RVS4000 VPN & IPAD

Similar Messages

• RVS4000 VPN Woes

  I created a VPN client account on my RVS4000 but I am unable to connect to it.  When I attempt to connect using the OS X VPN client it says it can't connect to the VPN server.  The VPN log in the RVS4000 shows this:
  May 15 14:58:40 - [VPN Log]: IP interfaces ppp0 and eth0:0 share address xxx.xxx.xxx.xxx!
  May 15 14:58:40 - [VPN Log]: no public interfaces found
  I suspect that is the problem but I don't know how to correct it in the RVS4000 settings.  The WAN is configured for Unnumbered IP + Private.
  How do I correct the interface problem?

  I believe I have the VPN configured correctly on the RVS4000, and I think it should work with the OS X VPN client, but the VPN client always reports that the vpn server does not respond, which is likely related to this entry in the VPN log on the RVS4000 when I enable the VPN:
  [VPN Log]: IP interfaces ppp0 and eth0:0 share address xxx.xxx.xxx.xxx!
  [VPN Log]: no public interfaces found
  I suspect that error is related to the WAN configuration being set to Unnumbered IP + Private, which is necessary for my network configuration, and the VPN settings in the RVS4000 do not allow me to manually set the gateway IP address for the VPN to an unused address in the unnumbered set.  That leaves me wondering if it is even possible to use the VPN on this router if the WAN is configured for unnumbered IPs.

• Has anyone had this problem with VPN iPad vpn connection could not validate the server certificate

  Has anyone had this problem with IPad 3 after upgrade to IOS 7,
  trying to to connect VPN , but I get this messag, "could not validate the server certificate".
  I am trying to connect to Oracle VPN.

  Has anyone found a solution for this yet? I am still getting the could not validate server certificate error. I have tried importing the entire certificate chain as well as importing each individual cert in the chain. My certificate works perfectly with the cisco vpn on my pc.
  This is my first experience owning an apple product, and I am very disappointed with the customer support that I have received. I tried calling the help line and no one would even attempt to answer my question. I was then told that the Mac "geniuses" wouldn't know either and that I may be able to find an answer on the message boards. So I am reaching out to the community...Has anyone been able to figure out how to resolve this issue or even the specific cause? Any help is appreciated.

• DHCP Relay RV042 to RVS4000 VPN

  Is this possible? I have a couple of thin clients at a remote location that I would like to connect to my local DHCP server.  The clients are connecting to the RVS4000 @ 192.168.20.1  .  The RVS4000 connects to the RV042 (192.168.10.1 with two WAN IPs) through the IPSEC VPN.  I have a DHCP server @ 192.168.10.239 with a scope for 192.168.10.x and 192.168.20.x.   Should this work?  Any special setting other than turning on the relay and setting the IP for the DHCP Server? Local DHCP clients are connecting fine, but not the remote clients.  I did see one request an address when I first turned it on, but it timed out on the other side. After that I haven't been able to get another request through.  Thanks for reading.

  Larry,
  I don't believe what your wanting to do will work. The reason is, when you have an ip address you have a specific default gateway and that gateway is your access off you local network.
  If your default gateway is on another network and your on a remote local network you will not be able to get out.
  Try doing a static ip address on the clients and see if that works.
  If it does then you can leave them static, but i believe this will not work.

• VPN: iPAD IPSEC AND MICROSOFT TMG

  I have problem with connecting to my ipsec vpn on microsoft TMG.
  When i try connect (on ipsec with certificate) from windows xp and win7 to this vpn I dont have any problems.
  On My ipad I can only connect on L2tp with preshared key, but on ipsec with certificate still nothing.
  I try connecting on two certificates: on the same whot I have on pc, and on new only to ipad. On iphone configuration tool i install all certificates (CA root, CA sub, VPN on TMG, client cert with client authentication). In my cert i have external crl. I try to on certificate with additional SAN-s (VPN server FQDN and IP address)
  When I try connect on ipad to tmg ipsec vpn I found that error on logs:
  EventId: 4653
  An IPsec main mode negotiation failed.
  Local Endpoint:
       Local Principal Name:    -
       Network Address:    x.x.x.x
       Keying Module Port:    500
  Remote Endpoint:
       Principal Name:        -
       Network Address:    x.x.x.x
       Keying Module Port:    500
  Additional Information:
       Keying Module Name:    IKEv1
       Authentication Method:    Unknown authentication
  So maybe any one can help me ? Whot I do wrong ?
  Thanks a lot.

