Two RV042 VPN setup

We are a small business in Indiana and have someone in Idaho connected to us via VPN that does freelance graphic design for us.  She is currently connected to us via a VPN on two Linksys WRV54g routers but our connection is dropped constantly.  I have read online this seems to be a problem so I have purchased 2 RV042 routers to do this since people seem to be much happier with them.  Is there some documentation that will walk me through setting this up?  I will probably want to set them up to be the internet router for the two locations as well (right now in Indiana we have a separate router for that purpose).  We would like to see each other both ways.  She also uses our server as her DNS server since she is in our domain.  Does this make sense?  I know enough to get myself in trouble on this!  Thanks

There are two ways to do this. one is Gateway to Gateway. This uses two RV042 Router praferably with static or reserved IP addresses on both ends.
The second is Client to Gateway this uses one RV042 Router and the built in Microsoft VPN Client. This requires one static or reservered IP on your end.     Best way to test this is build it between two internet connections like work and home or if you have two internet connections at work.
If you chose VPN Gateway to Gateway
add a new tunnel
give the tunnel a name like "business name city name"
chose the LAN port to use WAN1
next is local group setup.
I use IP Only
the router WAN ip address is there and greyed out. take note of this IP
Local Security Group Type SUBNET
enter your internal IP segmant. (if you are using 192.168.1.1 then enter 192.168.1.0
enter subnet 255.255.255.0
Remote group setup is next.
again IP only
enter Her WAN IP address
Choose Subnet
then enter her internal IP segmant. note it has to be different then yours. (if you are using 192.168.2.1 enter 192.168.2.0)
Ike with preshared
Group 1
DES
MD5
28800 and so on
Enter the pre shared key and take not of it
Look at page 36    http://www.cisco.com/en/US/docs/routers/csbr/rv042/admin/guide/RV042_V10_UG_C-WEB.pdf
Now do the same thing on the other router just revers the local and remote security groups. it is important that the two router are on different Ip segments.
if you have any question just ask.
Peter Labelle

Similar Messages

  • Need Help Setup Cisco RV042 vpn

    good day everyone, a month ago my boss purchase 4 pcs cisco rv042 vpn to be used in our small office and to our satelite office, with expectations of simple file sharing and remote troubleshooting and for better and safe data transfer. since the task is given to me as an IT staff it is difficult to me to setup this vpn router since i have a little  idea and many question are on my mind that need to be answered, i read the manual test the vpn router but still no good answered found. i know it is dufficult but with proper guide and step by step on how to use this one i can make it work. please anyone help me i need answers to this questions.
    i am using windows 7 pro sp1 64bit for my test unit, how can i make a vpn server? a client?
    in the past i connect the internet connection in the internet connection port in the back of the router, then another cable from vpn port 1-4 i select #4 port to connect to my pc, since the vpn give the ip on my pc i can easily connect to the firmware of the vpn using the deafault username and password. when i go to the firmware i dont know where to start, and i dont even have the internet connection for my pc.
    i feel sorry for myself beacuse i have no idea in this kind of thing, CISCO people and others out there i am calling for your help.
    thank you in advance
    mel

    Dear Emilio,
    Thank you for reaching Cisco Small Business Support Community.
    If you’d like to setup a Site to Site VPN on your RV042 here is a good step by step guide;
    http://sbkb.cisco.com/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=304
    If you are looking into a remote access VPN, QuickVPN, here is the step by step procedure;
    http://sbkb.cisco.com/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=452
    Just in case here is also a document with Windows operating systems tips;
    http://sbkb.cisco.com/CiscoSB/Loginr.aspx?login=1&pid=2&app=search&vw=1&articleid=2922
    Finally here is a link with the Admin Guide where starting on page 122 you can find everything related to VPN setup on this particular device model, beside info in how to setup your internal network (I suggest you to go through this admin guide so you know everything about the router);
    http://www.cisco.com/en/US/docs/routers/csbr/rv0xx/administration/guide/rv0xx_AG_78-19576.pdf
    Please let me know if there is any further assistance we may assist you with.
    Kind regards,
    Jeffrey Rodriguez S. .:|:.:|:.
    Cisco Customer Support Engineer
    *Please rate the Post so other will know when an answer has been found.

  • Remote Access VPN Setup

    Hello Support,
    I have a question regarding a remote access VPN setup with the following. I have a Cisco 6500 with multiple VLANs, and an FWSM setup in mutliple context mode. Each of our clients sits behind their own context, and has their own associated VLANs. Each context has a shared interface, so that one network (our management network) can see all of the networks. We are using a Cisco ASA to terminate P2P VPNs as the FWSms cannot do so, but I would like to setup a remote access VPN from the ASA, but I will need to connect in and have access to all networks. Currently the ASA has an outside interface for internet, two client inside interfaces, and one interface on the shared network.
    If I setup a remote access VPN from the ASA with a separate scope will I be able to see all the networks that I setup routes and nonats for or is there more to it?
    I provided a brief diagram showing all the vlans, I will need to be able to access all of the 6500s vlans when connected using the VPN.
    Thanks in advance for all ideas, suggestions, and assistance.

    Hello John,
    You will need to configure the respective IP Address pool for the Anyconnect users,
    Then create the no_nat rules from all of the internal subnets to the Anyconnect Pool.
    That should do it bud . I mean just make sure the internal network (core) knows that in order to reach the anyconnect pool must send the traffic to the ASA.
    Rate all of the helpful posts!!!
    Regards,
    Jcarvaja
    Follow me on http://laguiadelnetworking.com

  • RV042 VPN Connection Questions

    Hello,
    I have successfully connected two RV042s to establish a VPN gateway to VPN gateway connection. I have the follow questions, please comment:
    1. I would like to keep the VPN tunnel connection time indefinite. Is it sufficient by checking the "Keep-Alive" box on the VPN -> Gateway To Gateway -> Advance page? Or, I have to ping the RV042 periodically?
    2. Do the "Phase 1/Phase 2 SA Life Time" (on VPN -> Gateway To Gateway page) settings have any impact on keeping the VPN connection time indefinite? What are the optimal values for them?
    3. Is there an API, command, or script to replace a manual clicking on the "CONNECT" button to establish the VPN tunnel from the VPN -> Summary page? Or, is there a way to accomplish this at power up?
    4. Is there a way to establish a VPN tunnel without going through login and clicking the "CONNECT" button? (Auto connect at power up?)
    Thank you in advance for the comments.
    Steve

    Hi, Mike,
    I did not do any extensive testings on the RV042s, but I did the following things to my RV042s:
    1. Enabled the "Keep-Alive" feature  (see Administration Guide, page 128),
    2. Enabled the "Dead Peer Detection" feature and set the interval to 10 seconds. (see Administration Guide, page 129).
    Make sure you save the changes.
    These features are available below the "Advanced" button under the VPN selection. I hope this help.
    You can power down the router or disconnect the network to verify the result. The VPN tunnel should be re-established and stay connected.
    Steve

  • Cisco RV042 VPN unable to connect to Netgear PS FVS318

    Hello,
    We recently replaced one of two Netgear ProSafe VPN FVS318 with a Cisco RV042 VPN. Both Netgear were configured site-site and was working fine until one of them failed. We copied as much configuration settings from the failed Netgear PS to the RV042 but were unsuccessful in establishing a connection between the two sites.
    The logs on the Cisco router shows this:
    VPN Log packet from 1.1.1.1:500: received Vendor ID payload [RFC 3947]  
    VPN Log packet from 1.1.1.1:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]  
    VPN Log packet from 1.1.1.1:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]  
    VPN Log packet from 1.1.1.1:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]  
    VPN Log packet from 1.1.1.1:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]  
    VPN Log packet from 1.1.1.1:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]  
    VPN Log packet from 1.1.1.1:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]  
    VPN Log packet from 1.1.1.1:500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet  
    VPN Log packet from 1.1.1.1:500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet  
    VPN Log packet from 1.1.1.1:500: initial Main Mode message received on 2.2.2.2:500 but no connection has been authorized with policy=PSK  
    Each time we select a tunnel test connect, that last message appears with "but no connection has been authorized with policy=PSK"
    *replaced actual IP with sample IP.
    Any ideas why this is happening?
    Thank you!

    Hello,
    It looks as RV042 receive phase 1 configuration from Netgear, but due to mismatch with it's phase 1 settings does not reply back.
    I can't be more specific as this could be anything in phase 1 - aggressive/main mode; the WAN IP addresses, encryption or SA lifetime. As well if any of the devices is behind NAT, the option NAT traversal should be checked.
    Regards,
    Kremena

  • I do not see where to enter IP addresses in the Open VPN setup. Also, how can I set it up so that I can choose different servers in the same way as I can currently choose them with my VPN app but for PPTP?

    I think I have it working on my iPhone 5. But, I do not see how I can control the exit point that I would like for the VPN. Are all the exit points shown in the VPN setting now going to work with Open VPN, or do they remain PPTP? If I am reading correctly, they look like they remain PPTP. If I cannot control the exit point for open VPN, which exit point is the default in the profile you provided me?I note that Open VPN Connect does not work with any of the new 64 bit devices like the iPhone 5S, the iPad Air, and the new iPad MIni. Is there any chance that you guys will come up with an update for your app so that open VPN can be made to work on all iOS devices? That would be nice, particularly if the Open VPN Connect app does not give me a choice of exit points.Thanks,
    I do not see where to enter IP addresses in the Open VPN setup. Also, how can I set it up so that I can choose different servers in the same way as I can currently choose them with my VPN app but for PPTP?
    Just a quick note to tell you that Open VPN has updated their app so that it is compatible with 64 bit ARM devices like the iPhone 5S, the iPad Air, and the iPad Mini Retina.That does not resolve the problem of how to easily choose among the various possibilities for the exit server. We need to find an easy way to choose.

    Thank you for trying the new Firefox. I'm sorry that you’re unhappy with the new design.
    I understand your frustration and surprise at the removal of these features but I can't undo these changes. I'm just a support volunteer and I do not work for Mozilla. But you can send any feedback about these changes to http://input.mozilla.org/feedback. Firefox developers collect data submitted through there then present it at the weekly Firefox meeting
    I recommend you try to adjust to 29 and see if you can't make it work for you before you downgrade to a less secure and soon outdated version of Firefox.
    Here are a few suggestions for restoring the old design. I hope you’ll find one that works for you:
    *Use the [https://addons.mozilla.org/en-US/firefox/addon/classicthemerestorer/ Classic Theme Restorer] to bring back the old design. Learn more here: [[How to make the new Firefox look like the old Firefox]]
    *Use the [https://addons.mozilla.org/en-US/firefox/addon/the-addon-bar/ Add-on Bar Restored] to bring back the add-on bar. Learn more here: [[What happened to the Add-on Bar?]]

  • To run VPN setup my iphone is requesting for 4 digit pass code ... can you pls assisit?

    To run VPN setup my iphone is requesting for 4 digit pass code ... can you pls assisit?

