Re: RV260 Android VPN

Topher0027 · ‎04-06-2020

Hi, First time using the RV260 series router. I'm setting up a client to site VPN connection using IPsec. It appears straight forward but I can't get it to connect. According to the Cisco docs it should be compatible with the native Android VPN client. The only thing I can't find is a clear explanation about is the one term called Remote Identifier. It gives 3 options, IP Address, Remote FQDN, or Remote User FQDN. I'm assuming this means the IP or name of my Android phone. The IP address could change at any time so that wouldn't work. Am I supposed to really use the device name of my phone? I want multiple devices to be able to use this VPN connection. What am I missing here? I couldn't find any recent postings about how to make an Android work from a RV 260 or similiar router. Please help. Thanks!

lgenova · ‎04-06-2020

Hello,

My name is Lili and I am a Small Business Support Engineer.

I can see that you are trying to set the IPSec for R260 (client to site).

Can you try with selecting FQDN and typing in test.cisco.com like explained in the following guide ?

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/Configuring_Shrew_Soft_VPN_Client_with_the_RV160_and_RV260.html - Step 10.

Please let me know if this article has helped.

Lili Genova
Technical Consulting Engineer
Global CX Centers – Small Business Support

Topher0027 · ‎04-06-2020

I made the router changes that the article recommended. But the Shrew soft client is only for Windows not Android. Is there any documentation on how to successfully use the RV260 IPsec VPN with Android. I want to use the android IPSec Xauth PSK vpn type.

lgenova · ‎04-08-2020

Hello,

You would need to be able to configure the VPN on the Android device.

You need to have the option to choose PAP.

The newest Andorid versions do not have this option , but you need to check in the settings.

Another option for connecting all types of device(Android, MAC, Windows) is Cisco AnyConnect supported on our RV34X series.

Please let me know if I can help with anything else.

Lili Genova
Technical Consulting Engineer
Global CX Centers – Small Business Support

TimGaikowski25332 · ‎12-03-2020

I am trying to get this to work on windows clients and unsuccessful. We can use the test.cisco.com as the remote identifier?

Other RV routers have had the cisco vpn but that is gone now.

Any help is appreciated.

thanks

Tim

nagrajk1969 · ‎05-15-2021

Hi

In case you havent yet been able to set this up with android-clients (and also with Shrewsoft/Greenbow IKEv1 clients)...you will need to apply the below steps on RV260, and the exact same steps work for RV340/345 too...except for the wan-interface ids..and some changes...the vpn-server config is the exact same on all routers...

Step-1: Got to User-Groups under system-mgmnt, and create a local-group say for example testgroup1

Step-2: Next in User-Accounts under system-mngt, create the user-accounts for each of the clients you will connect and add them into the - testgroup1

Step-3: Next go to Ipsec-Profiles and create the ipsec-algorithm proposal you will configure for the server and clients to use, ensure that for Android-clients, do not enable Perfect-Forward-Secrecy (PFS) in Phase-2 settings....lets say you have named this profile Aes128Sha1Grp2_Aes128Sha1

Step-3: In the VPN, go to Clients-to-Site section and add a server profile for ALL IKEv1-clients (Android, Greenbow, Shrewsoft)

- follow the configs as shown in the attached screenshots in sequence

Step-4: For this case with Android clients, refer to the screenshot for the IPsec-IKEv1 tunnel config on Android-phone using PSK-Xauth

- Here the ipaddress is the wan-ipadress of the RV-router. This ipaddress will also used by the server for its identifier (local-identifier in the server config)

- the next identifier value is the Android-client's, so enter client.local.net, which was also mentioned in the server config in the remote-id field.

-although not shown in the screenshot of the android-phone, next below will be place for giving the user-name and password that this client will use to authenticate (xauth-authentication) to the vpn-server on RVrouter

Note: The same server config will serve for Shrewsoft/Greenbow clients...in which they have to configure local-id-fqdn/client.local.net and remote-id-ipaddress/1.2.3.4....other settings are client-specific, but the values for algorithm, psk, username/password (xauth) will remain the same

Note: The windows has built-in clients for PPTP-client (with MPPE-128), L2TP-with-IPsec & IKEv2-IPsec-Client...there is NO support for IKEv1-IPSec-Client

- Configuring for IKEv2-IPsec-Client using Window-IKEv2-clients will be a little complex execise becos Windows-IKEv2 supports EAP-auth and this requires the mandatory use of a Radius-Server behind RV-routers for offloading the EAP-auth...so its not that simple...AND even for only EAP-Mschapv2 with username-passwords, Windows-IKEv2-clients will still require the IKEV2-VPN-server to have a Certificate-based authentication..and some conditions imposed by Windows/MacOS IKEv2-clients..

- so for now just use the IKEv1 clients.