  Hi
  The application in Itunes is indeed free however in order to use it you will need to have a special anyconnect mobile licence loaded onto the Cisco ASA. The licence can be ordered through a Cisco registered partner with part code L-ASA-AC-M-55XX= (XX=05,10,20,40,50,80 depending on the model).
  Alex

• Configure RVS4000 Behind 2700-Gateway Qwest DSL Router VPN

  I have my QWEST DSL Router 2700-Gateway using a static public IP address
  This is setup to be the DHCP and assigned 192.168.0.2-50
  I need some help how to connect my RVS4000 and utilize VPN so I can connect to my work network from home. The 2700-Gateway has some features like Transparent Bridging, etc, but not sure how to me this work. Can anyone point me to article even if it's configuring with another DSL Router.
  Here is how I tried with my medium knowledge of networking...
  I have configured the RVS4000 as:
  LAN Static IP
  192.168.0.115
  Configured as DHCP Relay
  the 2700-Gateway router saw the device so:
  Configured firewall on 2700-Gateway for PORT FORWARDING:
  TCP port 1723 for PPTP tunnel maintenance traffic
  UDP port 47 Generic Routing Encapsulation (GRE)
  UDP port 500 for Internet Key Exchange (IKE) traffic
  UDP port 1701 for L2TP traffic
  --> 192.168.0.115
  This did not work.

  gv,
  Thanks for your help. I discovered the EasyVPN works quite differently then I expected a IPSec to work. Thanks for the suggestions. I documented my finding and procedure below.
  The answer was to use the transparent bridging setting on my DSL modem model 2Wire GATEWAYHG-2700 and and turn off Search PCV,  then setup the PPPoE on the RVS4000 VPN router to accept and authenticate my public IP address.
  Once I had the modem and router configured, I then had my RVS4000 VPN router ready to test VPN client. The documentation is vague. But after doing some research on here and having some difficulty:
  My Finding:
  I already had latest Firmware 1.109 from purchase
  On the client, I discovered from reading that the EasyVPN uses 443. Well I have this forwarding to a exchange server to utilize RPC/HTTPS with outlook. This turns out that it was fixed with the lastest firmware
  The new firmware allows this, as they fixed the vpn listening port override to port 60443..
  I port forwarded this to my router gateway 192.168.1.1
  In order to use this port, you must have the lastest client from the downloads at RVS4000 version. 1.10 which adds a drop box Auto/443/60433. I found auto and 60443 to work with my configuration.
  This configuration let me connect successfully.
  If you read the readme that's included with the EasyVPN client download, you have to export the client cert under VPN, and copy the file *.pem to the root folder of the vpn client.exe stated in readme to get rid of the security popup. This worked for me.
  So everything seems to be connecting.. But know get "The remote gateway is not responding" popup.  I tried the suggested MTU setting with no luck.
  After establishing a network share under map drive, this seems to have stop responding as well once this popup occurs.
  Things like this should just not be so hard..
  So I found this post in regards to my problem and hoping to here if anyone else has found a solution or work around here. Good night, some things are just not worth staying up late for,
  http://forums.linksys.com/linksys/board/message?board.id=Wired_Routers&message.id=13651#M13651
  Message Edited by MOTOGEEK on 12-10-2007 11:01 PM
  Message Edited by MOTOGEEK on 12-10-2007 11:04 PM
  Message Edited by MOTOGEEK on 12-10-2007 11:05 PM

• Install RVS4000 with DSL modem / router combo?