    Hello RozR,
    We've an article that can help circumvent the new passcode and restore access to your iPhone.
    iOS: Forgotten passcode or device disabled after entering wrong passcode
    http://support.apple.com/kb/HT1212
    Cheers,
    Allen

  • RV120W VPN Setup - basic help needed

    Hi all,
    I've recently bought a RV 120W Wireless-N VPN Firewall hoping it would ease me in creating VPN and remote connectivity. But I seems to be struggling with this.
    Here is my situation.
    When I bought my Cisco router I didn't know it had an ethernet port for WAN. I thought it would have a RJ11 compliant port. So now I am having to put the router behind my modem.
    I gave my modem's LAN 192.168.2.1 and to RV120W I gave 192.168.2.2.
    All PC's are not connected to internet via RV120W. For RV120W, the local IP network is 192.168.1.0. I've set 192.168.1.1 as the management IP of the Cisco RV120W. All the PC's can get internet from the above layout arrangement.
    With frustration, I've portforwared all my ports on the modem (except 1 port) to RV120W i.e to IP 192.168.2.2.
    If I enable PPTP on RV120W I can ping its port (1723 i remember) from outside. If I connect to port 80 from outside my network, I can get the managemnt interface of the RV120W.
    With the help of the RV120W's userguide I managed to create VPN policy stuff via the 'basic VPN Setup' menu. The guides says to use a wizard but there is no wizard for VPN setup.
    With that I have even created users (of every type) but I just can't make the connection.
    When I use the QuickVPN to connect... its goes from "Connecting", "Activating Policy" again "Connecting" and then a big error saying a couple of things that might have caused the error.
    I want to start from the beginning.
    Can somebody please help me.
    First... what I am I supposed to put in the fields of the following screenshot. Especially the fields "Remote WAN's IP Address", "Local WAN's IP Address" and "Local LAN IP Address".

    Once I knew about the bridge mode thing from this discussion, I started reading the manual of the modem in regard to the brigde mode setup.
    According to the manual, the 'Data' bulb on the modem would be off if the modem is in bridge mode. and I've successfully put the modem on bridge mode I guess. It was pretty easy. I just deleted all the WAN setup rules/configs and began with the initial setup wizard which basically had the option to set the modem to bridge mode. After so, the 'Data' bulb got off meaning the modem is now in bridge mode. I am happy about that
    But... still not done.
    I put one ethernet cable into of the LAN ports of the modem and put the other end in RV120W WAN port. Logged into to RV120W, configured new PPPoE profile (I have the user and pass details) and attached it to the WAN internet setup config.
    I went back to the dashboard of RV120W to see if WAN was up. It didn't. I gave some time. It didn't work. It says 'connecting' but never connects.
    What am I doing wrong? Am I putting the cable between the modem and router the right way?
    ...and also, when the modem is in bridge mode will it forward all packets from lan to wan and vice versa or is it like forwarding packets to all ports once recieved.
    (I am learning so much with this RV120W )

  • Simple VPN Setup Fails with "NOTIFY PROPOSAL_NOT_CHOSEN protocol"

    Hi,
    This is pulling my hair out! Must be overlooking something very simple!
    Simple lab setup with 3 routers. VPN setup between R1 & R3 with static routing. R2 connects R1 & R3. All interfaces are reachable, including loopbacks. I am trying to encrypt traffic between loopback on R1 (69.69.69.69) to loopback on R3 (192.168.100.223).
    With no Crypto Map applied to outgoing interfaces on R1 and R3 ping is successful (sourced via local loopback) between the loopbacks. As soon as I add the Crypto Map the same ping fails and and I get the following debug messages.
    When ping initiated via outgoing interface, ping successful!
    *Oct  6 11:44:26.121: ISAKMP: set new node 0 to QM_IDLE
    *Oct  6 11:44:26.125: SA has outstanding requests  (local 103.13.216.8 port 500, remote 103.13.215.236 port 500)
    *Oct  6 11:44:26.129: ISAKMP:(1002): sitting IDLE. Starting QM immediately (QM_IDLE      )
    *Oct  6 11:44:26.133: ISAKMP:(1002):beginning Quick Mode exchange, M-ID of -1381344893
    *Oct  6 11:44:26.137: ISAKMP:(1002):QM Initiator gets spi
    *Oct  6 11:44:26.145: ISAKMP:(1002): sending packet to 172.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
    *Oct  6 11:44:26.145: ISAKMP:(1002):Sending an IKE IPv4 Packet.
    *Oct  6 11:44:26.149: ISAKMP:(1002):Node -1381344893, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
    *Oct  6 11:44:26.153: ISAKMP:(1002):Old State = IKE_QM_READY  New State = IKE_QM_I_QM1
    *Oct  6 11:44:26.301: ISAKMP (0:1002): received packet from 172.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
    *Oct  6 11:44:26.305: ISAKMP: set new node -1825528760 to QM_IDLE
    *Oct  6 11:44:26.313: ISAKMP:(1002): processing HASH payload. message ID = -1825528760
    *Oct  6 11:44:26.317: ISAKMP:(1002): processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 3
            spi 2376679447, message ID = -1825528760, sa = 670DD6A4
    *Oct  6 11:44:26.317: ISAKMP:(1002): deleting spi 2376679447 message ID = -1381344893
    *Oct  6 11:44:26.321: ISAKMP:(1002):deleting node -1381344893 error TRUE reason "Delete Larval"
    *Oct  6 11:44:26.325: ISAKMP:(1002):deleting node -1825528760 error FALSE reason "Informational (in) state 1"
    *Oct  6 11:44:26.329: ISAKMP:(1002):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
    *Oct  6 11:44:26.329: ISAKMP:(1002):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
    R1
    crypto isakmp policy 1
    authentication pre-share
    crypto isakmp key cisco address 172.1.1.1
    crypto ipsec transform-set TEST esp-3des esp-sha-hmac
    crypto map CRYPTO 1 ipsec-isakmp
    description IPSec Peer to R3
    set peer 172.1.1.1
    set transform-set TEST
    match address ACL1
    interface GigabitEthernet1/0
    ip address 192.250.156.6 255.255.255.0
    no ip route-cache cef
    no ip route-cache
    negotiation auto
    crypto map CRYPTO
    ip access-list extended ACL1
    permit ip host 69.69.69.69 host 192.168.100.223
    R1#sh crypto isakmp sa
    IPv4 Crypto ISAKMP SA
    dst             src             state          conn-id slot status
    172.1.1.1       192.250.156.6   QM_IDLE           1002    0 ACTIVE
    R3
    crypto isakmp policy 1
    authentication pre-share
    crypto isakmp key cisco address 192.250.156.6
    crypto ipsec transform-set TEST esp-3des esp-sha-hmac
    crypto map TEST 1 ipsec-isakmp
    description Primary IPSec Peer to R1
    set peer 192.250.156.6
    set transform-set TEST
    match address ACL1
    interface GigabitEthernet1/0
    ip address 172.1.1.1 255.255.255.0
    no ip route-cache cef
    no ip route-cache
    negotiation auto
    crypto map CRYPTO
    ip access-list extended ACL1
    permit ip host 192.168.100.223 host 69.69.69.69
    R3#sh crypto isakmp sa
    IPv4 Crypto ISAKMP SA
    dst             src             state          conn-id slot status
    172.1.1.1       192.250.156.6   QM_IDLE           1002    0 ACTIVE
    Any help appreciated,
    Thanks.

