SSL self Sign Certificate - Unable to upload from cisco RV180W

Bought a RV180W for the sole reason of a VPN to a remote location.  Followed all direction in http://www.cisco.com/c/dam/en/us/td/docs/routers/csbr/rv180w/administration/guide/rv180w_admin.pdf

I am not sure what SUBJECT means, and if meaningful data has to be in there, or if it needs to match something on the router, like the router name.  I was able to generate a key.  I tried several times, it usually created a .CSR file, one time it created a .PEM file.  This is all greek to me, and when I try to UPLOAD, I get "Cannot upload invalid Self Certificate"

Also - I created a Pre shared Key, as I thought I would need that, but I see no place to enter the PSK in the CISCO Quick VPN client.
I am reading the manual as if I want to self sign, I do not need a CA to sign it.  
What am I missing?

Thanks!
MrAutomateAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob WilliamsCommented:
I am not a lot of help as I have not set up one of the low end Cisco's for client VPN access for quite some time.  However you have not had any replies as of yet so perhaps I can be of some help.

Firstly these Cisco's are really Linksys routers and have a lot of limitations.  They work quite well in a site to site configuration with 2 VPN routers but are not the best for mobile client access.

To access using a VPN client there are two options  PPTP and IPsec.  The "Gateway" settings are for site to site VPN’s.  Much more involved set ups, but you don’t need to touch those pages.  With PPTP you just set a user name and password and then use the Windows client.  This works well, is easy to set up, but limited to 5 users and not as secure as IPSec.

The IPsec configuration uses the Cisco/Linksys Quick VPN client.  This is the major problem.  It doesn't always work from some sites, even if properly configured.  
That being said, make sure you have the latest firmware for the router and the latest Quick VPN client.  It will not work if the client is much older than the firmware.   The RV180 also needs to have a public IP, i.e. it can't be behind a NAT device and get a private IP like 192.168.x.x or 10.x.x.x.  It doesn't have to be a static IP, so long as you know the IP to which you are connecting or use a DDNS service.  You cannot test this from the LAN side of the router.  The client needs to be on the public side, i.e. at another site.  The site from which you are connecting needs to have "Allow IPSec pass-through” enabled on its router".  It is by default on most, but not all routers.

As for configuring the router, I currently do not have one to look at and I find the link to the manual confusing.  Normally you choose the VPN client configuration and just have to enter a user name and pre shared key (a pass phrase).  Then you export the certificate, a .pem file, to a temp folder.  The certificate then has to be copied to a folder within the client configuration of the connecting computer.

I appreciate that is not  a lot of help.  It is usually VERY simple to configure, but there are a ½ dozen sites dedicated to dozens of reasons why it doesn’t work.
MrAutomateAuthor Commented:
Rob,

Thanks for the reply.  

Yes, I can confirm I upgraded the latest general release (GD) version of the firmware, as well as downloaded the latest vpn client.  I played some more earlier today, and I did notice the PEM file was created, and that I needed to put in the remote machines folder.   I do have the Cisco as the public facing router.  I think I was trying to create a self signed SSL, and overcomplicating things, and you are probably right, I need to step back and try the very basic config, and try connecting from outside the location.

What I can not understand is how to tell the client machine, how or where to use the PSK I generated.  I only have VPN user name and password as available options in the Cisco Quick Connect VPN CLient.

Tommorow, I will compare the settings to the ones in this document,

https://supportforums.cisco.com/document/141601/reasons-you-cannot-connect-quickvpn
 and maybe have better luck.

Maybe other experts will chime  in when they are at their offices.  Thanks for the tips, and will share the solution, once we get there.
Rob WilliamsCommented:
PSK?  No need.
The connecting client just needs IP address to which it connects, user name, password and have the .pem file added to it's folder configuration.

It is very simple to configure but fickle when it comes to working.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.