Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Remote VPN tunnel

Hi every one!!!

When you are configuring a remote VPN connection, there are some steps that are lost on the path.

Here you can see those steps.

A) In your Cisco device:

     1. Ensure you don´t have any rule denying the traffic between the device and the remote site

     2. Depending what kind of tunnel you are configuring, Go VPN>VPN Passthrough and enable:

                 * IPSec Passthrough

                 * PPTP Passthrough

                 * L2TP Passthrough

      3.Depending on the device Remote Management needs to be on.

               Go Firewall> Basic Settings and ensure to:

                 * Disable Block WAN Request

                 * Enable  Remote Management


      4. Users need to be created and enabled.

      5. Only One Connection per User Account.

      6. Local Network Subnet must be different than Remote Network Subnet.

      7. If using Certificate the .pem file needs to be exported and placed under the:

              “C:\Program Files\Cisco Small Business\QVPN Client” folder. 

B) In your Computer

*Windows XP:

     1. You have to disable the firewall and the antivirus

     2. Must be running Service Pack 3

     3. Must have IPSec Services Running

     4. Must have the Windows Firewall Off (the customer can have the firewall on but we do not support Microsoft or any other 3rd party Firewalls. ICMP Echo Requests are required inbound through the software Firewall for a connection to establish.)    

*Windows 7 or Vista

    1. Must running Vista Service Pack 2 or run in Vista Service Pack 2 compatibility for Windows 7.

     2. Windows Firewall needs to be on. (3rd party Firewalls will not be supported.)

     3. Must have IPSec Services Running.

    4. You have to  enable your firewall and create a couple of rules that are explained in this document.

        http://www6.nohold.net/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=2922

*Windows 8:

Change the compatibility mode to Vista SP2. Then make sure Windows firewall is ON, and also follow the instruction for the firewall configuration (Windows 7)


***QVPN could not to work if you have more than one network adapter. So if you have a laptop or a computer with two or more network adapters  (wired or wireless), you could disable the Wired/Wireless adapter(s) while you are using the QVPN, this because routing problems and IP conflicts with your local network.

You could also check these see this document:

https://supportforums.cisco.com/docs/DOC-33275

*Please  rate it so other users can benefit from it"

Greetings and I hope you find this document useful,

Johnnatan Rodriguez Miranda.

Cisco Network Support Engineer.

"GuideMe"

Cisco has a very useful tool called GuideMe, is made for small business products, and your device is in this category, you can use this address for accessing the tool:  http://sbkb.cisco.com/CiscoSB/Loginr.aspx?alt1=&pid=4&eroute=Super , is very easy to use, just complete the 3  spaces on this way:

Select a category: (Select the device type on request), e.g. Routers

Enter model: (Type the model on request), e.g. RV042

Question: (Type what  you want to know  about the device), e.g. VPN

And it'll be showing all the information you need about what you wrote.

Comments
New Member

Thanks Johnnatan for everything... I'm tryn to connecting  from Windows 8 client and I think that it's the same procedure like Win 7 right???

Regards

Orlando

Johnnatan

Johnnatan

Johnnatan

Gold

Hi orlando.

Yes, it´s the same procedure

Thanks.

Johnnatan Rodríguez Miranda.

Cisco Network Support Engineer.

New Member

Johnnatan,


Thank you for your document. Unfortunately NOTHING in it helps my WIndows 7 64 bit. I have spent many days reading HUNDREDS of frustrated users, and many support suggestions and "fixes".

I have 2 new RV-180 and both act the same. I have one VPN account; it works EVERYTIME using 2 different XP Pro SP2 x86 (32 bit). However, it only works SOMETIMES (randomly) using 3 different Windows 7 PRO SP1 systems.

Today I spent all day trying everything you suggested, and what many others suggested. I finally found a solution. What did not help was running QVPN as admin, setting compatibility to Vista SP2, adding firewall rules for ICMP, etc. In every case my log shows that Windows 7 is blocking PING.

And then I found the answer in a posting for 2010. It said that QVPN will not work if you have more than one network adapter. Of course, every laptop in the world has at least 2 adapters (wired and wireless). So I disabled the Wired/Ethernet adapter on all three laptops, and QVPN now works EVERYTIME.

The question I have is when will Cisco fix QVPN so we don't have to teach our users how to enable and disable their networ adapters whenever they want to connect to a Cisco router?

Gold

Hi Steve

Many thanks for your comment, we appreciate your time and dedication explaining the problem and also providing the solution, it will help us a lot to fix common problems with our devices, I was wondering if could you provide me the post where you saw the answer?.

Thank you.

New Member

Hi Jonathan,

My case is different. I do not use Qvpn but PPTP. I checked the Firewall settings of my RV180 and there is nothing I can configure and that may be affecting access to my internal network using a PPTP connection.

The settings of my PPTP VPN is as follows:

IPSec: check

PPTP: check

L2TP: check

In the RV180 does not have firewall settings:

- Disable Block WAN Request

- Enable Remote Management

In addition to these settings I own other PPTP VPN gateway to gateway configured, but these are not giving me a headache.

You believe that any protocol or encryption is configured for connections GW to GW is affecting the PPTP? I think this is not possible, right?

Thanks for much.


Gold

Hi Fabiano,

I encourage you to post your question in the forum so other people could see the question and help you or see the answer, in order to help you with your inconvenience, could you also share your Firewall and VPN  configuration?

Thanks

New Member

I have done everything listed.  Except change the subnet mask at the local; and remote client site.  Nothing works at all.  So now I have to change the entire network setups at the client sites to have a chance to work at all now?

How can Cisco recommend (I called in before I ordered this router) these products, when they do not work? In 20+ years of IT, I have never seen anything like this before. Cisco made me look bad with this to the client. There should be full tested documentation included with the software, which works. Not leaving all of us hanging in the breeze.

Gold

Hi Reaves

I hope you are doing well,

I want to apologize for the issues you are having, could you explain us a little more about your problem? also to specify which devices are you using? I encourage you to post your question here:

https://supportforums.cisco.com/message/3991332#3991332

In this way other users can see the post and benefit with it.

Thanks for your comment and again I apologize for your issue.

23236
Views
35
Helpful
8
Comments