    Hi Paul,
    "processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 3" indicates the remote VPN peer rejected the phase 2 proposal.
    The configuration snippet you have shared here seems fine, ISAKMP and IPSec debugs (debug crypto isakmp and debug crypto ipsec) from the remote VPN peer will be helpful in troubleshooting further.
    Following is a useful doc on VPN troubleshooting:
    IPsec Troubleshooting: Understanding and Using debug Commands
    Cheers,
    Rudresh V

  • RV042 VPN Client Access not able to connect two users at same time

    I have a RV042 and have set it up for VPN Client access using the QuickVPN client to connect my remote users. I discovered today that I cannot have two users connect in at the same time. Both users are in the same remote office. They can connect individually with no problem but if one is connected and the other tries connect also the second user gets a message the gateway is not responding. They are both running WinXPPRo SP3. Any help is greatly appreciated.

    Were your QuickVPN clients behind a firewall router of some sort? For multiple QuickVPN clients to be able to connect to the remote RV042 at the same time, the local firewall router must have VPN Passthrough correctly implemented. You could try using a RV042 as the firewall router for your QuickVPN clients and you should be able to maintain 2 tunnels at the same time to the remote RV042.

  • RV042 vpn&port forwarding problems

    Hello,
    I spent a few days trying to configure  the RV042 router but I messed up. I need this router for VPN access on my  site and Port Forwarding to an internal web server. Apparently very  simple task, isn't it?
    So:
    1. PPTP is working fine but I need more than 5 concurrent accesses.
    2.  Quickvpn does not work when the DHCP server is checked  and I can't  access any computer from my lan. I have a DHCP server in my LAN but when  I'm conected through Quickvpn I never reach it. In the log file there  are messages like:
    Connection refused - Policy violation TCP 169.254.x.x->192.168.1.2 (DHCP server from my lan)
    3.  On Setup > Forwarding I added a Port Range Forwarding for HTTP port  80 to an internal IP address (192.168.1.x). I although added a firewall  access rule to allow traffic to Port 80 from any source interface and  any source IP to 192.168.1.x.
    From the internal LAN, using the WAN IP of the router,  the Port forwarding works but not form the outside, though in the log file of the router it appears to work:
    Connection Accepted TCP 208.64.252.230:33027->192.168.1.x:80 on ixp1
    What could I have done wrong?
    The  router is configured with a static address as a gateway and it has the  latest firmware 1.3.12.19-tm. The access rules are the default ones and  the one I added.
    Any help would be much apreciated.
    Thanks.

    Can't answer as to why QVPN fails when you enable DHCP on the router, but concidering your requirements it seems to be a moot point. So, you have a DHCP server on your network which I will guess is also running your Web service. If this is a Windows server does your current configuration allow you to enable PPTP on it? If so, that would solve the five user limit. You will need to turn off the PPTP server on the router and then forward port 1723 TCP to your server and you are done. As for your http access, remove any rule that you have in reference to "allow" port 80 connectivity to your web server. Not sure why but this tends to confuse the poor little things. Once you have verified that port 80 is active on the server via the LAN (which you already have) then you are done. If you are still not successful with the connection to the server from the WAN you may want to default the router and start over (lame I know).
    *** SORRY, just noticed that you stated that you added a "port range" forwarding rule. Remove that, and configure a UPnP rule for the same server instead. Do not know why they call it that, they just do. This is the same as configuring a single port forward they just call it something different. So just port forward 80 tcp to your server on 192.168.1.x and you are done.

