cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
658
Views
5
Helpful
1
Replies

SOLVED: Cisco RV340 IPsec VPN

AstralSkye
Beginner
Beginner
Got it figured out. I bolded the fix in the message.
 
I'm at a small business attempting to get a Cisco RV340 to work with Credit Card Readers and Printers through VPN.
 
This information below describes the business setup, but not the problem I'm experiencing, but it may help to know it.
 
We originally had one wireless router (Linksys EA9500). Everything ran through that router with a set IP of 172.17.xxx.xxx.
 
We decided to switch to a different program to manage our business inventory and were told we needed a new router that had IPSec VPN settings.
 
They recommeneded a Cisco RV340 and that's what I got. Instead of going through and changing every single device's static IP address and bringing us down for a day, I connected the Linksys EA9500 into the Cisco RV340, and the RV340 is directly connected to the internet.
 
I typed in a few settings on both and was able to keep everything working on the 172.17.xxx.xxx IP.
 
Not only that, but I opened up port forwarding on the Cisco RV340 to allow the Linksys router to be accessed for a basic outside connection through Remote Desktop Connection. All of that works fine and it feels like I never added in the RV340.
 
The fix to begin with, we changed everything to run through the Cisco RV340 router and put the Linksys Router into Bridge mode for just wifi devices. We went into the VLAN settings and made the only IP address 172.17.xxx.1 and did away with the 192.168.1.1 Cisco default.

This is where my issue starts.
The new inventory company wants to have all printers and credit card machines through IPsec VPN. I just found out the new program we are using, uses a Remote Desktop Connection (to another PC) to run the program and that's the reason for the more complicated setup.
 
These are the settings they emailed me:
Phase 1 configuration
Authentication method: Preshared key
Pre-shared key: ***************
Diffie-Hellman group: 2
Negotiation mode: Main
Encryption algorithm: AES-256
Hash algorithm: SHA
Lifetime: 86400 sec
 
Phase 2 configuration
Perfect forward secrecy: Enabled (group2)
Encryption algorithm: AES-256
Authentication algorithm: SHA
Diffie-Hellman group: 2
Keep Alive: Disabled
Lifetime: 28800 sec
 
So Under IPsec profiles, I created one and put in these settings:
Name: IPsec Name
Keying Mode: Auto
IKE Version: IKEv1
Phase I Options
DH Group: Group2 - 1024 bit
Encryption: AES-256
Authentication: SHA1
SA Lifetime: 86400
 
Phase II Options
Protocal Selection: ESP
Encryption: AES-256
Authentication SHA1
SA Lifetime: 28800
Perfect Forward Secrecy: Enabled
DH Group: Group2 - 1024 bit
 
I feel like I have that correct. I was only provided 1 preshared key and IKEv2 asks for 2. I left that at IKEv1.
 
Without giving out any of the new company's personal IP settings, I will be using basic numbers.
 
Destination IP: 12.345.67.89
Remote Subnet: 98.765.43.0
local segment: xxx.xxx.xxx.xxx (was emailed to me in this format)
 
And they gave me an IP to ping that matches the remote subnet except the last two numbers.
98.765.43.13 (fake IP as well)

Each time I try to ping it in CMD, it will say Request Timed Out
 
For VPN setup
Listed are:
Site-to-Site
Client-to-Site
Teleworker VPN Client
PPTP Server
L2TP Server
GRE Tunnel
SSL VPN
VPN Passthrough
 
I used Site-to-Site. Unsure if that's the one I need to use but it seems to match the settings I need to type in more than the rest.
 
I will be using the fake IP addresses I listed for these settings.
Basic Settings:
Connection Name: VPN Name
IPsec profile: IPsec Name (the one I created)
Interface: WAN1 (where my internet feeds in)
Remote Equipment: Static IP
                  12.345.67.89 (Destination IP I listed above)
IKE Authentication Method
Pre-shared Key: ********* (I copied and pasted our key they provided and the bar is in green)
Minimum Pre-Shared Key Complexity: Enabled
 
Local Group Setup
Local Identifier Type: Local WAN IP
Local Identifier: (My business's Public IP Address)
Local IP Type: Subnet
IP Address: 192.168.1.1 (my router's IP) This was the main issue. It needed to end in 0 and not my router's IP. 172.17.xxx.0
Subnet: 255.255.255.0
 
Remote Group Setup
Remote Identifier Type: Remote WAN IP
Remote Identifier: 12.345.67.89 (Destination IP I listed above)
Remote IP Type: Subnet
IP Address: 98.765.43.0 (Remote Subnet listed above)
Subnet: 255.255.255.0
 
I have tried doing these settings with a computer directly connected to the Cisco RV340 router.
 
I am also open to suggestions on what to type in for Firewall Access Rules, as I may have typed in those settings incorrectly.
Or maybe I shouldn't be using Site-to-Site and another I listed above.
 
This is something I've never had any experience with. Hopefully someone can either tell me what I'm doing wrong or give me an idea to get started in the right direction.
 
Thank you for any help!
 
I have a feeling that if I put 192.168.1.0 in the Remote IP before making all these changes, it may have worked based on my firewall settings I had enabled. But it all works the way it should without requiring two routers.
1 Reply 1

nagrajk1969
Enthusiast
Enthusiast

Awesome Work done by you...Picture Perfect...and Intelligent work...Good Job

 

regards & best wishes always

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers