After much fruitless searching for helpful documentation to assist me in setting up the VPN services on a Cisco RV 120W to work with the open source client from Shrew Soft, I thought I’d better make a post here to help others.
I’m setting up the VPN to use xauth (usernames and passwords) to authenticate sessions. I want to allow DNS/WINS through the VPN tunnel and I want to allow ‘split tunnelling’ so that internet access still functions while the tunnel is up.
I found a very helpful PDF guide to getting the Cisco device configured from [After much fruitless searching for helpful documentation to assist me in setting up the VPN services on a Cisco RV 120W to work with the open source client from Shrew Soft, I thought I’d better make a post here to help others.
I’m setting up the VPN to use xauth (usernames and passwords) to authenticate sessions. I want to allow DNS/WINS through the VPN tunnel and I want to allow ‘split tunnelling’ so that internet access still functions while the tunnel is up.
I found a very helpful PDF guide to getting the Cisco device configured from](http://www.thegreenbow.com/) who produce VPN client software. The PDF for that guide is here.
I also found a PDF guide written by Cisco to getting the Shrew Soft client to talk to a Cisco SA 500. There is another technote on configuring the SA500 to accept the connections from a Shrew Soft client too, which is quite helpful.
Read on for the recipe.
The Cisco RV120W is configured as per the GreenBow documentation. This is a very basic configuration, utilising the defaults wherever possible. The GreenBow instructions make use of a User FQDN, or User-specified Fully Qualified Domain Name, which can be a bit confusing on first read, and further confusing when it comes to setting up the client applications. I made a reference grid to help with the configuration.
<td class="configL3">
Cisco RV120
</td>
<td class="configL3">
Shrew Soft Client
</td>
<td class="configL3">
Aggressive
</td>
<td class="configL3">
Aggressive
</td>
<td class="configL3">
FQDN
</td>
<td class="configL3">
FQDN
</td>
<td class="configL3">
local.com
</td>
<td class="configL3">
remote.com
</td>
<td class="configL3">
remote.com
</td>
<td class="configL3">
local.com
</td>
<td class="configL3">
3DES
</td>
<td class="configL3">
3DES
</td>
<td class="configL3">
SHA-1
</td>
<td class="configL3">
SHA-1
</td>
<td class="configL3">
Pre-Shared Key
</td>
<td class="configL3">
Pre-Shared Key
</td>
<td class="configL3">
DH-Group 2 (1024 Bit)
</td>
<td class="configL3">
DH-Group 2 (1024 Bit)
</td>
<td class="configL3">
8 Hours
</td>
<td class="configL3">
8 Hours
</td>
<td class="configL3">
3DES
</td>
<td class="configL3">
3DES
</td>
<td class="configL3">
SHA-1
</td>
<td class="configL3">
SHA-1
</td>
<td class="configL3">
1 Hours
</td>
<td class="configL3">
1 Hours
</td>
<td class="configL3">
DH-Group 2 (1024 Bit)
</td>
<td class="configL3">
DH-Group 2 (1024 Bit)
</td>
<td class="configL3">
Disabled (RV120)
</td>
<td class="configL3">
Disabled (ShrewSoft)
</td>
After configuring the Cisco RV120 as per the GreenBox documentation, I moved on to the ShrewSoft VPN Client. I’ve captured each of the screens for the setup. The key setup points to watch are the settings for Local and Remote, as Local is the client and remote is the Cisco. The other key settings to watch is the Network Topology setting on the last tab. You need to remember to add the network topology that you want your client to route to.
Here is an annotated ShrewSoft VPN client conf file for reference.