  I'm trying to install a RVS4000 VPN router in our small office.  My problem is that AT&T has installed a Netopia 3347-02 DSL combination Modem / router.  So I can't connect the RVS4000 directly to a dsl modem, the only access I have is on the Lan side of the Netopia.  When I tried to set the WAN side of the RVS4000 to the same subnet as our Lan, it wouldn't let me do that.  I tried setting the Lan side of the Netopia and the Wan side of the RVS4000 to (the same) slightly different subnet, but that didn't work either.  The only way I can get internet access going through both devices is to connect the Lan side of the Netopia to the Lan side of the RVS4000, but that bypasses the VPN, correct?  The reason I bought the RVS4000 is for the VPN.  Is there a way to configure the RVS4000 in this situation, or do I need to get a plain old DSL modem without a built in router?
  Thanks, Scott

  Scott,
  You should not need to get another device to use the VPN functions of the RVS4000.  To setup the equipment you have, you just need to place the Netopia DSL router into "bridge" mode.  This will then allow you to connect the DSL router to WAN (internet) port on your RVS4000.  Once in bridge mode, your WAN port on the RVS4000 will receive its IP address from AT&T, which will then take over all routing functions, and enable you to use the VPN feature of this router.
  If your DSL provider is using PPPoE, you will need to select "PPPoE" on the WAN setup page of the RVS4000, then enter the username and password into the RVS4000 so that it can authenticate and get an IP address from AT&T.
  To place the Netopia DSL router into "bridge" mode, I am including a link to one of their user guides.  The section for placing it in bridge mode starts on page 107.
  http://www.netopia.com/support/hardware/SoftwareUserGuideV761-Clsc.pdf
  Thank you,
  Darren

• RVS4000 certificates not recognized

  Ever since we updated our RVS4000 VPN router to firmware version 1.3.2.0 (~ July 2010) and our Cisco VPN Client software to version 1.4.0.5, the connection cannot recognize our installed certificates.  We did not create new certificates after the firmware update.  I moved my certificate files from the old install directory.  When this didn't work, I re-exported the RVS4000 certificates (admin and client) and placed them in:
  c:\Program Files\Cisco Small Business\QuickVPN Client\RVS4000_Admin.pem
  c:\Program Files\Cisco Small Business\QuickVPN Client\RVS4000_Client.pem
  When I connect (same for my co-workers), we get the window:
  Server's certificate doesn't exist on your local computer.  Do you want to quit this connection?  Yes / No
  When we say No to the question, we get connected.
  Why doesn't the CiscoVPN Client recognize the files?  I am running WinXP and already have the Microsoft patch for packet losses and connection problems.
  Thank you,
  Rene Feitelson

  omg how i hate seeing speculative answers by people with the "cisco" icon next to their name. you would think that the MAKERS OF THIS HARDWARE (and their employees who are purportedly subject matter experts on said hardware) would be able to provide technical solutions rather than SPECULATING and GUESSING at how to fix the problem.
  so yea, i'm having the exact same problem. however, the only cert i have is the client cert in the correct directory. so none of that asinine "QuickVPN Client might be confused by this certificate" (NO CISCO REP SHOULD USE THE WORD "MIGHT" --- FOR GODS SAKE, KNOW WHAT YOU'RE TALKING ABOUT!!! YOU ONLY WORK FOR THE COMPANY!!!).
  i tried generating a new certificate on the RVS4000 and then using that certificate in the correct QVPN directory. i even downgraded the software thinking there was a problem with the most recent version.
  STILL HAVING ISSUES.
  WILL SOMEONE WHO KNOWS WHAT THEY'RE TALKING ABOUT THAT WORKS FOR CISCO PLEASE PROVIDE A WORKING TECHNICAL SOLUTION INSTEAD OF GUESSING!?

• RVS4000 Bandwidth issue

  Hello
  I have recently purchased a RVS4000 VPN Router and I have a slight problem I wish an expert to help me with.
  At home I have a 100Mbps internet connection which gets a result of around 80-98Mbps on the speedtest.net . However, when I connect the RVS4000 to my network I can only achieve 20Mbps. I am using Cat 6 cabling for everything with Gigabit ports. The QoS / bandwidth settings are disabled.
  Any ideas what could be causing the slow down?
  Regards
  Chris D

  Wrong forum, try  "small business - routers".

• RVS4000 firmware updates don't work with Internet Explorer 8.0

  I have 2 RVS4000 VPN routers.  Neither would accept firmware updates via the admin browser interface using Internet Explorer 8.0.  After lots of troubleshooting, I tried Chrome (Google) on 1 router and Mozilla Firefox on the other.  Both updates were successful.  The firmware rescue utility that you can download from the Cisco web site also works.  It does the update without the browser interface, but installs a slightly older version of firmware than is availble for browser-based firmware updates.  I hope this saves you time and frustration when you need to update your routers.
  Rene Feitelson

  Rene,
  A thousand thanks for taking the time to post your result. You've made my day!
  I have spent over 8 hours today trying to implement a firmware upgrade on my RVS4000, with zero success. I initially used Safari 5 (on a Win XP SP3 machine) in order to update IPS to v1.42, with no success. Switching to MS IE8 and the update worked fine - hence I stuck with IE8 for the firmware update. I can confirm your result - IE8 does not initiate a firmware update, nor does it provide any feedback whatsoever on its failure.
  Using the Firefox v3.5.9 browser the RVS4000 v1.3.2.0 firmware update worked straight away without a glitch.
  So, perhaps a general "Heads Up" to everyone - if you have any issues when trying to configure your Router, then try using another browser as the first step.
  Many thanks again, Rene.
  Message was edited by: Robert Gough
  Oh, another issue that might help folks:
  When the firmware update file "filename.img" is downloaded from the Cisco site Windows interprets it as a .zip file and associates the usual ZIP file icon to it. Cisco's documentation states "unpack the file and ......". This immediately leads one to believe that the firmware update file is contained in the ZIP file. This is not the case! It is NOT a ZIP file at all, but is the binary that the router requires.
  If one tries to unzip the file WinZip throws up an error "ISO file incomplete" and doesn't unzip it.
  So, ignore the ZIP file icon and just point the router firmware updater at the .img file, despite its ZIP icon.

• Problem configuring RVS4000 router

  I just purchase the Cisco Router RVS4000 vpn and I am having problem configuring the VPN option.  I just try all way I could imaging, but somehow something are missing and I don't know what it is.  Here are a image of my current configuration.

  Without examining this in detail, it is only half of the equation.  The other end of the tunnel needs to be configured as well.  BTW, don't ever post your WAN IP and shared key in a public forum.  Change the key.