  • OS X server:  VPN setup

    Hi,
       I am using OS X server (10.9.1).   I try to setup VPN service.    But, I do not know what went wrong.    Below is the log.    Any tips?
    1st time:   I use wwmm.wwmmhome.private...
    2013-12-31 14:23:19 SGT     Incoming call... Address given to client = 192.168.1.240Tue Dec 31 14:23:19 2013 : Directory Services Authentication plugin initialized
    Tue Dec 31 14:23:19 2013 : Directory Services Authorization plugin initialized
    Tue Dec 31 14:23:19 2013 : publish_entry SCDSet() failed: Success!
    Tue Dec 31 14:23:19 2013 : publish_entry SCDSet() failed: Success!
    Tue Dec 31 14:23:19 2013 : publish_entry SCDSet() failed: Success!
    Tue Dec 31 14:23:19 2013 : PPTP incoming call in progress from '183.90.37.225'...
    Tue Dec 31 14:23:19 2013 : PPTP connection established.
    Tue Dec 31 14:23:19 2013 : using link 0
    Tue Dec 31 14:23:19 2013 : Using interface ppp0
    Tue Dec 31 14:23:19 2013 : Connect: ppp0 <--> socket[34:17]
    Tue Dec 31 14:23:19 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x729c77b1> <pcomp> <accomp>]
    Tue Dec 31 14:23:19 2013 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x38d3186b> <pcomp> <accomp>]
    Tue Dec 31 14:23:19 2013 : lcp_reqci: returning CONFACK.
    Tue Dec 31 14:23:19 2013 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x38d3186b> <pcomp> <accomp>]
    Tue Dec 31 14:23:22 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x729c77b1> <pcomp> <accomp>]
    Tue Dec 31 14:23:22 2013 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x38d3186b> <pcomp> <accomp>]
    Tue Dec 31 14:23:22 2013 : lcp_reqci: returning CONFACK.
    Tue Dec 31 14:23:22 2013 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x38d3186b> <pcomp> <accomp>]
    Tue Dec 31 14:23:22 2013 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x729c77b1> <pcomp> <accomp>]
    Tue Dec 31 14:23:22 2013 : sent [LCP EchoReq id=0x0 magic=0x729c77b1]
    Tue Dec 31 14:23:22 2013 : sent [CHAP Challenge id=0xd5 <663e256443001f6c0163674232734908>, name = "wwmm.wwmmhome.private"]
    Tue Dec 31 14:23:22 2013 : rcvd [LCP EchoReq id=0x0 magic=0x38d3186b]
    Tue Dec 31 14:23:22 2013 : sent [LCP EchoRep id=0x0 magic=0x729c77b1]
    Tue Dec 31 14:23:22 2013 : rcvd [LCP EchoRep id=0x0 magic=0x38d3186b]
    Tue Dec 31 14:23:22 2013 : rcvd [CHAP Response id=0xd5 <63847a83bdb04f9fba56d82397d7213e00000000000000003d68f95fbd5d9f5e90ad10d4e8403c f53e5940402f913a6b00>, name = "test"]
    Tue Dec 31 14:23:22 2013 : sent [CHAP Failure id=0xd5 ""]
    Tue Dec 31 14:23:22 2013 : CHAP peer authentication failed for walter
    Tue Dec 31 14:23:22 2013 : sent [LCP TermReq id=0x2 "Authentication failed"]
    Tue Dec 31 14:23:22 2013 : Connection terminated.
    Tue Dec 31 14:23:22 2013 : PPTP disconnecting...
    Tue Dec 31 14:23:22 2013 : PPTP disconnected
    2013-12-31 14:23:22 SGT       --> Client with address = 192.168.1.240 has hung up
    2nd time, I use wwmm.dyndns.org
    2013-12-31 14:38:38 SGT     Incoming call... Address given to client = 192.168.1.240Tue Dec 31 14:38:38 2013 : Directory Services Authentication plugin initialized
    Tue Dec 31 14:38:38 2013 : Directory Services Authorization plugin initialized
    Tue Dec 31 14:38:38 2013 : publish_entry SCDSet() failed: Success!
    Tue Dec 31 14:38:38 2013 : publish_entry SCDSet() failed: Success!
    Tue Dec 31 14:38:38 2013 : publish_entry SCDSet() failed: Success!
    Tue Dec 31 14:38:38 2013 : PPTP incoming call in progress from '183.90.37.225'...
    Tue Dec 31 14:38:39 2013 : PPTP connection established.
    Tue Dec 31 14:38:39 2013 : using link 0
    Tue Dec 31 14:38:39 2013 : Using interface ppp0
    Tue Dec 31 14:38:39 2013 : Connect: ppp0 <--> socket[34:17]
    Tue Dec 31 14:38:39 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5b1829ce> <pcomp> <accomp>]
    Tue Dec 31 14:38:39 2013 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x3298b0f1> <pcomp> <accomp>]
    Tue Dec 31 14:38:39 2013 : lcp_reqci: returning CONFACK.
    Tue Dec 31 14:38:39 2013 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x3298b0f1> <pcomp> <accomp>]
    Tue Dec 31 14:38:42 2013 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5b1829ce> <pcomp> <accomp>]
    Tue Dec 31 14:38:42 2013 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x3298b0f1> <pcomp> <accomp>]
    Tue Dec 31 14:38:42 2013 : lcp_reqci: returning CONFACK.
    Tue Dec 31 14:38:42 2013 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x3298b0f1> <pcomp> <accomp>]
    Tue Dec 31 14:38:42 2013 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x5b1829ce> <pcomp> <accomp>]
    Tue Dec 31 14:38:42 2013 : sent [LCP EchoReq id=0x0 magic=0x5b1829ce]
    Tue Dec 31 14:38:42 2013 : sent [CHAP Challenge id=0x5a <4a753b2e091d155a1414337d40401750>, name = "wwmm.dyndns.org"]
    Tue Dec 31 14:38:42 2013 : rcvd [LCP EchoReq id=0x0 magic=0x3298b0f1]
    Tue Dec 31 14:38:42 2013 : sent [LCP EchoRep id=0x0 magic=0x5b1829ce]
    Tue Dec 31 14:38:42 2013 : rcvd [LCP EchoRep id=0x0 magic=0x3298b0f1]
    Tue Dec 31 14:38:42 2013 : rcvd [CHAP Response id=0x5a <2f54770187524125079b5d74e01b09e800000000000000004359e904d9814bc5e0eb4bb880e7e5 23181a0d22b9164e2400>, name = "test"]
    Tue Dec 31 14:38:42 2013 : DSAuth plugin: unsupported authen authority: recved ShadowHash;HASHLIST:<SALTED-SHA512,SMB-NT,CRAM-MD5,RECOVERABLE,SALTED-SHA512-PB KDF2>, want ApplePasswordServer
    Tue Dec 31 14:38:42 2013 : DSAuth plugin: MPPE key required, but its retrieval failed.
    Tue Dec 31 14:38:42 2013 : sent [CHAP Failure id=0x5a "S=8DDCFFC7EA287D3A141E5594392BCBD87C35F76B M=Access granted"]
    Tue Dec 31 14:38:42 2013 : CHAP peer authentication failed for walter
    Tue Dec 31 14:38:42 2013 : sent [LCP TermReq id=0x2 "Authentication failed"]
    Tue Dec 31 14:38:42 2013 : Connection terminated.
    Tue Dec 31 14:38:42 2013 : PPTP disconnecting...
    Tue Dec 31 14:38:42 2013 : PPTP disconnected
    2013-12-31 14:38:42 SGT       --> Client with address = 192.168.1.240 has hungup

