Objective
How to Set Up Your Cisco VPN Server - Learn how to set up a virtual private network TechSoup Articles & How-tos.
IPSec VPN (Virtual Private Network) enables you to securely obtain remote access to corporate resources by establishing an encrypted tunnel across the Internet.
The objective of this document is to show you how to configure an IPSec VPN Server on RV130 and RV130W.
- Deploy high performance SSD VPS on the worldwide Vultr network in 60 seconds. Sign up for free and start hosting virtual servers today!
- In this VPN tutorial video, author, speaker, and IT trainer Don R. Crawley demonstrates how to configure a site-to-si.
Note: For information about how to configure an IPSec VPN Server with the Shrew Soft VPN Client on RV130 and RV130W, refer to the article Use Shrew Soft VPN Client with IPSec VPN Server on RV130 and RV130W.
Applicable Devices
• RV130W Wireless-N VPN Firewall
• RV130 VPN Firewall
• RV130 VPN Firewall
Software Version
• v1.0.1.3
Setup IPSec VPN Server
Step 1. Log in to the web configuration utility and choose VPN > IPSec VPN Server > Setup. The Setup page opens.
Step 2. Check the Server Enable checkbox to enable the certificate.
Step 3. (Optional) If your VPN router or VPN Client is behind a NAT gateway, click Edit to configure NAT Traversal. Otherwise, leave NAT Traversal disabled.
Note: For more information about how to configure NAT Traversal settings, refer to Internet Key Exchange (IKE) Policy Settings on RV130 and RV130W VPN Routers.
Step 4. Enter a key between 8 to 49 characters long that will be exchanged between your device and the remote endpoint in the Pre-Shared Key field.
Step 5. From the Exchange Mode drop down list, choose the mode for the IPSec VPN connection. Main is the default mode. However, if your network speed is low, choose the Aggressive mode.
Note: Aggressive mode exchanges the IDs of the end points of the tunnel in clear text during the connection, which requires less time to exchange but is less secure.
Step 6. From the Encryption Algorithm drop-down list, choose the appropriate encryption method to encrypt the Pre-Shared Key in Phase 1. AES-128 is recommended for its high security and fast performance.The VPN tunnel needs to use the same encryption method for both of its ends.
The available options are defined as follows:
• DES — Data Encryption Standard (DES) is a 56-bit, old encryption method which is not very secure, but may be required for backwards compatibility.
• 3DES — Triple Data Encryption Standard (3DES) is a 168-bit, simple encryption method used to increase the key size because it encrypts the data three times. This provides more security than DES but less security than AES.
• AES-128 — Advanced Encryption Standard with 128-bit key (AES-128) uses a 128-bit key for AES encryption. AES is faster and more secure than DES. In general, AES is also faster and more secure than 3DES. AES-128 is faster but less secure than AES-192 and AES-256.
• AES-192 — AES-192 uses a 192-bit key for AES encryption. AES-192 is slower but more secure than AES-128, and faster but less secure than AES-256.
• AES-256 — AES-256 uses a 256-bit key for AES encryption. AES-256 is slower but more secure than AES-128 and AES-192.
Step 7. From the Authentication Algorithm drop-down list, choose the appropriate authentication method to determine how the Encapsulating Security Payload (ESP) protocol header packets are validated in Phase 1. The VPN tunnel needs to use the same authentication method for both ends of the connection.
The available options are defined as follows:
• MD5 — MD5 is a one-way hashing algorithm that produces a 128-bit digest. MD5 computes faster than SHA-1, but is less secure than SHA-1. Best macbook for work. MD5 is not recommended.
• SHA-1 — SHA-1 is a one-way hashing algorithm that produces a 160-bit digest. SHA-1 computes slower than MD5, but is more secure than MD5.
• SHA2-256 — Specifies the Secure Hash Algorithm SHA2 with the 256-bit digest.
Step 8. From the DH Group drop-down list, choose the appropriate Diffie-Hellman (DH) group to be used with the key in Phase 1. Diffie-Hellman is a cryptographic key exchange protocol which is used in the connection to exchange pre-shared key sets. The strength of the algorithm is determined by bits.
