TheGreenBow IPsec VPN Client Configuration Guide Cisco RV220W Written by: Anonymous Customer Website: www.thegreenbow.com Contact: support@thegreenbow.com Property of TheGreenBow – Sistech S.A.
Configuration Guide Table of Contents 1 2 3 4 5 6 Introduction ............................................................................................................................................ 3 1.1 Goal of this document.................................................................................................................... 3 1.2 VPN Network topology .................................................................................................................. 3 1.
Configuration Guide 1 Introduction 1.1 Goal of this document This configuration guide describes how to configure TheGreenBow IPsec VPN Client software with a Cisco RV220W VPN router to establish VPN connections for remote access to corporate network. 1.2 VPN Network topology In our VPN network example (diagram hereafter), we will connect TheGreenBow IPsec VPN Client software to the LAN behind the Cisco RV220W router. The VPN client is connected to the Internet with a DSL connection or through a LAN.
Configuration Guide 2 Cisco RV220W VPN configuration This section describes how to build an IPsec VPN configuration with your Cisco RV220W VPN router. Once connected to your Cisco RV220W VPN gateway, follow the steps below. 2.1 Configure VPN using Wizard Navigate to the menu > VPN > Advanced VPN Setup > IKE Policy Table > Add Add IKE Policy Chapter 2.2 Add VPN Policy Chapter 2.4 2.
Configuration Guide 2.3 Extended Authentication / X-Auth Note the last set of fields in this policy: Extended Authentication: To use the internal user database of the Cisco Rv220w firewall set XAUTH Type to "Edge device" and Authentication type to "User Database". IPsec VPN Router Configuration 5 Property of TheGreenBow – Sistech S.A.
Configuration Guide 2.4 Add VPN Policy Navigate to the menu > VPN > Advanced VPN Setup > VPN Policy Table > Add "Select IKE Policy" links this policy to the "TGB" IKE policy. IPsec VPN Router Configuration 6 Property of TheGreenBow – Sistech S.A.
Configuration Guide You will need to create VPN users. To create users, navigate go to: VPN > VPN Users Click on Add, and then enter the username and password, and select the XAUTH protocol (for IPSec). Take note of the username and password. This will be required when using TGB to connect IPsec VPN Router Configuration 7 Property of TheGreenBow – Sistech S.A.
Configuration Guide 3 TheGreenBow IPsec VPN Client configuration This section describes the required configuration to connect to a Cisco RV220W VPN router via VPN connections. To download the latest release of TheGreenBow IPsec VPN Client software, please go to www.thegreenbow.com/vpn_down.html. 3.
Configuration Guide Phase 1 advanced configuration Enable X-Auth Popup or enter X-Auth Login and Password. Note : If X-Auth Popup is enabled, user will be requested to enter Login and Password every time the tunnel opens. IPsec VPN Router Configuration 9 Property of TheGreenBow – Sistech S.A.
Configuration Guide 3.2 VPN Client Phase 2 (IPsec) Configuration Enter the IP address (and subnet mask) of the remote LAN. Phase 2 Configuration 3.3 Open IPsec VPN tunnels Once both Cisco RV220W router and TheGreenBow IPsec VPN Client software have been configured accordingly, you are ready to open VPN tunnels. First make sure you enable your firewall with IPsec traffic. 1/ Click on "Save & Apply" to take into account all modifications we've made on your VPN Client configuration.
Configuration Guide 4 Tools in case of trouble Configuring an IPsec VPN tunnel can be a hard task. One missing parameter can prevent a VPN connection from being established. Some tools are available to find source of troubles during a VPN establishment. 4.1 A good network analyser: Wireshark Wireshark is a free software that can be used for packet and traffic analysis. It shows IP or TCP packets received on a network card. This tool is available on website www.wireshark.org.
Configuration Guide 5 VPN IPsec Troubleshooting 5.1 “PAYLOAD MALFORMED” error (wrong Phase 1 [SA]) 114920 Default (SA CNXVPN1-P1) SEND phase 1 Main Mode [SA][VID] 114920 Default (SA CNXVPN1-P1) RECV phase 1 Main Mode [NOTIFY] 114920 Default exchange_run: exchange_validate failed 114920 Default dropped message from 195.100.205.
Configuration Guide 5.
Configuration Guide 5.8 The VPN tunnel is up but I can’t ping ! If the VPN tunnel is up, but you still cannot ping the remote LAN, here are a few guidelines: Check Phase 2 settings: VPN Client address and Remote LAN address. Usually, VPN Client IP address should not belong to the remote LAN subnet Once VPN tunnel is up, packets are sent with ESP protocol. This protocol can be blocked by firewall.
Configuration Guide 6 Contacts News and updates on TheGreenBow web site: www.thegreenbow.com Technical support by email at: support@thegreenbow.com Sales contacts by email at: sales@thegreenbow.com IPsec VPN Router Configuration 15 Property of TheGreenBow – Sistech S.A.
Secure, Strong, Simple TheGreenBow Security Software