    The VPN server in Server.app is these days pretty feeble, it only does PPTP and L2TP and does not support using security certificates or VPN on demand. (Which requires security certificates.) As a result the security of Apples VPN server is only capable of functions which have all been successfully cracked. Now for most people that might not be too much of a concern but if your a law, health, finance, or government customer then it should be a concern.
    However...
    While the VPN server itself does not support clustering nor in fact do any of the services in Server.app there might be a way to achieve what you want. If you have a DNS load-balancer then you can point all the clients to the load-balancer and it will distribute the requests to two or more Apple VPN servers. You just need to make sure each Apple VPN server gives out a different range of IP addresses with no overlaps.

  • Advice with Site-toSite VPN Setup

    Hi all
    I'm needing to set up a site to site VPN specifically for deploying multiple IP phones at a remote site.  I need help selecting the right hardware.
    At my central site with the phone system (Samsung 7100) I have an ADSL connection using a Linksys AG300 dedicated to the phone connection.  At my remote site I currently do not have a device, though have been playing with a DLink dir-130 that refuses to play nice with the AG300.  The remote site connects to the interweb via a router I don't control but will do VPN passthrough.
    My central site is a static IP, but the remote site is not.
    Can anyone suggest the right peace of kit.  The rv042 looks like it may be OK, but I need to be certain.  Note that the devices either end will be the VPN endpoints ie no servers/firewall appliances either end.
    TIA

    Hi Nigel,.
    I will give you some choices and some basic reasons for my selection. There are a lot more routers in the portfolio, but from your posting you seem to intinate you want to check out the  lower priced Cisco Small Business products. 
    1.SR520-FE-K9
    A very very low cost Cisco IOS based router.
    it offers the advantages of Cisco IOS CLI in a low low price
    excellent debugging
    excellent counters
    can be managed by the free utility Cisco Configuration Assistant
    supported by Cisco TAC
    Allows for site to site IPSec VPN tunnels
    There are two  ADSL variants   SR520-ADSL-K9 SR520-ADSLI-K9
    Wireless versions as well..but check datasheet.
    2. RV220W  or RV120W (relatively new)
    Gui only configuration
    provides IPSec tunnel between gateways
    enhanced software  compared to older WRV2XX
    VLAN and trunk support
    PPTP server (with RV220W)
    Gig wan and LAN ports on the RV220w
    supported by Cisco Small Business Support Center
    3. RV042  (refresh of a popular router , newly released Version 3 hardware and new firmware)
    Gui only configuration
    provides IPSec tunnel between gateways
    impoved software
    VLAN and trunk support
    PPTP server as well
    supported by Cisco Small Business Support Center
    Moving up in features and price, you could check out the;
    4. SA500 series ( with newly released version 2 firmware)
    A very capable box offering IPSec tunnels as well as
    termination for SSL client vpn tunnels
    option for IPS, content filtering , trend integration
    But spend some time and really  and check out the dataheets on all these products.
    Also, If you are a cisco partner there is a management GUI  emulator for the RV220W, RV120W, SA500.  It does go too deeply into the configuration as it only is a emulator, but it provides a great insight into how easy these products are to configure via their built in GUI's.
    https://supportforums.cisco.com/community/netpro/small-business/onlinedemos?view=overview%20target=
    regards Dave

