VPN set-up

DavidBrisebois · ‎04-24-2020

Cisco

Hi everybody

I work for a little architecture firm that obviously currently work from home. Since we had to set everything up quickly before quarantine, we use Teamviewer which works, but not perfect. We are looking about setting up VPN so we can connect our server shared drive to our home computer.

When we switched phone system to VoIP couple years ago, the phone company provided us with a RV345 Cisco router so we had PoE available for the phones, however they do not provide us further support other than what relies to phones. We do have an external IT technician, asked him if he could set everything up his answer was that setting VPN on Cisco requires a Cisco-accredited technician and an AnyConnect licence. But I made some searches and it appears to me that a PPTP or L2TP can easily be set up by anyone ?!

So I gave it a try. While security at this point is not a big deal, I activated PPTP. I gave IP range 10.10.0.1-.20, set DNS server to the router's IP 192.168.10.1. I created user and user group. I configured it on my home computer and I can successfully connect to the VPN. I tried PING to the router 192.168.10.1, it works. I tried PING to our Xerox printer 192.168.10.50, it works. Then the file server at 192.168.10.100, packets get lost. Same with ping to my office desktop at 192.168.10.104. Computers are not reachable.

1- Am I on the right track ? While being considered slow and insecure, is PPTP a good start to quickly provide our employees a VPN to access files ?

2- What could prevent me from being able to access (or ping) office computers, especially the server ? I tried to disable temporarily antivirus/firewall on my office desktop to see if it helped, but no antivirus/firewall doesn't block connection.

What would be the next steps ? I tried searching everywhere to find detailed howtos or manuals but found nothing to help me.

Sorry for the noobie help required, hope someone can help me here.

Thanks a lot

Francesco Molino · ‎04-24-2020

Hi

I'm not very familiar with rv series.
You configured what called teleworker vpn?
Anyways, ssl vpn is available and you have 2 licenses free included.
L2tp is more secure than pptp, so slower than pptp.
If you can ping your printer sitting in the same vlan as your pc, it shouldn't be a nat issue.
As you have TeamViewer access to your pc, when connected over vpn and pinging your pc, have you checked on your remote pc (using TeamViewer) if icmp packets arrive by capturing the traffic with wireshark?
Default gateway of your PC is your RV345 device?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

DavidBrisebois · ‎04-25-2020

Not Teleworker only basic PPTP. I know L2TP is more secure, however security is not a big point.

I know we can have 2 AnyConnect free trials, but they have been used already, they are expired (I guess by the phone company that provided us the router).

But still, your message points out to something.

To clarify, here's the network scheme: ISP modem -> Cisco RV345P (192.168.10.1, subnet 192.168.10.0/24, DHCP 192.168.10.100-.149). From there, we have

- Xerox printer connected directly to Cisco (192.168.10.50 static, don't know why it's been configured like this out of the IP range, but it works since it still is in the subnet), it is pingable and can access web admin through VPN

- An old ASUS router we previously had that we keep as an access point for Wifi only in the office also connected to Cisco router (192.168.10.112 dynamic, it is pingable and can access web admin through VPN

- we have our VoIP phones (Yealink T21) that receive dynamic IP, and computers connected through phones due to lack of internet plugs in the office. That may explain why computers are not pingable, I can ping my work phone (192.168.10.138), but cannot ping my computer that is connected through my phone (which receives IP 192.168.10.126 on the Cisco router). I think we have found the problem for that part, but while it's not connection to our work computers that we need, I won't investigate further.

- Finally we have our file server connected directly to Cisco router at IP 192.168.10.100. This one is the only device connected directly to the router that is still unreachable.

Maybe that would help some people...

Francesco Molino · ‎04-26-2020

Ok this server is connected directly to your rv router. The default gateway should be the rv router itself right? Have you checked by capturing traffic, if icmp packets are hitting the server? I don't know how rv debugs works as these are not the type of devices I'm used to work with.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

DavidBrisebois · ‎04-26-2020

No I didn’t try to see if packets are received by the server since I don’t have any remote access to it by TeamViewer or anything. But from physical network for sure computers have access to the server as our computers have a shared network drive connected.

Francesco Molino · ‎04-26-2020

Ok i thought you had access through TeamViewer.
Have you checked access rules to make sure nothing is blocked by RV router?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

nagrajk1969 · ‎05-12-2021

1. The file-server's default-gateway MUST be configured as 192.168.10.1 to reach the pptp-ip-pool 10.10.0.1-20 network

2. It can so happen that the file-server maybe configured to NOT respond to Ping for security reasons....try connecting to the file server by using other protocols other than ping...