Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2806
Views
0
Helpful
4
Replies

Client to Gateway RV042 behind router

bab1ch_bytelab
Level 1
Level 1

‎07-15-2014 09:45 AM

Here is simplified diagram of my network. I'm trying to connect remote clients to my network through VPN. The goal is to provide network services (mainly from server) to remote clients. I have managed to establish VPN connection (PPTP and IPSec - with IPSec VPN Client software) from my test setup. I'm struggling to configure RV042 so it can operate with existing router in my network. I'm not sure what mode to use (router or gateway) where to connect RV042 (through WAN or LAN). 

I have configured RV042 in router mode (192.168.19.3 local address) and connected it to router through LAN. PPTP works, but IPSec doesn't (it seems than it only works through WAN address). As PPTP allows only for 5 clients that is not acceptable solution. 

If I connect RV042 through WAN (192.168.19.4 static IP) then PPTP and IPSec work but I can't connect to the rest of the network. I'm guessing that this is on the right track but I'm missing some step. 

I don't have access to 192.168.19.1 router but I can request some ports to be forwarded. I tried with my test setup to forward port 1723 and that enabled PPTP and I tried ports 433, 60433, 500, 45000 in hope that will enable IPSec but no luck. It worked only when I put RV042 in DMZ. Am I missing some port? 

I would appreciate if someone could help me to configure everything properly.

Labels:
Preview file
26 KB
0 Helpful
4 Replies 4

Mehdi Boukraa
Cisco Employee
Cisco Employee

‎07-16-2014 05:39 AM

Hi ,

 

My name is Mehdi from Cisco Technical support.

 

You made already PPTP working and IPsec also but if the RV042 in DMZ mode so here we tolk about the ports

from your note you have forward the port 45000 but we should forward 4500 and make sure all the IPsec port 500 and 4500 UDP

make sure also you have enable NAT-T on the RV042 where the VPN is configured

 

Thanks

Mehdi

0 Helpful

bab1ch_bytelab
Level 1
Level 1
In response to Mehdi Boukraa

‎07-16-2014 06:54 AM

Hi Mehdi, 

Currently I have only PPTP working because RV042 is connected to LAN port and has local IP 192.168.19.3. I couldn't get RV042 to accept IPSec connections through LAN port (it works only through WAN port). 

Everything was working on my test setup (additional router that I can control and RV042 that is connected to it through WAN - gateway mode). That test setup was only to test VPN configuration whith RV042 and clients. When I got that working I'm trying to configure everything on my real network. It looks like I made a mistake with port 45000, but that's not the problem now. 

I want to bridge VPN clients to my 192.168.19.0/24 network without RV042 acting as a gateway (as I already have gateway at 192.168.19.1)

0 Helpful

Mehdi Boukraa
Cisco Employee
Cisco Employee
In response to bab1ch_bytelab

‎07-17-2014 01:50 AM

Hi,

here is a solution:

The RV042v3 can be Gateway Mode and bridge the WAN network at the same time

 

what I suggest

here is the Topology should be :

 

 

here is the setting

1. You can use the RV042 in gateway mode or Router mode (because the gateway for all the host is 192.168.19.1)

2. Wan interface should be Transparent Bridge

     Give IP address 192.168.19.xxx/24 GW 192.168.19.1 (here is screenshot)

4. Give a pool of IP adress to be bridged here as example 192.168.19.200-250

5. But you should configure the AP,Server, Printer with static IP from the bridged pool 192.168.19.200-250 and gateway 192.168.19.1

6. now the problem with Wireless client will not receive an IP address , right ?

7. Disable DHCP server on RV042 and replay to an external DHCP server I beleive you have the server acting as DHCP server and configure it as the bridged network is a solution :)

8. of course we should have a port forwarding 500 and 4500 UDP redirected to 192.168.19.2 (WAN ip of RV042)

9. now moving to VPN setting

 

here is screenshots from the RV042

 

 

of course in advanced setting should enable NAT-T

 

10. Please if you need any assistance with ShrewVPN let me know.

 

Thanks and hope I was clear :)

 

please rate the discussion  or mark as answer to help other cisco customer to get benefit from it

Preview file
105 KB
Preview file
236 KB
0 Helpful

bab1ch_bytelab
Level 1
Level 1
In response to Mehdi Boukraa

‎07-17-2014 04:18 AM

Hi,

unfortunately I can't use suggested topology, it is similar to one I used as test setup. I have attached complete diagram of my network.

The problem is that 192.168.19.1 router is connected to a switch, and cables from that switch lead to Room1 and Room2. I can't get to restricted room and put my RV042 there. It could act as regular gateway and that would solve the problem. Also, I can't put additional cables from Room1 to Room2.

All I can do is connect RV042 to any switch and rearrange things in Room1 and Room2.

Preview file
66 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents