cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.
Get the latest news in this issue of the Cisco Small Business Monthly Newsletter

2347
Views
20
Helpful
6
Replies
Highlighted

Router RV345: VPN connection for Windows 10 with AD account.

Bought route RV345 with announced wide range VPN compatibility. In reality no one working.

Could somebody help with configuration?

Preferable: L2TP connection with Windows built-in client.

Spent very long time for different workarounds and based on different suggestion from community site without success.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: Router RV345: VPN connection for Windows 10 with AD account.

You're not alone in having had problems implementing L2TP with the RVXXX routers.
There are 2 common stumbling blocks. ( at least from my point of view. )

 

One is that you have to configure the VPN connection on the Windows machine to use PAP as authentication.
Seems that the RV routers does not support the use of CHAP or MS-CHAP as authentication protocol for L2TP.

 

The second is that by default the only encryption that works is 3DES, but in these days 3DES is often not considered to be secure enough, so they try to use AES which does not work without some extra commands on the Windows machine.

 

I made a post on another thread here on the forum showing how to get this working with AES256 and SHA2-256.

You can find it here.

View solution in original post

6 REPLIES 6
Highlighted
VIP Mentor

Re: Router RV345: VPN connection for Windows 10 with AD account.

Have you tried below document :

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/smb5850-configure-l2tp-wan-settings-on-the-rv34x-router.html

 

if yes, what is the errors you getting and you need to provide more information and error logs.

BB
*** Rate All Helpful Responses ***
Highlighted
Beginner

Re: Router RV345: VPN connection for Windows 10 with AD account.

You're not alone in having had problems implementing L2TP with the RVXXX routers.
There are 2 common stumbling blocks. ( at least from my point of view. )

 

One is that you have to configure the VPN connection on the Windows machine to use PAP as authentication.
Seems that the RV routers does not support the use of CHAP or MS-CHAP as authentication protocol for L2TP.

 

The second is that by default the only encryption that works is 3DES, but in these days 3DES is often not considered to be secure enough, so they try to use AES which does not work without some extra commands on the Windows machine.

 

I made a post on another thread here on the forum showing how to get this working with AES256 and SHA2-256.

You can find it here.

View solution in original post

Highlighted

Re: Router RV345: VPN connection for Windows 10 with AD account.

Thank You!

Sounds very promised.

I have found encryption as a cause, but tried to connect using 3DES without success.

Will try your solution in few days. But...

1. I don't think I can offer that solution for permanent usage because of PAP, only as a temporary maybe. How to keep secure connection when passwords going in plain text. 

2. Have you tried RADIUS as a credential source? What settings on MS NPS side required?

 

Highlighted
Beginner

Re: Router RV345: VPN connection for Windows 10 with AD account.

1. The PAP authentication goes through the IPSEC tunnel, so it's not like it goes over the Internet i clear text.
It's still not optimal, especially since we are limited to using DH group 2 for the IKE.

2. I have not had the opportunity to try this with RADIUS.
Highlighted

Re: Router RV345: VPN connection for Windows 10 with AD account.

Hello,

Thank You for fast answer.

But in that article described Site-to-Site connection.

I need Client-to-Site from Windows 10

 

Highlighted
Cisco Employee

Re: Router RV345: VPN connection for Windows 10 with AD account.

Hi,

 

Thanks for your post.

 

Request you to check with attached L2TP configuration setup, whether able to get it working.

Please check with ISP whether have L2TP service port open (L2TP port number 1701) and IPsec port number like 500 and 4500 also.

 

-------------------------

 

Still unable to get it working , kindly open a service request with us by following link below:-

https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

 

Thanks and regards,

Mridul

Cisco SBSC