Got it figured out. I bolded the fix in the message.
I'm at a small business attempting to get a Cisco RV340 to work with Credit Card Readers and Printers through VPN.
This information below describes the business setup, but not the problem I'm experiencing, but it may help to know it.
We originally had one wireless router (Linksys EA9500). Everything ran through that router with a set IP of 172.17.xxx.xxx.
We decided to switch to a different program to manage our business inventory and were told we needed a new router that had IPSec VPN settings.
They recommeneded a Cisco RV340 and that's what I got. Instead of going through and changing every single device's static IP address and bringing us down for a day, I connected the Linksys EA9500 into the Cisco RV340, and the RV340 is directly connected to the internet.
I typed in a few settings on both and was able to keep everything working on the 172.17.xxx.xxx IP.
Not only that, but I opened up port forwarding on the Cisco RV340 to allow the Linksys router to be accessed for a basic outside connection through Remote Desktop Connection. All of that works fine and it feels like I never added in the RV340.
The fix to begin with, we changed everything to run through the Cisco RV340 router and put the Linksys Router into Bridge mode for just wifi devices. We went into the VLAN settings and made the only IP address 172.17.xxx.1 and did away with the 192.168.1.1 Cisco default.
This is where my issue starts.
The new inventory company wants to have all printers and credit card machines through IPsec VPN. I just found out the new program we are using, uses a Remote Desktop Connection (to another PC) to run the program and that's the reason for the more complicated setup.
These are the settings they emailed me: Phase 1 configuration Authentication method: Preshared key Pre-shared key: *************** Diffie-Hellman group: 2 Negotiation mode: Main Encryption algorithm: AES-256 Hash algorithm: SHA Lifetime: 86400 sec
So Under IPsec profiles, I created one and put in these settings:
Name: IPsec Name Keying Mode: Auto IKE Version: IKEv1
Phase I Options DH Group: Group2 - 1024 bit Encryption: AES-256 Authentication: SHA1 SA Lifetime: 86400
Phase II Options Protocal Selection: ESP Encryption: AES-256 Authentication SHA1 SA Lifetime: 28800 Perfect Forward Secrecy: Enabled DH Group: Group2 - 1024 bit
I feel like I have that correct. I was only provided 1 preshared key and IKEv2 asks for 2. I left that at IKEv1.
Without giving out any of the new company's personal IP settings, I will be using basic numbers.
Destination IP: 12.345.67.89 Remote Subnet: 98.765.43.0 local segment: xxx.xxx.xxx.xxx (was emailed to me in this format)
And they gave me an IP to ping that matches the remote subnet except the last two numbers. 98.765.43.13 (fake IP as well)
Each time I try to ping it in CMD, it will say Request Timed Out
For VPN setup
Listed are: Site-to-Site Client-to-Site Teleworker VPN Client PPTP Server L2TP Server GRE Tunnel SSL VPN VPN Passthrough
I used Site-to-Site. Unsure if that's the one I need to use but it seems to match the settings I need to type in more than the rest.
I will be using the fake IP addresses I listed for these settings.
Basic Settings: Connection Name: VPN Name IPsec profile: IPsec Name (the one I created) Interface: WAN1 (where my internet feeds in) Remote Equipment: Static IP 12.345.67.89 (Destination IP I listed above)
IKE Authentication Method Pre-shared Key: ********* (I copied and pasted our key they provided and the bar is in green) Minimum Pre-Shared Key Complexity: Enabled
Local Group Setup Local Identifier Type: Local WAN IP Local Identifier: (My business's Public IP Address) Local IP Type: Subnet IP Address: 192.168.1.1 (my router's IP) This was the main issue. It needed to end in 0 and not my router's IP. 172.17.xxx.0 Subnet: 255.255.255.0
Remote Group Setup Remote Identifier Type: Remote WAN IP Remote Identifier: 12.345.67.89 (Destination IP I listed above) Remote IP Type: Subnet IP Address: 98.765.43.0 (Remote Subnet listed above) Subnet: 255.255.255.0
I have tried doing these settings with a computer directly connected to the Cisco RV340 router.
I am also open to suggestions on what to type in for Firewall Access Rules, as I may have typed in those settings incorrectly.
Or maybe I shouldn't be using Site-to-Site and another I listed above.
This is something I've never had any experience with. Hopefully someone can either tell me what I'm doing wrong or give me an idea to get started in the right direction.
Thank you for any help!
I have a feeling that if I put 192.168.1.0 in the Remote IP before making all these changes, it may have worked based on my firewall settings I had enabled. But it all works the way it should without requiring two routers.