  • Issues with basic VPN setup and split tunneling

    I have created an SSL VPN to a CISCO ASA 8.6 running ASDM 6.6.
    Im able to connect to the VPN and reach all the devices with the LAN but  Im not able to browse the web. When I enable the split tunnel Im able  to browse the web but then Im not able to reach any internal device.
    Here is part of the show run:
    object network RedInterna
    subnet 150.211.101.0 255.255.255.0
    description Red Interna
    object network NETWORK_OBJ_10.4.1.0_28
    subnet 10.4.1.0 255.255.255.240
    access-list inside_access_in extended permit ip object RedInterna any
    access-list VPN_INTERNET standard permit 150.211.101.0 255.255.255.0
    pager lines 24
    logging enable
    logging asdm informational
    mtu outside 1500
    mtu inside 1500
    mtu management 1500
    ip local pool VPN_POOL 10.4.1.1-10.4.1.14 mask 255.255.255.240
    failover
    failover lan unit secondary
    failover lan interface fail-1 GigabitEthernet0/2
    failover key *****
    failover interface ip fail-1 10.3.1.21 255.255.255.252 standby 10.3.1.22
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-66114.bin
    asdm history enable
    arp timeout 14400
    nat (inside,outside) source static any any destination static  NETWORK_OBJ_10.4.1.0_28 NETWORK_OBJ_10.4.1.0_28 no-proxy-arp  route-lookup
    nat (inside,outside) after-auto source dynamic any interface
    access-group inside_access_in in interface inside
    route outside 0.0.0.0 0.0.0.0 187.217.68.145 1
    route inside 10.0.0.0 255.0.0.0 10.1.1.78 1
    route inside 150.211.0.0 255.255.0.0 10.1.1.78 1
    webvpn
    enable outside
    anyconnect image disk0:/anyconnect-win-3.1.00495-k9.pkg 1
    anyconnect enable
    tunnel-group-list enable
    group-policy GroupPolicy_VPN_ internal
    group-policy GroupPolicy_VPN_ attributes
    wins-server none
    dns-server value 8.8.8.8
    vpn-tunnel-protocol ssl-client
    default-domain value dominio.com.mx
    tunnel-group VPN_ type remote-access
    tunnel-group VPN_ general-attributes
    address-pool VPN_POOL
    default-group-policy GroupPolicy_VPN_
    tunnel-group VPN_ webvpn-attributes
    group-alias VPN_ enable
    I´m not sure if Im missing some small details or setup. Any help will be highly appreciated.
    Thanks!!!

    Hi,
    When you are using Full Tunnel VPN (which is the default setting) you will have a couple of things that you need to configure on the ASA.
    First, the ASA by default won't allow traffic to enter through an interface and then leave through that same interface. This is what essentially happens when the traffic from the VPN Client comes to the ASA and then heads out to the Internet.  In your case the traffic comes through the "outside" and leaves through the "outside" interface.
    You will need this command
    same-security-traffic permit intra-interface
    You can check if its enabled at the moment with the command
    show run same-security-traffic
    Second, the VPN users will need to have NAT configuration just like any LAN users behind the actual ASA. So you will essentially have to configure Dynamic PAT for traffic from "outside" to "outside"
    You can accomplish that with the following configuration
    object network VPN-PAT
    subnet 10.4.1.0 255.255.255.240
    nat (outside,outside) dynamic interface
    I would imagine that this should do it for you to be able to connect to the Internet and to the LAN network when the VPN is active.
    Hope this helps
    Let me know how it goes.
    - Jouni

  • VPN setup problem

    I have installed Snow Leopard Server on a new XServe. I have updated to 10.6.2.
    Other services are working Related to VPN I have configured the VPN Service using L2TP.
    I have no additional network routing defined.
    Every time I try to setup a connection (from my macbook pro --> running snow leopard 10.6.2) I get the following log messages:
    2009-11-15 14:44:41 CET Incoming call... Address given to client = 192.168.1.160
    Sun Nov 15 14:44:41 2009 : Directory Services Authentication plugin initialized
    Sun Nov 15 14:44:41 2009 : Directory Services Authorization plugin initialized
    Sun Nov 15 14:44:41 2009 : L2TP incoming call in progress from '192.168.1.15'...
    Sun Nov 15 14:44:41 2009 : L2TP received SCCRQ
    Sun Nov 15 14:44:41 2009 : L2TP sent SCCRP
    Sun Nov 15 14:44:41 2009 : L2TP received SCCCN
    Sun Nov 15 14:44:41 2009 : L2TP received ICRQ
    Sun Nov 15 14:44:41 2009 : L2TP sent ICRP
    Sun Nov 15 14:44:41 2009 : L2TP received ICCN
    Sun Nov 15 14:44:41 2009 : L2TP connection established.
    Sun Nov 15 14:44:41 2009 : using link 0
    Sun Nov 15 14:44:41 2009 : Using interface ppp0
    Sun Nov 15 14:44:41 2009 : Connect: ppp0 <--> socket[34:18]
    Sun Nov 15 14:44:41 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth eap> <magic 0x7dd4d1cd> <pcomp> <accomp>]
    Sun Nov 15 14:44:41 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1e217556> <pcomp> <accomp>]
    Sun Nov 15 14:44:41 2009 : lcp_reqci: returning CONFACK.
    Sun Nov 15 14:44:41 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x1e217556> <pcomp> <accomp>]
    Sun Nov 15 14:44:41 2009 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth eap> <magic 0x7dd4d1cd> <pcomp> <accomp>]
    Sun Nov 15 14:44:41 2009 : sent [LCP EchoReq id=0x0 magic=0x7dd4d1cd]
    Sun Nov 15 14:44:41 2009 : sent [EAP Request id=0x1 Identity ]
    Sun Nov 15 14:44:41 2009 : rcvd [LCP EchoReq id=0x0 magic=0x1e217556]
    Sun Nov 15 14:44:41 2009 : sent [LCP EchoRep id=0x0 magic=0x7dd4d1cd]
    Sun Nov 15 14:44:41 2009 : rcvd [LCP EchoRep id=0x0 magic=0x1e217556]
    Sun Nov 15 14:44:41 2009 : rcvd [EAP Response id=0x1 Identity <"]
    Sun Nov 15 14:44:47 2009 : LCP terminated by peer (Failed to authenticate ourselves to peer)
    Sun Nov 15 14:44:47 2009 : sent [LCP TermAck id=0x2]
    Sun Nov 15 14:44:47 2009 : L2TP received CDN
    Sun Nov 15 14:44:47 2009 : Connection terminated.
    Sun Nov 15 14:44:47 2009 : L2TP disconnecting...
    Sun Nov 15 14:44:47 2009 : L2TP sent CDN
    Sun Nov 15 14:44:47 2009 : L2TP sent StopCCN
    Sun Nov 15 14:44:47 2009 : L2TP disconnected
    2009-11-15 14:44:47 CET --> Client with address = 192.168.1.160 has hungup
    What does that mean:
    "Failed to authenticate ourselves to peer" ???
    Are there some configurations which can solve this problem ???
    Best regards
    Andreas

