Configure a Site to Site VPN

setting up a vpn with the Cisco RV325

Thu, 04 Oct 2018

Setting up the VPN

log into both routers and head over to the VPN section. Once you get into the VPN section click on the Gateway to Gateway sub category. Below is an image of what the setup should look like.

router1

  • Tunnel No. - Can be any number(assigned by router)
  • Tunnel Name - Chose a distinguishable name. ex. “Boston office”
  • Interface - Your public WAN port
  • Keying Mode - IKE with Preshared Key. We plan to create a secret that the two routers will share with one another.
  • Enable - Please check this off :)
  • Local Security Gateway Type - IP only. We are creating the tunnel via public IPs
  • IP address - Should display the current public ip of the router we are working on
  • Local Security Group Type - Subnet. We’re trying to tie our two subnets together
  • IP address - Local IP subnet for this router. This has to be different in both routers. Ex. Router 1 - 192.168.1.0 and Router 2 - 192.168.2.0
  • Subnet Mask - subnet mask of the subnet in the box above
  • Remote Security Gateway Type - IP only. We are creating the tunnel via public IPs
  • IP address - remote locations public IP address
  • Remote Security Group Type - Subnet
  • IP address - remote subnet address
  • Subnet Mask - subnet mask for the above subnet

router2

The next couple of settings have to do with the encryption protocols being used to send data between routers. The settings I used give your connection a good amount of security as well as some decent speeds

  • Phase 1 DH Group - Group 2 - 1024 bit
  • Phase 1 Encryption - AES-256
  • Phase 1 Authentication - SHA1
  • Phase 1 SA Lifetime - 28800
  • Phase 2 Encryption - AES-256
  • Phase 2 Authentication - SHA!
  • Phase 2 SA Lifetime - 3600
  • Minimum Preshared Key Complexity - check off
  • Preshared Key - Password used for encryption. I would recommend using this to generate something. Strong Random Password Generator

The final settings in the advanced section are mostly optional. I used what I thought worked best for my environment

  • Aggressive Mode - Speeds up connection speed. Uncheck it if you prefer maximum security over speed
  • Keep-Alive - Attempts to reconnect if connection drops
  • NetBIOS Broadcast - Turns NetBIOS traffic on with the tunnel. If you have a windows domain I recommend turning this on.
Loading...
Edward Beazer

Edward Beazer - I just like to build shit. Sometimes I get stuck for hours, even days while trying to figure out how to solve an issue or implement a new feature. Hope my tips and tutorials can save you some time.