------------------------------------------------------------------------------------------------------------------- RV/160/RV260/RV34X C2S IKEv1 VPN Server for Greenbow_Shrewsoft 3rd-Party Clients using PSK with Username-Passwds(Xauth) ------------------------------------------------------------------------------------------------------------------- - Configure the C2S server on RV34X/RV260/RV160 as below: Step-1: In the user-groups/user-accounts (under System-Mgmnt page in GUI), create user-groups with user-accounts in these groups. Step-2: In the Ipsec-Profiles, configure the below ipsec-algo-profile used by the specified clients as a sample example Name: Ikve1_Clients_Profile Version: IKEv1 Phase-1: AES256-SHA1-GROUP2; Lifetime: 28800sec Phase-2: ESP; AES256-SHA1; pfs=no; lifetime:3600sec - apply and do a permanent save too Step-3: Now in Client-to-Site section, click on "3rd-Party" radio-buttin and configure the vpn-server In Basic Settings tab: - add and configure a C2S vpn server as below: Enable: Yes/Checked Tunnel Name: Ikev1_3rdPartyClients_wPskXauth Interface: WAN1 IKE Authentication Method PreSharedKey: Local Identifier: - select FQDN - enter the value: servergw.test.local Remote Identifier: - select FQDN - and enter a value: clientgw.test.local Extended Authentication: ENABLED - Select the user-groups Pool Range for client lan: Start ip: 10.31.1.100 End ip: 10.31.1.150 Step-4: In the Advanced settings tab Ipsec Profile: Ikve1_Clients_Profile Remote Endpoint : Dynamic IP - It should be Dynamic IP only as multiple clients will be connecting to this server Local Group Setup Local IP Type: ANY Mode Configuration dns/wins/default-domain/etc: to be configured as per the user requirements Step-5: Click on Apply and do a permanent save too ---------------------------------------------------------------------------------------------- On Greenbow/Shrewsoft and other IKEv1 clients among other configurations, the below settings has to be configured: 1. Set the values for the below items in the ikev21 clients config: Local Identifier: FQDN Remote Identifier: FQDN