    This are the related client side log entries:
    Sun Nov 15 14:44:40 2009 : L2TP connecting to server '192.168.1.10' (192.168.1.10)...
    Sun Nov 15 14:44:40 2009 : IPSec connection started
    Sun Nov 15 14:44:40 2009 : IPSec phase 1 client started
    Sun Nov 15 14:44:40 2009 : IPSec phase 1 server replied
    Sun Nov 15 14:44:41 2009 : IPSec phase 2 started
    Sun Nov 15 14:44:41 2009 : IPSec phase 2 established
    Sun Nov 15 14:44:41 2009 : IPSec connection established
    Sun Nov 15 14:44:41 2009 : L2TP sent SCCRQ
    Sun Nov 15 14:44:41 2009 : L2TP received SCCRP
    Sun Nov 15 14:44:41 2009 : L2TP sent SCCCN
    Sun Nov 15 14:44:41 2009 : L2TP sent IRCQ
    Sun Nov 15 14:44:41 2009 : L2TP received ICRP
    Sun Nov 15 14:44:41 2009 : L2TP sent ICCN
    Sun Nov 15 14:44:41 2009 : L2TP connection established.
    Sun Nov 15 14:44:41 2009 : using link 0
    Sun Nov 15 14:44:41 2009 : Using interface ppp0
    Sun Nov 15 14:44:41 2009 : Connect: ppp0 <--> socket[34:18]
    Sun Nov 15 14:44:41 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1e217556> <pcomp> <accomp>]
    Sun Nov 15 14:44:41 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth eap> <magic 0x7dd4d1cd> <pcomp> <accomp>]
    Sun Nov 15 14:44:41 2009 : lcp_reqci: returning CONFACK.
    Sun Nov 15 14:44:41 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth eap> <magic 0x7dd4d1cd> <pcomp> <accomp>]
    Sun Nov 15 14:44:41 2009 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x1e217556> <pcomp> <accomp>]
    Sun Nov 15 14:44:41 2009 : sent [LCP EchoReq id=0x0 magic=0x1e217556]
    Sun Nov 15 14:44:41 2009 : rcvd [LCP EchoReq id=0x0 magic=0x7dd4d1cd]
    Sun Nov 15 14:44:41 2009 : sent [LCP EchoRep id=0x0 magic=0x1e217556]
    Sun Nov 15 14:44:41 2009 : rcvd [EAP Request id=0x1 Identity ]
    Sun Nov 15 14:44:41 2009 : sent [EAP Response id=0x1 Identity <"]
    Sun Nov 15 14:44:47 2009 : Connection terminated.
    Sun Nov 15 14:44:47 2009 : rcvd [EAP Request id=0x2 EAP KRB <00003f000001000101>]
    Sun Nov 15 14:44:47 2009 : L2TP disconnecting...
    Sun Nov 15 14:44:47 2009 : L2TP sent CDN
    Sun Nov 15 14:44:47 2009 : L2TP sent StopCCN
    Sun Nov 15 14:44:47 2009 : L2TP disconnected

Maybe you are looking for

  • HT204053 can you have multiple apple id's for the family but we all use the same iCloud?

    Can you have multiple apple id's for the family members but we all us the same iCloud account?

  • No progress seen in OATM migration

    Hi Gurus, I am performing OATM migration on my 11.5.10.2 applications with 10.2.0.4 database. I see the status is 99.96% completed - Generating Migration progress report for all schemas. Please wait... Migration Progress Report Report Date : April 13

  • Printable page's with buttons

    Hi all, In some of the custom page's we have a printable page button where user can take print out of page from PRINT option in FILE menu . Recently we have upgraded to R12 and we are facing a strange issue where when we click printable page button w

  • How can I fix the time in my iphone5c

    My iphone 5c time sets still, it loops back to the time of last reset.  I have done different resets, and even taking it to the genius bar and they were not able to make my phone show the right time.  they say it is a hardware issue, not software.  A

  • Error with Technichal System Definition

    Hi Everybody, I've got like 20 systems connected to solman 7.1 sp10. All of them with their diagnostic agent and wily, all the wizards are green and everything looks good except for the "System Status" in solman_workcenter which is red. On the detail