Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9194
Views
0
Helpful
6
Replies

RV220W - Connect to SSL VPN using Win7 Built-In SSTP

JustinMorea
Level 1
Level 1

‎05-16-2011 10:53 AM

I'm relatively new to establishing VPN connections and I'm having one heck of a time getting everything configured.


I'm setting up a RV220W at the office and trying to get VPN steup. I've have gotten Quick VPN connections working using the QuickVPN software. I've given up for now on IPsec VPN connactions and will come back to these later.

What I'd like to get setup is the SSL VPN connections using the Win7 built in VPN client. Is this even possible? I initially tried to connect to the VPN via the SSL Web access but I cannot get the software/divers to install on any of the 3+ Win7 64 bit machines I tried.

So can the SSL VPN on the RV220W be setup to connect to with the Win7 VPN Client using SSTP?

Any links or guidance on how to setup the cerificates on the server and where to install them on the Client PCs? I think this is my major issue right now as the error I get when I try to connect is either: "The certificate's CN name does not match the passed value" (Error Code: 0x800B010F)  or " A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider" (Error Code: 0x800B0109). I'm trying to use self signed certifcates and I'm not sure if that is the issue (self signed vs genuine) but I really am not getting anywhere with this.

Also, the VPN does not have a FQDN just a static IP if this matters.

While I'm at it, I'd also gladly take any good links for IPsec on the RV220W but I wont be tackling that until SSL & the certificates are setup.

Thanks,

Justin

1 person had this problem
Labels:
0 Helpful
6 Replies 6

JustinMorea
Level 1
Level 1

‎05-16-2011 02:03 PM

OK. Sorry to reply to myself but I got a few steps further. I figured I'd post how in case anyone needs to references this in the future or correct something I've done wrong.

  • So I've decided to use a Self Signed Certificate.
  • First I went to the Certificate page on the RV220W Config
  • Select Generate Certificate and fill in the info. As I'm not using a FQDN but a static IP, I set the Name, Subject & IP address all to the same, static IP.
  • I generated that and then hit view to copy the CSR
  • From there you need to generate a certificate.
  • I used Getacert (http://www.getacert.com/signacert.html)
  • I pasted the CSR into the text box and hit SubmitCSR
  • Make sure you save the getacert public certificate and your own signed certificate
  • Back in the RV220W Certificate page, upload the getacert.cer to the Trusted Certificate section and your own self certificate to Active Self Certificates Table
  • This should generate a new Cert for the router and you will have to reaccept it to get back to the web config
  • Back in the Cert page again, Download the routers certificate.
  • Back on your client, import both the getacert.cer as well as the routers certificate to the "Trusted Root Certification Authorities"


These steps got me closer.

Now when I try to connect using the Win7 VPN Client with SSTP I get a new error: Error Description: 0x800704D4: The network connection was aborted by the local system.

Any idea how to resolve this on the RV220W?

- Justin

0 Helpful

Herbert Baerten
Cisco Employee
Cisco Employee
In response to JustinMorea

‎05-18-2011 07:31 AM

Hi Justin,


Thanks for sharing your findings! However since this question is about a product in the Cisco Small Business / Linksys range, I suggest you move this thread to (or start a new one in) the community, where you will have a better chance of getting expert advice.


best regards,

Herbert
Cisco Moderator

0 Helpful

icanectc21
Level 1
Level 1
In response to JustinMorea

‎05-20-2011 08:51 PM

I would try to reissue the cert with IP and port # running SSL so when creating the Cert on the ip 10.0.0.20 and you are running the SSL on 5000 (remote mgmt port) type 10.0.0.20:5000

Typically that error occurs when the certificates bound to the HTTPS listener for IPv4 do not match. This also applies if you are using IPv6

0 Helpful

david.ce83
Level 1
Level 1
In response to JustinMorea

‎09-27-2011 06:20 PM

Hi Justin,

I'm facing similar issues as you are describing above. Did you finally solve it?

I'm trying to set up RV220w working with mac via SSL VPN client Tunnelblick...

Thanks, David

0 Helpful

primoz.sevcnikar
Level 1
Level 1
In response to david.ce83

‎02-02-2012 03:59 AM

I'm trying to set up same thing. Did you find any solution?

0 Helpful

david.ce83
Level 1
Level 1
In response to david.ce83

‎02-05-2012 06:01 PM

Hi, no, there is no solution but change device :]]

I didn't solve any of my issues

- SSL VPN for mac 10.7 IS NOT WORKING

- NO IPSEC VPN support for mac

- NO SSL/IPSEC iPhone client

I don't see any reason to use this device any more...

Good luck

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents