Cisco RV340-router13AD06 :client to site VPN configuration steps

insightsolutions26@gmail.com · ‎09-26-2021

Dear sir,

i want to help for cisco RV340 router client to site VPN configurations..

my public WAN ip is 136.232.82.198 255.255.255.252 136.232.82.197.

my LAN ip is 192.168.15.1 255.255.255.0

help for Cisco VPN Client and 3rd Party Client.

please send full configuration steps..

Thank you.

Georg Pauwen · ‎09-26-2021

Hello,

which 3rd party client are you using ? The document linked below provides instructions for connectivity with Windows 10 clients...

https://community.cisco.com/t5/small-business-support-documents/pptp-vpn-configuration-on-rv340-345-routers/ta-p/3220097

nagrajk1969 · ‎10-04-2021

Hi

For IKEv1-based 3rd-Party IPsec VPN Clients (such as GreenBow, Shrewsoft, Strongswan-based-VPN-Client, etc, etc), the below is the sample VPN-Sever (Client-to-Site server profile) config that you need to apply on RV34X/RV160x/RV260x routers:

-------------------------------------------------------------------------------------------------------------------
RV/160/RV260/RV34X C2S IKEv1 VPN Server for Greenbow_Shrewsoft 3rd-Party Clients using PSK with Username-Passwds(Xauth)
-------------------------------------------------------------------------------------------------------------------

- Configure the C2S server on RV34X/RV260/RV160 as below:

Step-1: In the user-groups/user-accounts (under System-Mgmnt page in GUI), create user-groups with user-accounts in these groups.

Step-2: In the Ipsec-Profiles, configure the below ipsec-algo-profile used by the specified clients as a sample example

Name: Ikve1_Clients_Profile
Version: IKEv1
Phase-1: AES256-SHA1-GROUP2; Lifetime: 28800sec
Phase-2: ESP; AES256-SHA1; pfs=no; lifetime:3600sec

- apply and do a permanent save too

Step-3: Now in Client-to-Site section, click on "3rd-Party" radio-button (on RV34X only), and configure the vpn-server

In Basic Settings tab:

- add and configure a C2S vpn server as below:

Enable: Yes/Checked
Tunnel Name: Ikev1_3rdPartyClients_wPskXauth
Interface: WAN1

IKE Authentication Method

PreSharedKey: <enter PSK>

Local Identifier:
- select FQDN
- enter the value: servergw.test.local

Remote Identifier:
- select FQDN
- and enter a value: clientgw.test.local

Extended Authentication: ENABLED
- Select the user-groups

Pool Range for client lan:

Start ip: 10.31.1.100
End ip: 10.31.1.150

Step-4: In the Advanced settings tab

Ipsec Profile: Ikve1_Clients_Profile

Remote Endpoint : Dynamic IP

- It should be Dynamic IP only as multiple clients will be connecting to this server

Local Group Setup
Local IP Type: ANY

Mode Configuration

dns/wins/default-domain/etc: to be configured as per the user requirements

Step-5: Click on Apply and do a permanent save too

----------------------------------------------------------------------------------------------

On each of the Greenbow/Shrewsoft and other IKEv1 clients among other configurations, the below settings has to be configured as common settings on each client:

1. Set the values for the below items in the ikev1 clients config:

Local Identifier: FQDN
<enter a value: clientgw.test.local>

Remote Identifier: FQDN
<enter a value: servergw.test.local>

2. BUT on each client you MUST use different username/passwords (and created before-hand in the user-group you had selected in the vpn-server config above).

NOTE: YOU SHOULD NOT AND CANNOT USE ONE SINGLE/SAME USERNAME-PASSWD(USER-ACCOUNT) ON ALL CLIENTS

------------------------------------------------------------

thanks & best wishes