Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8470
Views
0
Helpful
15
Replies

VPN issue

Go to solution
mohammedrashid459
Level 1
Level 1

‎06-09-2016 02:07 AM

Dear Experts,

Is there a way we can configure a VPN on TP-LINK router.

Can anyone please help me.

Thanks

Mohammed Rashid

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
David Castro F.
Spotlight
Spotlight
In response to mohammedrashid459

‎06-10-2016 06:34 PM

Hello Mohammed,

It is a pleasure, and certainly you can use the TP-LINK as the passthrough device since it is more a Router than a Firewall, and the configuration on ubuntu:

-https://www.vultr.com/docs/setup-a-pptp-vpn-server-on-ubuntu

Now I would recommend to buy an ISR or ASA and configure the latest client which is more secure and have a great bundle of features (AnyConnect Secure Mobility Client), or even use L2TP config, 

Keep me posted, please proceed to rate all of the valuable answers and mark as correct the helpful post!

Regards,

David Castro,

View solution in original post

0 Helpful

Go to solution
David Castro F.
Spotlight
Spotlight
In response to mohammedrashid459

‎06-13-2016 11:10 AM

Hello Mohammed,

Indeed you can create Self Signed certs on the ASA, since the ASA has a default crypto key created, it automatically creates a Self Signed cert, and you can also create another self signed cert and have it installed in the outside, quick steps:

1. Prepare your ASA:

conf t

hostname  myasa

domain-name cisco.com

clock set 00:00:00 1 Jan 2010

clock  set timezone EST -5

2. Get to creating the  certificate (It creates a CSR and it creates the Cert itself):

crypto key generate rsa label sslvpnkeypair  modulus 2048

crypto ca trustpoint self

     enroll self

      fqdn myasa.cisco.com  -- This can be the IP address or FQDN

     subject-name CN=myasa.cisco.com

      keypair sslvpnkeypair

crypto ca enroll self noconfirm

3.  Apply the new certificate:

ssl trust-point self outside   -- This is the way to apply it the one you created, otherwise it will use the default Self Signed cert

4.  Save the config:

write mem

please proceed to rate all of the valuable answers and mark as correct the helpful post, it would come in handy!

Regards,

David Castro,

View solution in original post

0 Helpful
15 Replies 15

Go to solution
David Castro F.
Spotlight
Spotlight

‎06-09-2016 05:59 AM

Hello Mohammed,

Yes, you can configure a VPN on a TP-LINK router, the configuration is through the Web Interface, you may find the steps in the below link:

- http://www.tp-link.com/en/article-380.html

Keep me posted, please proceed to rate and mark as correct the helpful post!

David Castro,

0 Helpful

Go to solution
mohammedrashid459
Level 1
Level 1
In response to David Castro F.

‎06-09-2016 07:11 AM

Hi David,

Thanks very much for replying  to my post.

The thing is I have got few mobile users who are working remotely and sometime they need to connect to our head office remotely and for them I need to setup a VPN.

And I have got TP link router(TL-MR3420) and this router doesn't have enough option for configuring the VPN, It just have enable and disable options for IPSEC, PPTP and L2TP.

I don't want to form a site-site VPN.. I just need VPN for my mobile users that's it.

Should I replace the router..or is there anything that I can do with this type of router.

Any advice or suggestions would be really appreciable.

Thanks

0 Helpful

Go to solution
Frank DeNofa
Cisco Employee
Cisco Employee
In response to mohammedrashid459

‎06-09-2016 08:08 AM

Mohammed,

In general, you can use either IPsec, PPTP, or L2TP for VPN client connections. However, I'm not sure if this is something which would be supported by TP-link. If you find that this isn't an option on that device, either a Cisco ASA or ISR would be able to act a remote access VPN client headend.

HTH,

Frank

0 Helpful

Go to solution
mohammedrashid459
Level 1
Level 1
In response to Frank DeNofa

‎06-10-2016 12:25 AM

Dear David & Frank,

Thanks very much for your efforts...really appreciate that.

