Link to home
Start Free TrialLog in
Avatar of gacto
gacto

asked on

Cisco RV042G Firewall Rule

Following up to the post I just completed on the Cisco RV042G VPN, now I need to establish a rule in the firewall to allow VPN connections. My goal is to lock down access into any of the LAN connections until a user has authenticated through VPN. The firewall is in the default state, no changes. So when I go to add a rule to the firewall, IPSec is listed as an option. I am pretty sure I have this part right, but I won't swear to it.

What I am confused by is the Source Interface, Source IP and Destination IP.

Source Interface - I am using WAN1 as my internet connection so I assume this should be my selection here.
Source IP: Any, Single, Range - Is this to allow any external IP address connections through VPN or limit it to a single or a range?
Destination IP: Any, Single, Range - ???
Avatar of Wayne88
Wayne88
Flag of Canada image

You said "My goal is to lock down access into any of the LAN connections until a user has authenticated through VPN."  The VPN users will not be able to access your LAN connection until they connect to the VPN anyway so you do not need any additional rule for this.

Source Interface - I've used this router before and there are 2 WAN ports.  You need to select which WAN port the traffic is coming from.
Source IP: Keep it ANY because you want your remote users to connect from anywhere via VPN.  You can limit the VPN from an IP range or an IP if for example you're connecting a remote branch to corporate head office (router to router VPN) so you will want to allow only a certain IP range or even only one IP address to connect to the H.O.
Destination IP: Any or select a specific IP range (if you only want them to be able to access a certain servers in a certain IP range then you can specify.  Otherwise leave it as ANY).

Wayne
Avatar of gacto
gacto

ASKER

Ok I don't disagree that there may be additional configuration to accomplish my end goal, but my first goal is to not allow any of these connections until I have an authenticated user through VPN. So what I am asking is how do I set up the VPN rule in the firewall correctly to begin with.
I see your challenge.  I have used a much older version of this router and the interface is different.  Let find the manual and have a look first.
Avatar of gacto

ASKER

Here is the manual. I am not a firewall guy so evening reading this is not helping.
Cisco-rv0xx-AG-78-19576.pdf
I think this is what you want.  You can also use PPTP VPN instead of IPSEC.  This info will show you how to enable the tunnel as well as create the VPN users as well as how to connect to it.

Setup a PPTP VPN Connection on a Windows PC with RV016, RV042, RV042G and RV082 VPN Routers
gacto, here is a video that can help you setup PPTP VPN

VPNs using PPTP through Cisco's Small Business Routers
Avatar of gacto

ASKER

Wayne88,

I am looking over this information now, but based on the research I have done so far I thought the Client To Gateway IPSec VPN was a much more secure option than PPTP.
Avatar of gacto

ASKER

looking over the documents you have attached I am not sure that my original post was clear. Let me try this again:

I have already configured a Client To Gateway VPN tunnel on my Cisco RV042G router. Now I am attempting to add a rule in the firewall to allow for VPN connections. While adding that rule there are three parameters that I am not sure hot to set:

1. Source Interface - I am using WAN1 as my internet connection so I assume this should be my selection here.
2. Source IP: Any, Single, Range - Is this to allow any external IP address connections through VPN or limit it to a single or a range?
3. Destination IP: Any, Single, Range - ???
ASKER CERTIFIED SOLUTION
Avatar of Wayne88
Wayne88
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial