cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.
Get the latest news in this issue of the Cisco Small Business Monthly Newsletter

1463
Views
5
Helpful
6
Replies
Highlighted
Beginner

RV320 - is there any way to use RADIUS for PPTP VPN users?

We are replacing a Draytek router with an RV320, and are struggling with the final step which is the VPN configuration. We currently have our VPN users defined in a RADIUS server, and the Draytek checks credentials against this. However, the RV320 does not appear to work in the same way - the RADIUS server is configured but VPN users cannot log in. There is nothing in the system log to indicate whether there is an issue connecting to the RADIUS server, or if the router is even able to use RADIUS for PPTP connections. Adding a user manually allows a PPTP connection so I know the PPTP settings on the client are correct, and that the PPTP server on the RV320 is working and configured correctly.

 

Should the RADIUS authentication not work for PPTP users then I could set them up manually, except that the RV320 web interface has a restriction on the length of usernames - it appears to only allow 11 characters, where I'd need to have usernames up to around 15 characters for some of our remote users. Why does the RV320 have such a short maximum username length?

 

Dan

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Rising star

Hi Dan,I suggest you contact

Hi Dan,

I suggest you contact our Small Business Support Center and speak with an engineer to help.  Contact information is located here: https://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

Regards,
Cindy

Regards, Cindy If my response answered your question, please mark the response as answered. Thank you!

View solution in original post

Highlighted
Cisco Employee

Dan,I got feedback from the

Dan,

I got feedback from the engineering group. Even though it has the radius as a drop down option, PPTP server only supports the local user database authentication. I was incorrect in my first response.They have confirmed SSLVPN & Easy VPN will support radius but not the PPTP setup.

View solution in original post

6 REPLIES 6
Highlighted
Rising star

Hi Dan,I suggest you contact

Hi Dan,

I suggest you contact our Small Business Support Center and speak with an engineer to help.  Contact information is located here: https://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

Regards,
Cindy

Regards, Cindy If my response answered your question, please mark the response as answered. Thank you!

View solution in original post

Highlighted
Cisco Employee

Hi Dan,The RV320 is able to

Hi Dan,

The RV320 is able to use Radius for PPTP connections. You mentioned were able to add a user locally and it worked. In the section of User Management on the RV320, if you created the addition in the Domain Management Table and pointed that to your Radius Server; that should be all that is required.

It asks for Auth Type: Radius-MSCHAPv2, Domain: db where users authorized, Radius Server: IP Address, and Radius Password.

If the above is done and not working, try to ensure VLAN1 can ping the radius server, If so, please call in to our Support Center and let's get a packet capture of the authentication attempt when the client attempts to connect and see if the information is being passed to the radius server

 

Highlighted
Beginner

I have set up the RADUIS

I have set up the RADIUS server settings but the logs on the RADIUS never show any entry for the RV320. We use it already with a Draytek Vigor 2830 router without problems. The system log on the RV320 shows an "incorrect password" entry when attempting to log in. I'll have to sort out installing a packet trace utility on our RADIUS server (it's Windows Server 2008 R2 running Network Policy Server) as my laptop does not have an option to put the network driver into promiscuous mode so cannot make use of port monitoring on the switch the router and server are connected to.

Once I've got this up and running I'll contact support.

 

Dan

Highlighted
Cisco Employee

Dan,I got feedback from the

Dan,

I got feedback from the engineering group. Even though it has the radius as a drop down option, PPTP server only supports the local user database authentication. I was incorrect in my first response.They have confirmed SSLVPN & Easy VPN will support radius but not the PPTP setup.

View solution in original post

Highlighted
Beginner

Thanks for the reply. Looks

Thanks for the reply. Looks like I'm going to have to revise my timeframe for putting this into production yet again, first got tripped up by the service management bug that was fixed in the new firmware, now held up by lack of basic functionality present in many other competing products. Given that I can't even recreate the logins in the local database on the router due to the restriction of 11 characters for usernames (we have many users here with names longer than 11 characters including my own as we use firstname.surname format), and we would not be able to sync our user passwords which are changed on a monthly basis, local database is not a viable option but might have to serve as a temporary solution. I guess I could look at PPTP/L2TP passthrough but I'd have preferred to keep the VPN functionality on the edge device.

 

SSL VPN  doesn't work with IE10+ (requires a change to the useragent check in the scripts) and the virtual passage driver doesn't work with Windows 64-bit (I have been given an approximate release date for this around April by support in the next MR firmware) that isn't an option either, and Easy VPN is going to be a problem as we need to give access to remote users at other companies who do not have admin privileges on their laptops and their IT admins will not allow installation of software that they do not use within their own company; PPTP was our only real option for these users.

 

I'm getting the feeling that this RV320 will end up sitting in a cupboard ...

 

Dan

Highlighted
Cisco Employee

Dan,It looks like PPTP

Dan,

It looks like PPTP passthrough is going to be the only option currently. You are correct that this is supposed to be addressed in next MR, but that doesn't help you now. I understand the frustration. I wish I had a better answer for you.