cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Get the latest new and information the November issue of the Cisco Small Business Monthly Newsletter

6567
Views
40
Helpful
40
Replies
Beginner

Re: RV340 - L2TP

It's live and running at this moment, so yes it's working.

This was the most secure/hardened configuration that I found that worked. 

If you have gotten AES-256 to work I guess I will give that a try as well.

 

Unfortunately the rv340 doesn't seem to support ikev2 for l2tp tunnels since any profile with ikev2 doesn't show up as an option in the l2tp settings as you noted.  

 

 

Beginner

Re: RV340 - L2TP

I cannot get L2TP to work with the latest Firmware (1.0.03.15).  Prior versions I had no issues following instructions in this thread.  Has anyone gotten this to work with the most recent Firmware?

 

 

Beginner

Re: RV340 - L2TP

What was your original settings for the L2TP Ipsec VPVN before you upgraded the firmware?

I had it set on a previous parameter, not the one shown by Mathias Garcia, but prior to that. The settings I had worked when I upgraded the firmware, but Mathias Garcia is more secure if you can do it the way he mentioned. Only thing is the additional step of adding the Power shell script which I have not tried yet.

Beginner

Re: RV340 - L2TP

I would really appreciate your help.

Just wondering why the need to input all this information in PowerShell?

I have several clients, so I am guessing that I will need to enter these Powershell parameters for each computer which I want to connect from.

Do you know if this conflicts with different setups? For example, I have one computer which is setup for several connections. At the present moment I connect to several CISCO RV340s at different sites.

I am most interested in hardening my security to atleast use SHA256 and the Perfect Forward Secrecy which doesn't work at the present moment for me without the power shell script.

Beginner

Re: RV340 - L2TP

@Jarvar

 

The reason for the Power Shell commands is to make Windows use the same settings for IPsec as we have configured on the cisco device (RV340). 

It seems that Windows 10 uses 3DES by default for l2tp tunnel, or at least it doesn't try AES-128 or AES-256 without it being specifically set via commando. 

Since these commands entered via Power Shell are limited in scope for a particular vpn connection there should not be any possibility for conflicts. 

 

If you need to get this to work for many computers you should be able to make this change via a GPO. 

But I would suggest that you turn to windows/ms support for that, my windows skills are somewhat lacking these days. 

 

As a sidenote I can confirm that aes-256 does work, I just tried it.

Not sure how I missed this when I was trying to come up with a working solution. 

-CipherTransformConstants AES256 -EncryptionMethod AES256

 

Beginner

Re: RV340 - L2TP

Was lucky to find this post. We just purchased a RV345 Router and couldn't get any of the Windows 10 VPN client services to work. We had a RV325 which we hand no problem doing PPTP for VPN. Not so with the RV345.

Followed your example and it worked like a champ for L2TP using of all things PAP authentication protocol.

 

Thanks for the post.

 

Keven

Beginner

Re: RV340 - L2TP

Hi all, 

Have you managed to run the VPN RV340 with firmware 1.0.03.16.
I have a connection error that failed because of the security layer

 

Powershell Script : 

Set-VpnConnectionIPsecConfiguration -ConnectionName "test" -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup PFS2 -DHGroup Group2 -PassThru -Force

 

IPsec Profiles:


RV340-IPSEC.jpg 

 

Thank a lot.

Beginner

Re: RV340 - L2TP

Hello everyone. I recently purchased RV345 VPN Router I am trying to utilize L2TP Server on the appliance to connect with Windows Build in L2TP VPN Client.  My issue is I cant connect more than one L2TP VPN Client connection from the same external network. Does L2TP protocol has some kind of limitation or its a RV345 issue

 

Best Regards  

Beginner

Re: RV340 - L2TP

Also wondering how secure the Unencrypted PAP authentication is?

I dealt with a couple CISCO Support techs. The one who helped me setup an RV340 for L2TP over IPSEC for Windows said that the unencrypted PAP authentication was passed through a secure IPSEC. Another encouraged just using IPSEC like Shrew Soft because they did not want to trust the unencrypted PAP. However, when asked, that tech did defer to the first tech saying that they were much more knowledgeable and should know what they were talking about.

That's my main concern with the VPN with the RV340.

Beginner

Re: RV340 - L2TP

I believe this to be an issue with IPSEC itself.
It can't tell the difference between multiple tunnels between the same 2 public IPs.

Can you use a site 2 site vpn instead?
Another possible workaround would be to configure nat to use different public IP for different clients. (if you have the spare public IPs that is)


Beginner

Re: RV340 - L2TP

Still can't connect using l2tp with my rv340w. I tried the configurations found in this thread but without success. Maybe the new firmware requires different configuration?