I am a Cisco reseller, and I am slowly learning that becoming a partner and recommending the small business routers for VPN access, was the worst possible thing for my business.
I have recently setup a few RV120W's, RV220W's and the RV042's, and NONE of them can reliably establish a VPN connection using QuickVPN. I have tried on multiple computers (usually Win7) and it is always the same result... a dialog box that says waiting, or a messages that says it cannot connect to the peer, and lists a few possible reason's why. I attempted to read through the forum, but there have been soooooo many issues with QuickVPN, that I could not find a starting point.
I have noticed that these devices appear to support "another" VPN client, possibly with XAUTH support. Can anyone please tell me which clients can be used to establish a VPN connection with user authentication.
I am not looking for suggestions... I am looking for a resolution. If it is not known to work reliably 100% of the time, then it is probably not the solution I am looking for.
...And no Mac support!?!?!? I'm not sure what the SB product manager was thinking when they decided to excluded these users.
Right now only the SA500/SRP supports Cisco Vpn client via XAUTH .All other routers support Qvpn. Little information on Qvpn as many customer blame our routers when they really don't understand. Qvpn is a utility that allows you to quickly configure the IPSec client that's already installed in windows. This is why NO support for Mac and hints why it's free utility Cisco doesn't own the client. Next the biggest problem with Qvpn is that many programs on the customer computer can affect the connection. Many computers i have installed Qvpn on did work successfully but of course i had to play around with Microsoft operating system (Engineer shouldn't make changes as this would cause Cisco liability). it's when we have 3rd party programs like firewall and antivirus generally will cause it to fail. Again it's actually the Microsoft client that is giving trouble very rarely is the problem the utility that allows you quickly configure Windows IPSec client. Also our device needs to hold the public ip address on our WAN and ports 443-500-4500 and 60443 needs to be opened and not forward internally to another device. Unless we are using Multiple public ip address.
jasbryn, thanks for responding.
Can you please explain to me why the attached image shows the option to setup a "VPN Client" within the RV120W? Which client is to be used with this router?
Secondly, the RV120W allows a user to be created and use "XAUTH"... why is this?
The fact that Cisco would decide to use a VPN client that does not function well with 3rd party anti-virus or firewall programs is completely disappointing. Most users use, or are encouraged to use, some type of firewall or anti-virus... so why decide to use a client that is going to be so troublesome. As the manufacturer of the router, you should provide a working solution, if it is what you're selling. I could have told everyone at Cisco that using the Microsoft based service is a BAD idea! It sounds like your blaming Microsoft, but I blame Cisco for using their service/client.
Cisco already has a VPN client, so why not add the functionality (or why disable the functionality) in SMB products. Typically these users do not have techs who can work on this all day. They are small business owners who want to focus on their business, and not have to read through forums day after day, to get VPN connectivity. Cisco has clearly loss their focus on who they are building products for. Competitors offer VPN connectivity that's fairly easy to setup, and come along with a free client to download... and some even work with Mac.
Thank you for using the community forum.
While the option says VPN Client this means an IPSEC VPN client, not specifically the Cisco VPN Client. This software is only available in higher level devices, like the SA 500 series with a 3 year contract SR520-T1, or enterprise level devices with the proper license. Cisco VPN Client software is a paid for software.
The XAUTH option is for use of IPSEC VPN clients other than Cisco VPN Client. Now that being said that doesn’t mean others haven’t gotten the Cisco VPN Client to work with the RV120W; it just means that software is not supported with this device. The same goes for a software we know works and recommend GreenBow which is a paid for software you can openly purchase unlike Cisco VPN Client. Other software that might work is Shrewsoft and IPSecuritas (MAC).
The QuickVPN utility is just that a utility that is a friendly interface into Microsoft’s IPSec software. Since the client paid for Microsoft they are entitled to this function it is just not user friendly. Cisco supplies a utility to leverage this software. This is why the Cisco Support team is limited on the depth of support we can supply regarding other vendors software. Many times Cisco goes far beyond the point that should be supported to find a solution for our customers.
The QuickVPN utility is FREE, included into the price of the router. Many of the Small Business routers also have PPTP servers and SSL VPN servers built in which can provide a VPN solution for FREE as well which will work with MAC.
QuickVPN will use the built-in TCP/IP stack of the Microsoft Operating system that is why the firewall needs to be modified. PPTP, SSL, IPSEC VPNs will install a second adapter with a separate TCP/IP stack to make the VPN connection. This additional adapter when it is added automatically modifies the firewall on creation most of the time.
I hope this helps clarify your questions.
Cisco Small Business Support Center
CCNA, CCNA - Security
This is also on the Cisco Forum, but here is one froma Microsoft post.
Greenbow is an expensive, but excellent VPN client.
Shrewsoft requires a little more patience but is also good.
We used IPSecuritas for all of our Mac users before upgrading to an SA540. The SA500 Series routers supports the built-in IPSec client in Mac OSX.
IPSecuritas was extremely reliable and was very robust.
Thank you for your input. After a few weeks of testing, I have been able to completely abandon the Cisco QuickVPN feature and its client.
For Windows (Win7) systems, I'm using the ShrewSoft VPN client, and for Mac, I'm using IPSecuritas. I have been able to get these clients working on the following Small Business devices:
RV120W (fw: 126.96.36.199)
RV220W (fw: 188.8.131.52 and 184.108.40.206)
I don't have the time at the moment to post config examples, but feel free to send me a private message, and I will certainly help as much as I can to get anyone up and running.