The available options are defined as follows:
• Group1 (768-bit) — Computes the key the fastest, but is the least secure.
• Group2 (1024-bit) — Computes the key slower, but is more secure than Group1.
• Group5 (1536-bit) — Computes the key the slowest, but is the most secure.
Step 9. In the IKE SA Life Time field, enter the time, in seconds, that the automatic IKE key is valid. Once this time expires, a new key is negotiated automatically.
Step 10. From the Local IP drop down list, choose Single if you would like a single local LAN user to access the VPN tunnel, or choose Subnet if you would like multiple users to be able to access it.
Step 11. If Subnet was chosen in Step 10, enter the Network IP address of the sub-network in the IP Address field. If Single was chosen in Step 10, enter the IP address of the single user and skip to Step 13.
Step 12. (Optional) If Subnet was chosen in Step 10, enter the subnet mask of the local network in the Subnet Mask field.
Step 13. In the IPSec SA Lifetime field, enter the time in seconds that the VPN connection remains active in Phase 2. Once this time expires, the IPSec Security Association for the VPN connection is renegotiated.
Step 14. From the Encryption Algorithm drop-down list, choose the appropriate encryption method to encrypt the Pre-Shared key in Phase 2. AES-128 is recommended for its high security and fast performance.The VPN tunnel needs to use the same encryption method for both of its ends.
The available options are defined as follows:
• DES — Data Encryption Standard (DES) is a 56-bit, old encryption method which is the least secure, but may be required for backwards compatibility.
• 3DES — Triple Data Encryption Standard (3DES) is a 168-bit, simple encryption method used to increase the key size because it encrypts the data three times. This provides more security than DES but less security than AES.
• AES-128 — Advanced Encryption Standard with 128-bit key (AES-128) uses a 128-bit key for AES encryption. AES is faster and more secure than DES. In general, AES is also faster and more secure than 3DES. AES-128 is faster but less secure than AES-192 and AES-256.
• AES-192 — AES-192 uses a 192-bit key for AES encryption. AES-192 is slower but more secure than AES-128, and faster but less secure than AES-256.
• AES-256 — AES-256 uses a 256-bit key for AES encryption. AES-256 is slower but more secure than AES-128 and AES-192.
Step 15. From the Authentication Algorithm drop-down list, choose the appropriate authentication method to determine how the Encapsulating Security Payload (ESP) protocol header packets are validated in Phase 2.The VPN tunnel needs to use the same authentication method for both of its ends.
The available options are defined as follows:
• MD5 — MD5 is a one-way hashing algorithm that produces a 128-bit digest. MD5 computes faster than SHA-1, but is less secure than SHA-1. MD5 is not recommended.
• SHA-1 — SHA-1 is a one-way hashing algorithm that produces a 160-bit digest. SHA-1 computes slower than MD5, but is more secure than MD5.
• SHA2-256 — Specifies the Secure Hash Algorithm SHA2 with the 256-bit digest.
Step 16. (Optional) In the PFS Key Group field, check the Enable checkbox. Perfect Forward Secrecy (PFS) creates an additional layer of security in protecting your data by ensuring a new DH key in Phase 2. The process is done in case the DH key generated in Phase 1 is compromised in transit.
Step 17. From the DH Group drop-down list, choose the appropriate Diffie-Hellman (DH) group to be used with the key in Phase 2.
The available options are defined as follows:
• Group1 (768-bit) — Computes the key the fastest, but is the least secure.
• Group2 (1024-bit) — Computes the key slower, but is more secure than Group1.
• Group5 (1536-bit) — Computes the key the slowest, but is the most secure.
Step 18. Click Save to save your settings.
For more information, check out the following documentation:
- RV130 Data sheet - explains the VPN capabilities for the RV130 series routers
- RV130 Product Page - includes links for all RV130 articles from Cisco
Objective
The Point to Point Tunneling Protocol (PPTP) is a network protocol used to create VPN tunnels between public networks. PPTP servers are also known as Virtual Private Dialup Network (VPDN) servers. PPTP is preferred over other VPN protocols because it is faster and it has the ability to work on mobile devices. A total of ten PPTP tunnels can be configured on the PPTP Server.
This article explains how to configure a PPTP (Point-to-Point Tunneling Protocol) server on Windows for the RV32x VPN Router Series.
Applicable Devices
• RV320 Dual WAN VPN Router
• RV325 Gigabit Dual WAN VPN Router
• RV325 Gigabit Dual WAN VPN Router
Software Version
• v1.1.0.09
Configure PPTP Server
PPTP IP Range
Step 1. Log in to the web configuration utility and choose VPN > PPTP Server. The PPTP Server page opens:
Step 2. Checkthe Enable check box to enable the PPTP Server on the RV320.
Step 3. Enter the starting LAN IP address of the range assigned to the first PPTP VPN client in the Range Start field. The default IP is 192.168.1.200.
Step 4. Enter the last LAN IP address of the range assigned to the last PPTP VPN client in the Range End field. The default is 192.168.1.204.
Step 5. Click Save to save the settings.
PPTP Tunnel Status
• Tunnel(s) Used — Represents the number of tunnels that are currently in use by the PPTP Server.
• Tunnel(s) Available — Represents the number of tunnels that are still available to configure the PPTP Server.
Note: You need to add users before you can setup a connection in the connection table. For more information on how to configure users, refer to to the article User and Domain Management Configuration on RV320 and RV325 VPN Router Series.
• Connection Table — The Connection List is a read-only list that shows information of VPN clients. The list shows the Username of the PPTP VPN client, Remote WAN IP address of the PPTP VPN client and the PPTP IP Address that the PPTP server assigns to the client upon connection. You need to configure PPTP VPN connection on Windows to display the user in the Connection Table.
More Videos For Cisco Vpn Server Setup »
Note: To learn more on how to setup the PPTP connection, refer to the Configure PPTP VPN Connection on Windows section.
Configure PPTP VPN Connection on Windows
Step 1. Log into the computer and choose Start > Control Panel > Network and Internet > Network and Sharing Center. The Network and Sharing Center window appears.
Step 2. Click Set up a new connection or network to create a new connection or network. The Set Up a Connection or Network window appears.
Step 3. Click Connect to a workplace to connect from the work place.
Step 4. Click Next to continue. The Connect to a Workplace window appears:
Step 5. Click Use my Internet connection (VPN) to use your Internet connection.
Step 6. Click I'll set up an Internet connection later to configure the Internet connection later.
Step 7. Enter the IP address of the LAN IP address of the RV320 into the Internet address field.
Step 8. Enter a name for the destination in the Destination name field.
Step 9. Click Create.
Note: If you are on Windows 8, the next procedure applies. If you are on Windows 7, the next three images are different, but the procedure is the same.
Step 10. Click the Network icon on the task bar. This displays all the networks, wireless, VPN, and Dial-up, available to be connected to the computer:
Step 11. Click Connect to connect the specific connection.
Note: You have to configure the user in the User Management page. To know more on how to configure user management, refer to the article User and Domain Management Configuration on RV320 Router. For the Step 12 and Step 13, you have to provide same user name and password you provided in the User Management page.
Step 12. Enter the user name in the Username field.
Step 13. Enter the password in the Password field.
Step 14. Click OK.
Step 15. Right click on the network icon on the task bar and click Open Network and Sharing Center.
Cisco Vpn Setup Windows 10
Step 16. Click on the specific VPN connection. The Status window appears:
Step 17. Click Properties. The VPN Destination Properties window appears:
Cisco Vpn Server Setup
Step 18. Choose the Security tab at the top of the window.
Cisco 881 Vpn Server Configuration
Step 19. Choose Point to Point Tunneling Protocol (PPTP) from the Type of VPN drop-down list.
Step 20. Click OK to save the settings. The new connection adds in the Connection Lists of the PPTP Server page.