We have a Customer ( lets call them ODC ) who has an office. There is a user that like to work from home. The User does not have a static IP at home.
To comply with the Auditors this particular customer Uses an ACL to prohibit anyone (other than known good IPs).
Previously ODC's router was a WRV4000 with VPN. The user would use the Cisco Quick VPN Utility to Connect their Laptop at home to the Office LAN to access server resources.
I took screenshots of the 4000's configuration prior to removing it from service. I then mirrored those settings on the new RV180W. Everything worked flawlessly except the VPN.
I made sure to update the Firmware to the latest version that I could find.
After replacing the quite old WRV4000 with a RV180W I am unable to get the user connected. I created the user account in the VPN section of the router.
Uninstalled the Older Version of Cisco Quick Connect from the user's laptop, rebooted the Laptop and installed the Version of Quick Connect for the RV180W and made sure I got the latest Version of the utility.
I entered the username/password that were put in the VPN section of the Router and am unable to connect. I then disabled all ACL rules that block any traffic. I then tried to connect again, no luck. I then looked up the Dynamic External IP Address of the user's home connection and whitelisted all services from that address. I then tried to connect again with no luck. I get a generic error message that I have attached.
* I have verified that The Username/Password is correct
* Both the Laptop at the user's home and the Server have a valid network connection. Both places are able to browse the internet and perform DNS lookups
* I have used both the FQDN and the External IP Address of the Office
* Checked the Firewall out of the Laptop (no change had been made since before the router was replaced). The Firewall IS enabled.
*The Office IP scheme is 192.168.10.x with 255.255.255.0 Mask. the User's home is 192.1681.x with a 255.255.255.0 Mask
I am just out of ideas and would like some help.
--Cody
Accepted Solutions
The Office that I mentioned in my original post is actually a Government Office.
I am not willing to post detailed information on their public facing information on a public forum.
I am willing to censor some of their information however.
I am willing to discuss specifics in greater detail over a phone call or a secure Skype for Business meeting.
I have very limited information on their previous VPN configuration.
I do not have access to their previous router to dig into the previous configuration.
Here is the current VPN Users page (with any usernames removed). the Blue Username is the User's account. the Red Username is a test account that I was using to test but will ultimately be removed.
Here is the VPN Passthrough settings.
I have tried experimenting in this area but it always asks for the remote (User's home) External IP for FQDN. which is dynamic and would break every time her home receives a different Lease from her ISP.
I can however make any changes needed to their current configuration. The Customer does usually use an ACL however I have it disabled while I am trying to get this going. I have disabled any blocks and enabled all things from the User's home IP (Blue Streak)
Here are also the Port Forwards. I blocked out he Server's internal IP Address.
Please also advise of any/all ports that needed by the QuickVPN Client.
Like I mentioned before, I am willing to talk on the phone or have an online meeting with you to discuss the specifics.
The Router is a little over an hour away so I won't be able to reset it today.
I navigated to Administration > Management Interface > Web Access. and Remote Management was already enabled. It was restricted to Our Company's IP so I set it to All IP Addresses and saved and retested and was unable to connect.
I also tried disabling the inactive NIC in the Laptop that I am using for testing with no luck.
I can also E-Mail you some additional information.
--Cody