What I have thought is taking an UBUNTU server and configuring PPTPD on that.

And then later on opening the ports or doing port forwarding (1723 and 47) on the TP-LINK router.

Will this be going to work or do I have to go with the cisco ASA or ISR and if you think this is the best option then according to you what series or model of ASA or ISR would you recommend for this to work.

Also one more thing, I have a 4G dongle which is providing me a internet connection and that's attached to the TP LINK router and the IP address keeps changing for that dongle every then and now

Please let me know what you people can suggest or advice me.

Thanks

0 Helpful

Go to solution
mohammedrashid459
Level 1
Level 1
In response to mohammedrashid459

‎06-10-2016 12:27 AM

I have attached the screenshot, which shows the only option available for enabling or disabling the VPN.

Preview file
3543 KB
0 Helpful

Go to solution
David Castro F.
Spotlight
Spotlight
In response to mohammedrashid459

‎06-10-2016 06:34 PM

Hello Mohammed,

It is a pleasure, and certainly you can use the TP-LINK as the passthrough device since it is more a Router than a Firewall, and the configuration on ubuntu:

-https://www.vultr.com/docs/setup-a-pptp-vpn-server-on-ubuntu

Now I would recommend to buy an ISR or ASA and configure the latest client which is more secure and have a great bundle of features (AnyConnect Secure Mobility Client), or even use L2TP config, 

Keep me posted, please proceed to rate all of the valuable answers and mark as correct the helpful post!

Regards,

David Castro,

0 Helpful

Go to solution
David Castro F.
Spotlight
Spotlight
In response to mohammedrashid459

‎06-09-2016 08:32 AM

Hello Mohammed,

Actually you may configure L2TP in the TP-LINK router, though if the model that you have does not prompt the option to have it configure, a small business ASA or ISR as Frank said would do the trick for L2TP, SSL or IPSec RA connectivity, you may find the steps for TP-LINK here:

- http://www.tp-link.com/en/faq-444.html

Keep me posted, please proceed to rate and mark as correct the helpful post!

David Castro,

0 Helpful

Go to solution
mohammedrashid459
Level 1
Level 1

‎06-11-2016 02:09 AM

Hi David,

Thanks very much for replying.

Do you have any specific model of ASA or ISR in your mind which you can recommend for me to go on with.

Do you think cisco wRVS4400N wireless -N gigabit secuirty router with VPN would work for me..?

Please let me know your valuable advises.

Thanks

Mohammed Rashid.

0 Helpful

Go to solution
mohammedrashid459
Level 1
Level 1

‎06-13-2016 08:33 AM

Hi David,

Thanks very much for replying.

Do you have any specific model of ASA or ISR in your mind which you can recommend for me to go on with.

Do you think cisco wRVS4400N wireless -N gigabit secuirty router with VPN would work for me..?

Please let me know your valuable advises.

Thanks

Mohammed Rashid

0 Helpful

Go to solution
David Castro F.
Spotlight
Spotlight
In response to mohammedrashid459

‎06-13-2016 09:09 AM

Hello Mohammed,

It is a pleasure, well I recommend you to purchase a 5506 which is a NG Firewall and you can configure VPN for Remote access (AnyConnect), also in a future deploy FirePOWER services(NGIPS), now getting back to it, the 5506 is a high performance firewall and can be accommodated to your environment easily, on this case for Remote access you will need to purchase additional license for the VPN users, or a router 800 series for small office:

- http://www.cisco.com/c/en/us/products/routers/800-series-routers/index.html

- http://www.cisco.com/c/en/us/support/security/asa-5506-x-firepower-services/model.html

Or you can buy the  wRVS4400N wireless -N gigabit secuirty router, which is not a bad option and supports VPN, now it also depends what you want to integrate and how it should work, but the 3 options are good, I would rather going for the ASA 5506X, though you can analyze both options,

Keep me posted, please proceed to rate all of the valuable answers and mark as correct the helpful post!

