Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Ipsec tunnel and Vlan

Hi,

i'm using an rv220W and i whant to know if is it possible to assign vpn traffic to a vlan when i setup an ipsec tunnel?

or is there mybe another solution?

example:

Im using different vlans on my rv220W.

Vlan 10: engineers (ex: 192.168.1.0/27) no intervlan routing

Vlan20: sales (ex: 10.0.123.0/24) no intervlan routing

This is what i need:

     - An engineer is on the road and when he makes a ipsec vpn connection => assignd to the vlan "engineers" so he can access the server/pc's in that vlan.

and when someone from the sales group starts a vpn connection he needs to be in the vlan "sales" so he can access his pc/data,...

Thanks,

Dimitri

Everyone's tags (1)
15 REPLIES
New Member

Ipsec tunnel and Vlan

Hello Dimitri,

What is the VPN client that you are using here? Did you setup a Quick VPN connection or did you setup an IKE/IPSec policy?

Thanks,

Wesley S

New Member

Ipsec tunnel and Vlan

Hi Wesley,

the RV220W is the gateway and i will use my laptop with the application "cisco quick vpn" to connect to the rv220W

so i need to setup an ike/ipsec policy i guess?

Thanks!

Dimitri

Bronze

Ipsec tunnel and Vlan

Dimitri B,

No the QuickVPN feature allows you to only configure the remote management settings and create a QVPN user. These settings automatically build the rest of the configuration for that VPN.

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

New Member

Ipsec tunnel and Vlan

but can a vpn user then communicate with a device in a specific vlan? our is that not possible?

New Member

Re: Ipsec tunnel and Vlan

not in time, but...

solution:

username PC1 password 0 !encrypted!

username PC2 password 0 !encrypted!

!

vpdn-group DEFAULT

! Default L2TP VPDN group

accept-dialin

  protocol l2tp

  virtual-template 5

!

vpdn-group PC1

accept-dialin

  protocol l2tp

  virtual-template 1

terminate-from hostname PC1.DOMAIN.COM

local name PC1

...

!

vpdn-group PC2

accept-dialin

  protocol l2tp

  virtual-template 2

terminate-from hostname PC2.DOMAIN.COM

local name PC2

...

!

interface Virtual-Template1

ip unnumbered Vlan1

...

!

interface Virtual-Template2

ip unnumbered Vlan2

...

!

interface Virtual-Template5

ip unnumbered Vlan5

...

!

New Member

Re: Ipsec tunnel and Vlan

Dimitri, I have exactly the same requirement. Did you ever find a solution?

Andrey, the RV220W doesn't support running scripts like enterprise routers/switches as far as I know.

Sent from Cisco Technical Support iPhone App

Green

Re: Ipsec tunnel and Vlan

pptp should permit the intervlan communication. you won't be able to 'directly connect' to that one specific subnet but you will be able to communicate across a vlan as you wish... and the router supports inter-vlan acl so you may limit traffic as you wish.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
New Member

Re: Ipsec tunnel and Vlan

Thanks Tom. Is IPSec not an option at all on the RV220W for this particular requirement?

Of course I haven't verified it for myself but reading this sort of thing on Wikipedia doesn't inspire confidence: "PPTP is (as of Oct 2012) considered cryptographically broken and its use is no longer recommended by Microsoft."

Sent from Cisco Technical Support iPhone App

Green

Re: Ipsec tunnel and Vlan

Historically your statement is true, the IPsec wouldn't be an option on this unit. You may try to make a LAN to LAN access rule in the attempt to make it work, since the LAN to LAN rules are a new addition, it may work (I haven't tested it for this purpose yet).

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
New Member

Ipsec tunnel and Vlan

It's the MS PPTP implementation that's broken, not PPTP itself.

See

http://www.schneier.com/pptp-faq.html

New Member

Re: Ipsec tunnel and Vlan

Richard Iemand:

"PPTP is (as of Oct 2012) considered cryptographically broken and its use is no longer recommended by Microsoft."

Richard, really? Give me a link please!

And what  type encryption i can use for security?

(Sorry my English)      

Green

Re: Ipsec tunnel and Vlan

Another option is the SSL vpn, this can be full tunnel or split tunnel. The router supports 5 SSL connections.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
New Member

Ipsec tunnel and Vlan

Hi Thomas,

i dont think that the ssl vpn is a solution.

for example you cant add 1 ssl connection in vlan 10 and another in vlan 20.

greetz

Dimi

New Member

Ipsec tunnel and Vlan

Hi Richard,

did not found a solution... do you?

Green

Ipsec tunnel and Vlan

Dimitri, as stated originally, you CANNOT directly connect to 1 subnet. This will have to be managed through inter-vlan route options and possible lan to lan ACL.

SSL VPN is the solution for this platform.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
1826
Views
0
Helpful
15
Replies
CreatePlease login to create content