Cisco RV042G Firewall Rule

Following up to the post I just completed on the Cisco RV042G VPN, now I need to establish a rule in the firewall to allow VPN connections. My goal is to lock down access into any of the LAN connections until a user has authenticated through VPN. The firewall is in the default state, no changes. So when I go to add a rule to the firewall, IPSec is listed as an option. I am pretty sure I have this part right, but I won't swear to it.

What I am confused by is the Source Interface, Source IP and Destination IP.

Source Interface - I am using WAN1 as my internet connection so I assume this should be my selection here.
Source IP: Any, Single, Range - Is this to allow any external IP address connections through VPN or limit it to a single or a range?
Destination IP: Any, Single, Range - ???
gactoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Wayne88Commented:
You said "My goal is to lock down access into any of the LAN connections until a user has authenticated through VPN."  The VPN users will not be able to access your LAN connection until they connect to the VPN anyway so you do not need any additional rule for this.

Source Interface - I've used this router before and there are 2 WAN ports.  You need to select which WAN port the traffic is coming from.
Source IP: Keep it ANY because you want your remote users to connect from anywhere via VPN.  You can limit the VPN from an IP range or an IP if for example you're connecting a remote branch to corporate head office (router to router VPN) so you will want to allow only a certain IP range or even only one IP address to connect to the H.O.
Destination IP: Any or select a specific IP range (if you only want them to be able to access a certain servers in a certain IP range then you can specify.  Otherwise leave it as ANY).

Wayne
0
gactoAuthor Commented:
Ok I don't disagree that there may be additional configuration to accomplish my end goal, but my first goal is to not allow any of these connections until I have an authenticated user through VPN. So what I am asking is how do I set up the VPN rule in the firewall correctly to begin with.
0
Wayne88Commented:
I see your challenge.  I have used a much older version of this router and the interface is different.  Let find the manual and have a look first.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

gactoAuthor Commented:
Here is the manual. I am not a firewall guy so evening reading this is not helping.
Cisco-rv0xx-AG-78-19576.pdf
0
Wayne88Commented:
I think this is what you want.  You can also use PPTP VPN instead of IPSEC.  This info will show you how to enable the tunnel as well as create the VPN users as well as how to connect to it.

Setup a PPTP VPN Connection on a Windows PC with RV016, RV042, RV042G and RV082 VPN Routers
0
Wayne88Commented:
gacto, here is a video that can help you setup PPTP VPN

VPNs using PPTP through Cisco's Small Business Routers
0
gactoAuthor Commented:
Wayne88,

I am looking over this information now, but based on the research I have done so far I thought the Client To Gateway IPSec VPN was a much more secure option than PPTP.
0
gactoAuthor Commented:
looking over the documents you have attached I am not sure that my original post was clear. Let me try this again:

I have already configured a Client To Gateway VPN tunnel on my Cisco RV042G router. Now I am attempting to add a rule in the firewall to allow for VPN connections. While adding that rule there are three parameters that I am not sure hot to set:

1. Source Interface - I am using WAN1 as my internet connection so I assume this should be my selection here.
2. Source IP: Any, Single, Range - Is this to allow any external IP address connections through VPN or limit it to a single or a range?
3. Destination IP: Any, Single, Range - ???
0
Wayne88Commented:
IPSEC is more secure than PPTP.  Regardless of the protocol you chose it will take more than the average hacker to capture and hack a PPTP connection to your office while a remote user is online.  In any case, setting up the IPSEC shouldn't be much difference.

For inital setup, try setting up the tunnel with the following:

Source Interface - use WAN1
Source IP: Any, yes this is to allow the remote user to connect from any IP address.
Destination IP: Any, unless if you only want the user to have access to a certain servers then you can set the IP range of the servers or if just one then use a single IP address.  If you're not sure, leave it as ANY.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.