Regards,

David Castro,

0 Helpful

Go to solution
mohammedrashid459
Level 1
Level 1
In response to David Castro F.

‎06-13-2016 09:42 AM

Hi David,

That's very nice of you...one more thing...

will I be able to generate the self signed certificates on 5506 in case if I need any, also can I install certificates on the device.

Thanks

Mohammed Rashid

0 Helpful

Go to solution
David Castro F.
Spotlight
Spotlight
In response to mohammedrashid459

‎06-13-2016 11:10 AM

Hello Mohammed,

Indeed you can create Self Signed certs on the ASA, since the ASA has a default crypto key created, it automatically creates a Self Signed cert, and you can also create another self signed cert and have it installed in the outside, quick steps:

1. Prepare your ASA:

conf t

hostname  myasa

domain-name cisco.com

clock set 00:00:00 1 Jan 2010

clock  set timezone EST -5

2. Get to creating the  certificate (It creates a CSR and it creates the Cert itself):

crypto key generate rsa label sslvpnkeypair  modulus 2048

crypto ca trustpoint self

     enroll self

      fqdn myasa.cisco.com  -- This can be the IP address or FQDN

     subject-name CN=myasa.cisco.com

      keypair sslvpnkeypair

crypto ca enroll self noconfirm

3.  Apply the new certificate:

ssl trust-point self outside   -- This is the way to apply it the one you created, otherwise it will use the default Self Signed cert

4.  Save the config:

write mem

please proceed to rate all of the valuable answers and mark as correct the helpful post, it would come in handy!

Regards,

David Castro,

0 Helpful

Go to solution
mohammedrashid459
Level 1
Level 1

‎06-14-2016 01:43 AM

Hi David,

I don't know how to thank you enough, but honestly you been very helpful and kind..really appreciate for what you have done

I have got some more doubts, would you mind clearing that as well.

Currently my organization wants me to set this scenario upon wireless router which should have a USB port for the 3G/4G DONGLE, they don't want to go with any other internet option right now, which they think is not feasible according to them.

Now they want me to setup a wireless router with 3g/4g dongle and the router should have at least below mentioned VPN option to configure.

PPTP

L2TP / IPSEC RSA

L2TP / IPSEC PSK

IPSEC XAUTH PSK

IPSEC XAUTH RSA

IPSEC HYBRID RSA.

I'm scratching my head, they keep changing their requirement every then and now

Can you please guide me on this, so that I can quickly get rid of this.

Thanks

Mohammed Rashid

0 Helpful

Go to solution
David Castro F.
Spotlight
Spotlight
In response to mohammedrashid459

‎06-14-2016 04:36 PM

Hello Mohammad, 

It is a pleasure, well for requirement, I would recommend the RV215W, it is a Wireless VPN router does not have a high cost, it supports:

  • IP Security (IPsec) and Point-to-Point Tunneling Protocol (PPTP) VPN provides highly secure remote connectivity for Windows and Mac OS computers
  • USB port allows 3G and 4G wireless Internet connectivity anywhere (USB data card required)

By supporting those feature the type of authentication comes along such as PSK, RSA and so on, there are several types of RV models which you can go to according to your environment, below you may find the RV215:

- https://www.neweggbusiness.com/Product/Product.aspx?Item=9B-33-150-198&nm_mc=KNC-GoogleBiz-PC&cm_mmc=KNC-GoogleBiz-PC-_-pla-_-Network+-+Wireless+Routers-_-9B-33-150-198&gclid=Cj0KEQjw1v66BRCV-6rh6s-Biu8BEiQAelpui5ldqMTnIpcYwioORL2EgtC7XOflYcdYzTWdlDu2Yk8aAlsl8P8HAQ

Keep me posted, please proceed to rate all of the valuable answers and mark as correct the helpful post!

Regards,

David Castro,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents