cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1275
Views
0
Helpful
11
Replies

RV340 VPN Issues

dst_u
Level 1
Level 1

Hi,

 

I managed to define a SSL VPN connection from my android device to my RV340, but I can't access any of my servers in the LAN once the connection is established.

 

I watched the video that guides how to do that, which is exactly what I did, but it doesn't help:

https://www.youtube.com/watch?v=uYhnukvNghM

 

I'd appreciate your help.

 

Thanks

11 Replies 11

balaji.bandi
Hall of Fame
Hall of Fame

Do you have ACL to allow VPN pool to Access Internal LAN,. also check what Firmeware you have, there were some discussion they have old firmware, after upgrade all fixed by it self

 

best is test with ACL is ok before upgrade,

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

A D'Auria
Level 1
Level 1

Do you have for your server VLAN the option Inter-VLAN routing enabled?

I have the SSL VPN configured and no ACL was required.

 

I do have a device that is not accessible directly via the SSL-VPN - to reach it from remote, I have to do it via another device within the same VLAN - but that says more about the device itself and not the SSL-VPN as I have no trouble accessing anything else in my network. 

 

Just to make sure that all the simple things are correct, I am assuming that you can reach the internet from the servers in your network - that the default gateway on them is configured and no firewall rules are in the way. Also the SSL-VPN client address pool must not overlap another address pool in your network. I think the router will not let you even create an overlap.

 

HTH

 

 

Hi A D'Auria and balaji.bandi

 

I believe that your suggestions are exactly to the point.

 

I do not have such rules. I have the default VLAN1 where all my servers are and another one for guests that is irrelevant in that case, but I'm sure I'm missing some ACL or Inter-VLAN rules.

 

How do I set these up? I have this rule (10.0.10.0/24 is the range of the SSL VPN clients), but it doesn't seem to be helpful:

vpn-rule.PNG

 

 

 

BTW, I'm using the latest firmware

 

Thanks

Take a look in your VLAN set-up.

 

LAN->VLAN Settings:

Look at the 3rd/4th column "Inter-VLAN routing" - make sure that it is turned on/checked for your server VLAN.

image.png

 

Hi

 

My "Inter-VLAN routing" is indeed enabled on all my VLANs:

inter-vlan-routing.png

 

 

 

 

What I find strange on the android side is the routes that are declared in the AnyConnect screen. Why 0.0.0.0? My "Split Tunneling" checkbox in the Group policy isn't checked

Screenshot_20201106-103342_AnyConnect.jpg

One more thing I checked on the android device is the interfaces and routes. Same thing. Nothing specific that points to the AnyConnect's interface (tun0):

$ ifconfig
dummy0: flags=195<UP,BROADCAST,RUNNING,NOARP> mtu 1500
inet6 fe80::744d:f7ff:fe97:d36f prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 25 bytes 1750 (1.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1 (UNSPEC)
RX packets 82 bytes 27217 (26.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 82 bytes 27217 (26.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

rmnet_data0: flags=65<UP,RUNNING> mtu 1430
inet 100.1xx.1xx.xx netmask 255.255.255.252
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 21837 bytes 23558811 (22.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13179 bytes 1722479 (1.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

rmnet_ipa0: flags=65<UP,RUNNING> mtu 2000
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 11340 bytes 23821215 (22.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13179 bytes 1827911 (1.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tun0: flags=81<UP,POINTOPOINT,RUNNING> mtu 1329
inet 10.0.10.3 netmask 255.255.255.255 destination 10.0.10.3
inet6 fe80::9761:e537:a850:8ac5 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 113 bytes 68333 (66.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 122 bytes 10145 (9.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
100.1xx.1xx.xx 0.0.0.0 255.255.255.252 U 0 0 0 rmnet_data0
$

 

Hello dst_u,

 

You should have enabled Inter-VLAN routing  (LAN-->VLAN Settings-->Inter-VLAN Routing on your VLAN1) although it would not affect VPN client connectivity to your servers. How do you try to access your servers through the Android mobile phone? Do they have enabled remote access (RDP, etc.)?

 

My advice is to restore to default rules the Firewall Access Rules on your RV. (Access Rules --> Restore to Default Rules), save and apply config. Then reconnect the VPN client and see if you have access to your servers.

 

Regards,

Martin

Hi Martin,

 

I have Linux servers, so I access them by SSH.

 

As I responded to D'Auria, the Inter-VLAN routing is indeed enabled.

 

As for the rules, I can't reset them. I have too many that I added over years. Are there any specific rules that are related to VPN->LAN access that I need to create/enable?

 

Thanks

Hello dst-u,

 

Please do create access rules that allow traffic from your VPN network (network subnet) to your servers VLANs.

 

Regards,

Martin

 

 

I have. It didn't help

 

That's the rule that I created:

access-rule.png

This is the same issue i have been trying to fix over the last few weeks

 

no matter which acl you add for vlan or routes once connected on the vpn , you can't talk to any host on the lan network, seems like the router doesn't allow the traffic to go accross, no routes are shown and you can even select tun0 as an interface to send routes thru. does anyone have any updates or solutions for this

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: