Alternate%20for%20Macs.doc) and another using Greenbow on PC (http://www.thegreenbow.com/doc/tgbvpn_cg_Linksys_RVS4000_en.pdf) - both approaches using the IPsec VPN tunnel approach. Not working for me but I will persist.

One further possible complication; my RVS4000 is sitting in the DMZ of my "real" outside-world router. QVPN works, so kind of proves that I'm on the right road.

Let me know if you have further inspiration.

many thanks.

macgate782 Thu, 04/08/2010 - 17:23

Hi earlypenny,

I have an outside router (DLINK) sitting in front of the Cisco RVS4000 and it is working with IPSec VPN with both the IP Securitas software (Mac OSX leopard) and the Green Bow software for the PC connecting from a remote location.  I didn't use Quick VPN as it didn't seem to working properly with the PC here.  Using passphrase.  Make sure you have UDP port 500 opened as well as protocol 50 (for ESP) to make IPSec work. 

Actions

This Discussion

Related Content