Hi Mehdi,

Thanks for your PDF file with screenshots. Its very useful. I'll try it and tell the result later.

Good job.

Regards,

hdam

Hi Mehdi,

I've applied the configuration in your PDF file, it works pretty well. Thanks.

One question about the ID type:

- local identity you use FQDN= remote.com, can I put another name? Why you don't select "IP address" as Remote ID?

On the router, I've multiple subnets. Can I create different VLANs for different subnets? In this case, should I add the default GW for each subnet?

Thanks again for your help.

Regards,

hdam

Hi Hdam,

That's good :) 

- Yes you can change the FQDN from remote.com to other domain name.

- Why I don't select IP address as remote ? because from the router first when you select Group VPN automatically the VPN will be responder and waiting for a connection, also in that case we don't need to specify the Public or LAN network of the client because they can connect from anywhere. 

Now from the client the local ID should be the same as remote ID in the router (remember when you configure VPN tunnel between two router the local address from site B should be the remote local on Site A is the same here with shrewVPN but using FQDN)

- Just I want to clarify for RV0xx doesn't support VLAN's it's Port based Vlan and multiple Subnet BUT you can achieve what you need :)

Please follow this steps : 

Step 1 : I assume that you have already add additional subnet if not just add it under Setup --> Network and then add additional subnet and for better implementation for the subnet better to have like this example if you have the default network 192.168.1.1/24 add second subnet 192.168.2.1/24 in this case in the VPN setup we can do subnet summarization and will be 192.168.0.0/16 class B and all the PC connected to the router should have gateway 192.168.1.1 or 192.168.2.1 in my example of course

Step 2 : Under VPN -- > summary --> edit the old configuration for VPN client and change the local network to 192.168.0.0 mask 255.255.0.0 

Step 3 : on shrew VPN also under policy  --> Remote Network Resource change to 192.168.0.0 255.255.0.0 

and should work :) 

Please rate this post to help other Cisco Customer

Greetings

Mehdi

Hi Mehdi,

unfortunely I've two different classes of subnets 172.16.1.0/24 and 10.10.0.0/16 so I cannot make an aggregation as you showed in the last mail.

These multiple subnets are already created in the router. What I'll do next (I think) I should add these 2 subnets in the Shrew VPN client. Will it work?

But at the router side, do you think the hosts in these subnets can ping each other? They are in VLAN1.

Regards,

hdam

Hi H.dam

I think we need to change the subnet because the problem is that in Group VPN configuration you cannot specify two local subnet to say that the client can access to both local subnet !!

I would like to clarify that the RV0xx doesn't support Vlan it support Port based Vlan, the additional subnet which very good feature because if you have a swithc in your network and you have multiple Vlan with different subnet so our router RV042 can NAT all the subnet just need to add a additional network so he will be aware that if he receive a packet from source address different than his local network and it's configured in additional subnet he will NAT this packet, also RV042 can router between the subnet , here is your second question yes PC from lcoal subnet can ping a pc in the additional subnet of course always the PC's need to have the default gateway as thei IP interfaces configured in the RV042 

Hope I was clear, any other question happy to help you 

Greetings

Mehdi

Mehdi,

It's very clear to me now. Yes the PCs in different Lans can ping each other.

The last thing left to do is DDNS. I've to find a alternative since I use No-IP ddns, but there's no possiblity to add on the DDNS option in this router.

Thanks a lot.

Regards,

hdam