SSL self Sign Certificate - Unable to upload from cisco RV180W
Bought a RV180W for the sole reason of a VPN to a remote location. Followed all direction in http://www.cisco.com/c/dam/en/us/td/docs/routers/csbr/rv180w/administration/guide/rv180w_admin.pdf
I am not sure what SUBJECT means, and if meaningful data has to be in there, or if it needs to match something on the router, like the router name. I was able to generate a key. I tried several times, it usually created a .CSR file, one time it created a .PEM file. This is all greek to me, and when I try to UPLOAD, I get "Cannot upload invalid Self Certificate"
Also - I created a Pre shared Key, as I thought I would need that, but I see no place to enter the PSK in the CISCO Quick VPN client.
I am reading the manual as if I want to self sign, I do not need a CA to sign it.
What am I missing?
Thanks!
I am not sure what SUBJECT means, and if meaningful data has to be in there, or if it needs to match something on the router, like the router name. I was able to generate a key. I tried several times, it usually created a .CSR file, one time it created a .PEM file. This is all greek to me, and when I try to UPLOAD, I get "Cannot upload invalid Self Certificate"
Also - I created a Pre shared Key, as I thought I would need that, but I see no place to enter the PSK in the CISCO Quick VPN client.
I am reading the manual as if I want to self sign, I do not need a CA to sign it.
What am I missing?
Thanks!
ASKER
Rob,
Thanks for the reply.
Yes, I can confirm I upgraded the latest general release (GD) version of the firmware, as well as downloaded the latest vpn client. I played some more earlier today, and I did notice the PEM file was created, and that I needed to put in the remote machines folder. I do have the Cisco as the public facing router. I think I was trying to create a self signed SSL, and overcomplicating things, and you are probably right, I need to step back and try the very basic config, and try connecting from outside the location.
What I can not understand is how to tell the client machine, how or where to use the PSK I generated. I only have VPN user name and password as available options in the Cisco Quick Connect VPN CLient.
Tommorow, I will compare the settings to the ones in this document,
https://supportforums.cisco.com/document/141601/reasons-you-cannot-connect-quickvpn
and maybe have better luck.
Maybe other experts will chime in when they are at their offices. Thanks for the tips, and will share the solution, once we get there.
Thanks for the reply.
Yes, I can confirm I upgraded the latest general release (GD) version of the firmware, as well as downloaded the latest vpn client. I played some more earlier today, and I did notice the PEM file was created, and that I needed to put in the remote machines folder. I do have the Cisco as the public facing router. I think I was trying to create a self signed SSL, and overcomplicating things, and you are probably right, I need to step back and try the very basic config, and try connecting from outside the location.
What I can not understand is how to tell the client machine, how or where to use the PSK I generated. I only have VPN user name and password as available options in the Cisco Quick Connect VPN CLient.
Tommorow, I will compare the settings to the ones in this document,
https://supportforums.cisco.com/document/141601/reasons-you-cannot-connect-quickvpn
and maybe have better luck.
Maybe other experts will chime in when they are at their offices. Thanks for the tips, and will share the solution, once we get there.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Firstly these Cisco's are really Linksys routers and have a lot of limitations. They work quite well in a site to site configuration with 2 VPN routers but are not the best for mobile client access.
To access using a VPN client there are two options PPTP and IPsec. The "Gateway" settings are for site to site VPN’s. Much more involved set ups, but you don’t need to touch those pages. With PPTP you just set a user name and password and then use the Windows client. This works well, is easy to set up, but limited to 5 users and not as secure as IPSec.
The IPsec configuration uses the Cisco/Linksys Quick VPN client. This is the major problem. It doesn't always work from some sites, even if properly configured.
That being said, make sure you have the latest firmware for the router and the latest Quick VPN client. It will not work if the client is much older than the firmware. The RV180 also needs to have a public IP, i.e. it can't be behind a NAT device and get a private IP like 192.168.x.x or 10.x.x.x. It doesn't have to be a static IP, so long as you know the IP to which you are connecting or use a DDNS service. You cannot test this from the LAN side of the router. The client needs to be on the public side, i.e. at another site. The site from which you are connecting needs to have "Allow IPSec pass-through” enabled on its router". It is by default on most, but not all routers.
As for configuring the router, I currently do not have one to look at and I find the link to the manual confusing. Normally you choose the VPN client configuration and just have to enter a user name and pre shared key (a pass phrase). Then you export the certificate, a .pem file, to a temp folder. The certificate then has to be copied to a folder within the client configuration of the connecting computer.
I appreciate that is not a lot of help. It is usually VERY simple to configure, but there are a ½ dozen sites dedicated to dozens of reasons why it doesn’t work.