Reply
techtips
Posts: 11
Registered: ‎10-25-2007

VPN on RV042

[ Edited ]
Hi

I have few Linksys RV042s connecting to Cisco ASA unit.

Location A - Cisco ASA - 192.168.10.0/24
Location B - RV042 - 192.168.20.0/24
Location C - RV042 - 192.168.30.0/24

Loc B and C connect to Loc A through VPN.
Loc B and C - no VPN is required

Loc A accept VPN traffic from Loc B subnet 10.10.10.4/30 (10.10.10.5 & 10.10.10.6 hosts only)

Loc A accept VPN traffic from Loc C subnet 10.10.10.8/30 (10.10.10.9 & 10.10.10.10 hosts only)
So all my 192.168.20.0 and 30.0 traffic should be natted to 10.10.10.4/30 and .8/30 networks. But I do not see any option to nat between private networks on RV042.(192.168.20.0 --> 10.10.10.0). So I was wondering if I can make the above configuration work. If not what would be best way to configure this?
 
Any advise on this is highly appreciated.
 
Thanks
Venkat 


Message Edited by techtips on 07-15-2008 11:17 AM
quack
Posts: 2,544
Registered: ‎09-07-2006

Re: VPN on RV042

First of all try checking the firmware of the router if its not latest try upgrading the firmware of the router & then reset the router to factory defaults & do a complete network power cycle & then setup a network by disabling the firewalls & also check that you you are able to ping the ip address of each pc from another.
Demomdog
Posts: 2
Registered: ‎08-14-2008

Re: VPN on RV042

Any update on this, is the issue resolved? I need to setup a VPN b/t an RV042 and ASA5510 and would very much appreciate a quick how-to guide, using the ASDM if that's how you did it, or the CLI commands.
thnx in advance and all the best.
techtips
Posts: 11
Registered: ‎10-25-2007

Re: VPN on RV042

Hi
 
I used CLI on ASA unit and here is the config below. Hope that helps
 
access-list inside_nonat_outbound extended permit ip <local network> 255.255.255.0 <remote network> 255.255.255.0
access-list outside_cryptomap_11 extended permit ip <local network> 255.255.255.0 <remote network> 255.255.255.0
 
nat-control
global (outside) 1 interface
nat (inside) 0 access-list inside_nonat_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 <your gateway public IP> 1
 
Phase2
crypto ipsec transform-set SET esp-3des esp-sha-hmac
crypto map TESTVPN 11 match address outside_cryptomap_11
crypto map TESTVPN 11 set pfs group2
crypto map TESTVPN 11 set peer <remote tunnel IP>
crypto map TESTVPN 11 set transform-set SET
crypto map TESTVPN interface outside
 
Phase1
isakmp identity address
isakmp enable outside
isakmp policy 11 authentication pre-share
isakmp policy 11 encryption 3des
isakmp policy 11 hash sha
isakmp policy 11 group 2
isakmp policy 11 lifetime 28800

tunnel-group <remote tunnel IP> type ipsec-l2l
tunnel-group <remote tunnel IP> ipsec-attributes
pre-shared-key 1234567890
 
On RV042, you need to configure Gateway-Gateway and that would be pretty straightforward. Please use the same configuration as above
 
3des, sha, pfs on, preshared key, group2
On RV042 - local network and remote networks alters from the above.
 
Best of Luck
 
Demomdog
Posts: 2
Registered: ‎08-14-2008

Re: VPN on RV042

It helps a lot, thanks much ... and here's a possibly witless followup question that reflects my newbie status ....
 
Once the tunnel is up, I would presume all I'd need to talk from end to end (local to the asa lan to remote rv042 lan) would be a route to the remote lan. What address do I use for a gw? the inside int address on the asa?
 
techtips
Posts: 11
Registered: ‎10-25-2007

Re: VPN on RV042

Hi
 
You should be able to ping or other devices between LANs when the tunnel is up. If you cannot access the systems at remote LAN, then check the logs to see why the tunnel did not come up
 
sh crypto isakmp sa
sh crypto ipsec sa
 
the above commands on ASA unit should show you the tunnel and the packets on it.
 
The gateway IP will be your public IP address given by your ISP. So that would be probably in the range of external IPs on the ASA but not the external/outside IP on ASA.
 
Hope that helps