Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7378
Views
20
Helpful
6
Replies

Router RV345: VPN connection for Windows 10 with AD account.

Go to solution
JuriPotapov2376
Level 1
Level 1

‎06-22-2019 11:34 AM

Bought route RV345 with announced wide range VPN compatibility. In reality no one working.

Could somebody help with configuration?

Preferable: L2TP connection with Windows built-in client.

Spent very long time for different workarounds and based on different suggestion from community site without success.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mathias Garcia
Level 1
Level 1
In response to balaji.bandi

‎06-24-2019 06:27 AM

You're not alone in having had problems implementing L2TP with the RVXXX routers.
There are 2 common stumbling blocks. ( at least from my point of view. )

 

One is that you have to configure the VPN connection on the Windows machine to use PAP as authentication.
Seems that the RV routers does not support the use of CHAP or MS-CHAP as authentication protocol for L2TP.

 

The second is that by default the only encryption that works is 3DES, but in these days 3DES is often not considered to be secure enough, so they try to use AES which does not work without some extra commands on the Windows machine.

 

I made a post on another thread here on the forum showing how to get this working with AES256 and SHA2-256.

You can find it here.

View solution in original post

6 Replies 6

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎06-23-2019 02:13 PM

Have you tried below document :

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/smb5850-configure-l2tp-wan-settings-on-the-rv34x-router.html

 

if yes, what is the errors you getting and you need to provide more information and error logs.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Mathias Garcia
Level 1
Level 1
In response to balaji.bandi

‎06-24-2019 06:27 AM

You're not alone in having had problems implementing L2TP with the RVXXX routers.
There are 2 common stumbling blocks. ( at least from my point of view. )

 

One is that you have to configure the VPN connection on the Windows machine to use PAP as authentication.
Seems that the RV routers does not support the use of CHAP or MS-CHAP as authentication protocol for L2TP.

 

The second is that by default the only encryption that works is 3DES, but in these days 3DES is often not considered to be secure enough, so they try to use AES which does not work without some extra commands on the Windows machine.

 

I made a post on another thread here on the forum showing how to get this working with AES256 and SHA2-256.

You can find it here.

Go to solution
JuriPotapov2376
Level 1
Level 1
In response to Mathias Garcia

‎06-24-2019 11:42 PM

Thank You!

Sounds very promised.

I have found encryption as a cause, but tried to connect using 3DES without success.

Will try your solution in few days. But...

1. I don't think I can offer that solution for permanent usage because of PAP, only as a temporary maybe. How to keep secure connection when passwords going in plain text. 

2. Have you tried RADIUS as a credential source? What settings on MS NPS side required?

 

Go to solution
Mathias Garcia
Level 1
Level 1
In response to JuriPotapov2376

‎06-25-2019 12:57 AM

1. The PAP authentication goes through the IPSEC tunnel, so it's not like it goes over the Internet i clear text.
It's still not optimal, especially since we are limited to using DH group 2 for the IKE.

2. I have not had the opportunity to try this with RADIUS.

Go to solution
JuriPotapov2376
Level 1
Level 1
In response to balaji.bandi

‎06-24-2019 11:36 PM

Hello,

Thank You for fast answer.

But in that article described Site-to-Site connection.

I need Client-to-Site from Windows 10

 

0 Helpful

Go to solution
mridsing
Cisco Employee
Cisco Employee

‎06-23-2019 06:29 PM

Hi,

 

Thanks for your post.

 

Request you to check with attached L2TP configuration setup, whether able to get it working.

Please check with ISP whether have L2TP service port open (L2TP port number 1701) and IPsec port number like 500 and 4500 also.

 

-------------------------

 

Still unable to get it working , kindly open a service request with us by following link below:-

https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

 

Thanks and regards,

Mridul

Cisco SBSC

Preview file
2305 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents