The Blogging Technician Providing useful info for all of you and myself

29Nov/12Off

VPN with RVS4000

 

 

I have been asked recently to provide VPN access for a small business, and decided to use the Cisco RVS4000 VPN Router as the device handling the vpn/client. The initial setup is similar to most routers i.e. enter your isp information (it is required to operate under a static ip using the router to handle authentication), configure your lan options (i would at this point recommend using an ip scheme other that the default 192.168.x.x as this can cause issues later). Once this is complete you can connect the rvs4000 to your modem and the local computers should now have network / internet access.

Now moving on to the VPN configuration on the router, at this point you will click on the VPN tab of the router interface and choose vpn client accounts. Once here you will have the option of creating up to 5 VPN user id's and passwords, you may also configure the option to let the user change his/her password (I recommend not). Type the user name and password you would like and select add/save. Now with the user account created, under certificate management click export for client, you will be prompted to save xxxx.pem do so to the desktop.

 

 

Now you have added your users and you can begin configuring the client software. Install the quickvpn client software and copy xxxx.pem to the installation directory i.e. c:\program files\cisco small business\quickvpn client\. This will allow the client to connect to the vpn. Launch quickvpn, give the profile a unique name, fill in the remaining fields and click connect. After a few moments you should be prompted showing you are now connected to the VPN.

Here is where things get sticky.

Now if you want that user to have access to folders on a workgroup share (not domain) you will have to go to the computer where the shares are configured and access the control panel \windows firewall \ advanced settings \ inbound rules, you will want to add 2 rules for ports tcp 433 and udp 500, then in the list you will see File and Printer Sharing (Echo Request - ICMPv4-In) double click on this and change the scope to any ip address. Click apply and your users will now be able to ping and browse network shares.

I hope this helped some of you out. Thanks for reading.