• HOWTO: Setting up Server-Side Authentication with SSL

  This howto covers the configuration of server-side SSL authentication for both Net8 and IIOP (JServer) connections. It documents the steps required to set up an SSL encrypted connection; it does not cover certificate authentication.
  It is worthwhile noting that although the setup of SSL requires the installation of certificates, these certificates do not have to be current, only valid. For some reason, in order to enable SSL connections, it is necessary to set up valid certificate file on the server whether you intend to use certificate authentication or not.
  NOTE: I have been unable to determine whether or not the above statement is entirely correct. If anyone can confirm or disprove it, please let me know.
  The steps described below must all be carried out from the same logon account. They have been tested on both 816 and 817 databases, but will probably work for all versions, including 9i (unless there have been some drastic changes in 9i that I'm not aware of).
  1. Log on to the database server with an administrative login.
  Configure the database and listener to run under the current login account (Control Panel -> Services). It is not necessary to restart these services at this time.
  2. Create an Oracle wallet and set up the required certificates
  (i) Open the Oracle Wallet Manager:
  Start -> Programs -> [Oracle Home] -> Network Administration -> Wallet Manager
  (ii) Create a new wallet (Wallet -> New).
  (iii) When prompted, elect to generate a certificate request.
  (iv) On the request form, the only field that matters is the Common Name. Enter the fully qualified domain name (FQDN) of the database server (i.e. the name with which the database server will be referenced by clients).
  (v) Export the certificate request to file (Operations -> Export Certificate Request).
  (vi) Obtain a valid server certificate from an authorised signing authority. It will also be necessary to download the signing authoritys publicly available trusted root certificate. Certificates can be obtained from Verisign (http://www.verisign.com/)
  (vii) Install the trusted root certificate obtained in (vi) into the wallet (Operations -> Import Trusted Certificate). Either paste the contents of the certificate file, or browse to the file on the file system.
  (viii) Install the server certificate obtained in (vi) into the wallet (Operations -> Import User Certificate). Either paste the contents of the certificate file, or browse to the file on the file system.
  (ix) Save the wallet (Wallet -> Save). The wallet will be saved to the [user home]\Oracle\Wallets directory.
  3. Configure the listener for SSL.
  (i) Open the Oracle Net8 Assistant:
  Start -> Programs -> [Oracle Home] -> Network Administration -> Net8 Assistant
  (ii) Select Net8 Configuration -> Local -> Profile.
  (iii) From the drop-down list at right, select Oracle Advanced Security. Select the SSL tab.
  (iv) Select the Server radio button.
  (v) In the wallet directory field, enter the location of the wallet created in step 2, e.g. C:\WINNT\Profiles\oracleuser\ORACLE\WALLET
  (vi) Uncheck the Require Client Authentication checkbox.
  (vii) Select Net8 Configuration -> Listeners -> [listener name].
  (viii) Add a new address:
  Protocol: TCP/IP with SSL
  Host: [database server FQDN] (e.g. oraserver)
  Port: 2484
  (ix) Add a second new address:
  Protocol: TCP/IP with SSL
  Host: [database server FQDN] (e.g. oraserver)
  Port: 2482
  Check the Dedicate this endpoint to IIOP connections checkbox.
  (x) Save the Net8 configuration (File p Save Network Configuration).
  (xi) Restart the listener service.
  4. Configure the database to accept SSL connections.
  (i) Open the database inti.ora file (\admin\[SID]\pfile\init.ora or equivalent).
  (ii) At the bottom of the file, uncomment the line that reads
  mts_dispatchers = "(PROTOCOL=TCPS)(PRE=oracle.aurora.server.SGiopServer)"
  (iii) Save the file and restart the database service.
  5. Test the SSL confi guration using the Net8 Assistant.
  (i) Open the Oracle Net8 Assistant.
  (ii) Select Net8 Configuration -> Local -> Service Naming.
  (iii) Add a new net service (Edit p Create).
  Net service name: [SID].auth (e.g. iasdb.auth)
  Protocol: TCP/IP with SSL
  Host: [database server] (e.g. oraserver)
  Port: 2484
  Service Name/SID: [SID] (e.g. iasdb.orion.internal)
  Note: at the end of the net service configuration, click Finish, not Test. The test can hang if run from the wizard.
  (iv) Test the connection (Command -> Test Service). If the only error to appear is username/password denied, the test has succeeded.
  null

  Dear Alex,
  Thank you for reaching the Small Business Support Community.
  I would first suggest you to uncheck the "Perfect Forward Secrecy" setting on the RVS4000 and if see if there is some similar setting enabled, then disable it, on the other side.  If still the same thing happens, then go to RVS4000, VPN Advanced settings, and disable the "Aggressive Mode" so it becomes "Main mode" and use the same on the other end of the tunnel.
  Just in case and as a VPN configuration guide, below is a document called "IPSec VPN setup" if it helps somehow;
  http://sbkb.cisco.com/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=587
  Besides my suggestions I would advise you to contact your ISP to make sure there is no IPSec traffic restrictions and/or if there is something in particular they require to make this happen and please do not hesitate to reach me back if there is any further assistance I may help you with.
  Kind regards,
  Jeffrey Rodriguez S. .:|:.:|:.
  Cisco Customer Support Engineer
  *Please rate the Post so other will know when an answer has been found.

• I need the communities help in solving a network issue

  Hello all,
  I need your help. I am experiencing brief losses in connectivity somewhere in my Internet connection. They happen sporadically. Some days I get none, on average I get 1-2, rarely more then 3. And they  last from 10-30 seconds. Nothing has to be done on my end to start communication happening again.
  All, in all, it is relatively minor.  Except that I work from home. My VPN connection can drop during this time causing some frustration. But, the biggest problem is my VOIP phone (over this VPN). The phone always drops off and has to re-register (1-2 minute process). I am often times leading critical phone meetings, and dropping off-line is not an option.
  So, why am I asking you for help?  Well I have almost an exclusive Apple environment (as much as I can at least). I am wondering if there is any way I can figure out what is going on through some sort of logs on my Airport Extreme? Is there some sort of sniffer program that can be installed on the Mac that will help?
  I have called my cable internet provider (Cox) and of course they say everything is fine on their end.  I don't know where to start!
  Any help would be appreciated!
  Stuart

  Thanks for the update on the Cisco. I use a Cisco RVS4000 VPN router as my main Internet router and have a pair of 802.11n AirPort Extreme Base Stations (AEBSn) that connect back to this Cisco by Ethernet which provide wireless for both floors of my house. I use the same Cisco VPN client to access a work PC as well.
  However, notice that I have the VPN router well upstream in my network as it is directly connected to my Broadband modem. This would be the ideal location for a VPN appliance, but is not mandatory.
  Your AirPort, unfortunately, does not have any QoS or traffic-shaping features. That means all data coming/going though the AirPort is pretty much treated equally. Your work-provided Cisco router does have these features and could be configured to prioritize all VPN and/or VoIP data traffic.
  It may be possible the issues you are seeing is where this Cisco is situated downstream of both another router and a switch.

• Setting up CUVC-M and CUVC-D Behind Firewall

  I recently setup
  cuvc-m and cuvc-d(Scopia Desktop) behind a customer firewall. I opened ports 7070, 80 and 8080. When I browse to the website it starts to connect then says the connection is terminated. What other ports do I need to open to the server for this to work?
  I did a wireshark trace and looks like I need to add 443, 10260 and 10262 but I want to confirm this is correct and there aren't others
  Thanks
  Greg

  Dear Alex,
  Thank you for reaching the Small Business Support Community.
  I would first suggest you to uncheck the "Perfect Forward Secrecy" setting on the RVS4000 and if see if there is some similar setting enabled, then disable it, on the other side.  If still the same thing happens, then go to RVS4000, VPN Advanced settings, and disable the "Aggressive Mode" so it becomes "Main mode" and use the same on the other end of the tunnel.
  Just in case and as a VPN configuration guide, below is a document called "IPSec VPN setup" if it helps somehow;
  http://sbkb.cisco.com/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=587
  Besides my suggestions I would advise you to contact your ISP to make sure there is no IPSec traffic restrictions and/or if there is something in particular they require to make this happen and please do not hesitate to reach me back if there is any further assistance I may help you with.
  Kind regards,
  Jeffrey Rodriguez S. .:|:.:|:.
  Cisco Customer Support Engineer
  *Please rate the Post so other will know when an answer has been found.

• How Do I connect to Home VPN with IPAD

  Hello All,
  I have setup my home server on Mac Mini with OS X Server App.  I have it configured on my Ipad and the Ipad shows that it is connected.  NOW WHAT???  haha.  I float around my ipad screen and I can't get to my home server.  Ive downloaded a couple of vpn apps but they seem to want to connect me with the company that produced the app.  I just want to connect to my home server and access music and such via vpn.  I dont know what my next step is.
  Thanks in advance,

  Hmmm...
  I am definitly not an expert on this topic but I'll give you my thoughts and hopefully others will as well.
  By using Home Sharing on itunes on your mini, Connecting both to your Applee ID (same), this would allow to share the video and audio content to your ipad while on the home network, then by leveraging the VPn when away from the home network, (set-up VPN in Server & connect with Settings> VPN on IPad)  http://support.apple.com/kb/HT3819  Then get the same functionality while away.
  Now connecting through the web browser is not in my knowledge but I believe you would have to host the website and have within it different modules to support the sharing of content but hosted by your server app.
  I hope this helps some, Good luck!