Re: RV340 - L2TP - Page 2

Viktor Jahna · ‎04-10-2017

Hello,

anyone have experience with setting L2TP / IPSEC on RV340. According to the log after start it does not work at all.

robert.raizada · ‎06-07-2018

I contacted Cisco support and they sent me the attached PDF which works for L2TP on RV340. A bit frustrating that the default IPSec Profile doesn't work. I'll suggest a firmware upgrade to set a default profile that works for L2TP or to add a L2TP profile alongside the default one. Hopefully they'll sort it.

edubya · ‎06-07-2018

Thanks, I am now connecting using a L2TP tunnel. Traffic doesn’t seem to be routing through it yet. I will have to check my split tunnel options or something.

Whitehat76 · ‎06-13-2018

Which version of anyconnect do you use ? (For those who sucessfully connected with)

wycalero · ‎06-12-2018

Good Morning,

Attach you are going to see a PDF file with the configuration need it on the RV side and on the computer side in order to establish the L2TP connection.

Regards.

Whitehat76 · ‎06-13-2018

Hi everybody,,

As anyone did the test from a windows 10 laptop.( the connection window in the pdf file is clearly from a older version of windows) ?

I configured my RV340W and the client side window' connections setting the exact same way (except for router ip and dns ) as in the document provided, upon connection test I still have this error message (see attached file).

My router is a RV340W but i don't think it should do a difference in configuration, unless it's firmware related ?

Whitehat76 · ‎06-13-2018

And of course the user/password combination is ok, it's the same I'm using to log to the router webUI. :)

wycalero · ‎06-13-2018

if you are using special caracters on the password it won't let you connect.

Whitehat76 · ‎06-14-2018

Hi, I i will mainly continue the discussion tomorrow because i'm going on clients site for others project, but no, the password i'm using only has numbers, and lowercase and uppercase letters.

wycalero · ‎06-15-2018

In this case I will advise you to give us a call to tech support 1-866-606-1866 and open a ticket so we can process further troubleshooting.

wycalero · ‎06-13-2018

that changes that you need apply on the windows computer is the same doesnt matter the version that you are using.

robert.raizada · ‎06-14-2018

Go to Control Panel (not settings) > Network and Internet > Network and Sharing Center > Change adapter settings > Right click the VPN connection and select properties.

JohnBecich · ‎03-19-2019

Ms. Calero and Mr. Raizada have both cited, and thankfully, provided the same-named PDF setup advice for RV340 as L2TP/IPSec server. To my amazement, they are not identical in content. The files are different, insofar as Ms. Calero's PDF is deleted for critical IPSec profile setup information on page 1 of the 4 page document. Thank you, Mr. Raizada, for providing this much needed, oh-so-hard to discover information; Windows clients are hard-coded for IPSec and nobody at Microsoft bothered to tell its customers how to set up a matching L2TP/IPSec server. Yes, this is infuriating.

I have re-posted Mr. Raizada's uploaded PDF with elaborate titling. Have mercy on your customers, Cisco and Microsoft! Pity the uninitiated, the struggling, the faithful drawn to Cisco's good name.

Kamil018 · ‎03-22-2019

Please reupload this fike it dont work now

Mathias Garcia · ‎05-14-2019

It is possible to adapt this config to use AES encryption instead of 3DES. (in Windows 10 at least)

Here is a picture of my ipsec settings.

Then you need to run the following in Power Shell on the windows 10 machine.

 Set-VpnConnectionIPsecConfiguration -ConnectionName "test" -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup PFS2 -DHGroup Group2 -PassThru -Force

-ConnectionName is the name of the VPN connection I used test here.

The rest is the same as in the pdf provided earlier in the thread. Ie need to use PAP.

Edit: Added a picture that shows the PAP authentication setting for the VPN connection.

With this the weakest point is the DH/PFS group.

Unfortunately Windows 10 doesn't support Group 5 so we are stuck with using group 2.

Jarvar · ‎05-14-2019

Have you tried this? Is it working?

I have a similar setup which is working. Except it's SHA1 authentication for both phase 1 and phase 2. A Cisco Support Engineer helped me set it up.

I am trying to harden the settings some more. It shows ikev2, but when I select that it does not show up for the L2TP Server selection of the IPSec Profile.

I have managed to repeat the settings for AES256-SHA1 working with the L2TP Server though.