VPN appliance through my home network

dadfeight · ‎01-10-2014

I've been racking my brain and reading everything I can find but I can't figure this out. I would like to setup a Cisco RV180 on my home network to act as a VPN connector to my work network. I can use Windows to connect a PPTP VPN from my computer fine. but I need a couple devices to connect to my work network so I thought I would put them behind a VPN appliance to get them connected. I have a great JPG showing what I want to do but I can't attach it to this post.

At work I have a FortiGate 200B firewall setup with IPSEC Phase1 and Phase2. I want to configure the RV180 to connect to that tunnel and route traffic between my two devices and my work network. I've set everything up on both of them according to different tutorials I've found but still no joy.

Does anyone have any experience with this kind of setup? I've attached a picture of what I'm trying to accomplish.

Any help you guys can give is greatly appreciated. I'm beginning to go bald from all the pulling of hair.

mpyhala · ‎01-10-2014

Michael,

Why do you have two routers?

If possible, swap the EA4500 and RV180. If not, you will need to try forwarding some ports in the EA4500 to the RV180 LAN IP:

TCP: 443, 60443

UDP: 500, 4500

I have had customers report that this worked for them, I have not confirmed it myself. Ideally the RV180 would have the WAN IP address and be listening for the VPN connection without NAT.

Please keep us updated.

- Marty

dadfeight · ‎01-10-2014

I've got the following ports forwarded to the RV180: 500,1701,and 4500.

I want to segment my work devices (laptop, sip phone) from my home network. I want the RV180 to initiate the VPN to the FortiGate. I can do a PPTP VPN from my windows machine so I figured I would be able to initiate one from the RV180 but that hasn't worked.

dadfeight · ‎01-10-2014

The lightbulb just came on. If I set the RV180 between the ISP and my existing router, I can hook my home router to VLAN1 and my work devices to VLAN 2 and "neither the twain shall meet", so to speak. Just to verify, should the RV180 be able to initiate the VPN to the Fortigate?

mpyhala · ‎01-10-2014

Michael,

Great idea, that would work much better. You should be able to configure a site to site tunnel from the RV180 to the Fortigate and initiate from the RV180. I always recommend configuring the router with fewer VPN options FIRST (The RV180). That way you can easily match the settings on the Fortigate. Trying to match the RV180 to the Fortigate settings could be like pulling teeth.

- Marty

dadfeight · ‎01-10-2014

I'll give that a try later today and let you know how I faired. Thanks for the ideas.

dadfeight · ‎02-21-2014

So I have the RV180 connected to my cable router. My home network is working off of one port setup as a vlan but I can't get the IPSec to connect to the Fortigate using the same settings as the client on my PC. Not sure where to go from here.

mpyhala · ‎02-21-2014

Michael,

Do not try to use the Client settings on the RV180, it will not work. A Client to Gateway VPN is much different than a Gateway to Gateway VPN. I would configure the RV180 first and then try to match the configuration on the Fortigate. In other words, start from scratch on the VPN tunnel.

- Marty

SamirD · ‎02-22-2014

You'll need to get the Phase 1 and 2 information from the Fortigate router and then give them your cable modem IP address as well for them to configure the tunnel on their side. Then you will have a full site-to-site tunnel between work and home. However, your IT department might not want this. If so, the rv180 might not help you unless you can get the client to site mode to connect to the fortigate.

Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com