Configuring Point-t Page 1

Smart T

Configuring Protocol (PPPoint-to-Point Tunnelingvirtual private networksnetwork securely througMicrosoft Windows versiPhone.

Because the Cisco Smmost operating systemoffers a simple, quick, aresources to virtually anno export restriction on

PPTP is a Layer 2 tunnedescribed in RFC 2637.over TCP (TCP port 172(IP Protocol 47) operatintechnologies such as Sremains a popular netw

Featured Prod • Cisco RV110W W

in this documen • Cisco RV120W W • Cisco RV220W W • Cisco RV180/18

Key Features • Microsoft Challe

tunneled PPP traor EAP. In the CisPPP authenticatauthentication p

n (MPPE)—MPPE ped by Microsoft

PPP connections tunnel. MPPE works as a subfeature of (MPPC). MPPE uses the RC4 algorithm with

ys are derived from the cleartext r. MPPE requires MS-CHAPv1/v2 or EAP. PPE 128-bit key encryption as an advanced

tic WAN IP address is preferred because AN interface on the PPTP VPN router over the

ess is dynamically received from the Internet namic Domain Name Service (DDNS) service cess the PPTP VPN router. is highly recommended to encrypt the PPTP rmation transported over the tunnel. Cisco RV ption. MS-CHAPv2 should be used with MPPE ers should also be created on Cisco RV series

eparate network address should be allocated is example uses 192.168.11.0/24 for PPTP VPN 8.11.1. IP address 192.168.11.1 is used for PPTP o RV series router.

tation of PPTP VPN using a Cisco RV110W ternet users connect to the PPTP VPN router are then able to access internal servers and

protected from public access by a firewall

o-Point Tunneling Protocol (PPTP) VPN

uctsireless Network Security Firewall Router (used as an example

t)ireless-N Network VPN Firewall Routerireless-N Network Security Firewall Router

0W Wireless-N Multifunction VPN Firewall

nge Handshake Authentication Protocol (MS-CHAP)—The ffic can be authenticated with PAP, CHAP, Microsoft CHAP v1/v2 co Small Business RV Series router, MS-CHAPv2 is used for

ion. MS-CHAPv2 is a one-way encrypted password, mutual rocess.

• PPTP VPN Client IP Address— A sfor PPTP VPN client IP address. Thclient IP address excluding 192.16VPN server IP address on the Cisc

Network DiagramFigure 1 illustrates a sample implemenSeries small business router. Remote Inthrough a secure PPTP VPN tunnel andnetwork resources, which are typicallyrunning on the Cisco WAN router.

ips

Point-to-Point Tunneling TP) VPN Protocol (PPTP) is a networking technology that supports

(VPN), enabling remote users to access their company h the Internet. The PPTP VPN client comes native with all the ions, Macintosh OS X, Linux, and mobile devices such as the

all Business RV Series router supports the PPTP server, and s have a built-in PPTP VPN client, the PPTP VPN solution nd secure way for small businesses to extend network y remote user who has access to the Internet. There is also

cryptographic technology for PPTP VPN.

ling protocol that tunnels the IP packet. The PPTP protocol is PPTP works on a client server model, using a control channel 3) and a Generic Routing Encapsulation (GRE) tunnel g to encapsulate PPP packets. Although later VPN

SL VPN and IPsec VPN are more secure than PPTP, PPTP ork protocol across different platforms.

• Microsoft Point-to-Point Encryptiois an encryption technology develoto encrypt the PPP payload. Thesecan be over a dialup line or a VPN Microsoft Point-to-Point Compresseither 40-bit or 128-bit keys. All keauthentication password of the useCisco RV Series routers support Msetting.

Design Tips • WAN IP Address and DDNS—A sta

remote users need to access the Wpublic network. If the WAN IP addrservice provider (ISP), configure Dyand use the router host name to ac

• Encryption and Authentication—It packet payload and secure the infoseries can use MPPE 128 bit encryas authentication method. PPTP usrouter.

PN Server on a Cisco Small Business S

Co Page 2

Thdinth

Fi

CSPPof

1

2

3

EIfsinu

Des

ic DNS to configure the DDNS settings (see art Tips: Enabling WAN Public Access with

regation Group (LAG) Topology

N Server first on the Cisco RV Series router, and the n the router.

check the box to enable PPTP Server. (See

e PPTP server and client. This example uses 192.168.11.100 for the beginning IP address f PPTP clients will be automatically filled in).

PE Encryption. Encryption is highly

TP client account name and password. Make ct PPTP for Protocol.

nfiguring Point-to-Point Tunneling Protocol (PPTP) VPN

configured correctly. Inter-VLAN routing and trunking should work for each VLAN. DHCP service for each VLAN should be functional.

. Ensure the connectivity of internal PCs, servers, and other IP devices to the LAN switch or the switch ports on the RV router. Verify that PCs and servers can communicate with each other and can access the public Internet.

nabling the DDNS (Optional) a static WAN IP address is used or the Dynamic Domain Name System (DDNS) ervice on the WAN router is already configured, skip this step. When the WAN terface receives a dynamic IP address from the service provider, DDNS can be

sed for client to access the PPTP VPN server using host name.

Step 3 Check the box to enable MPrecommended.

Step 4 Click Add Row to add the PPsure to check the enable box and sele

Configuring PPTP Vmart Tips for Small Businesses

e Cisco WAN router also provides routing between different VLANs, including a ata VLAN (30), voice VLAN (40), and management VLAN (60). In this example, an ternal web server (10.1.30.100) and an IP video camera (10.1.30.110) are placed in e data VLAN.

gure 1 PPTP VPN with a Cisco RV220 Small Business Router

onfiguring PPTP VPN Server on a Cisco mall Business RV110W Router reconfiguration Checklist

lease refer to the RV110W Administrator Guide to complete the initial configuration the RV110W router.

. Ensure the WAN router has active Internet connections. Network Address Translation (NAT) and the firewall should be in place.

. Ensure the LAN connectivity between router, switch, and local IP devices. Data, voice and management VLANs on the RV router and switches should be

2140

33

WANRouter

Main OfficeRemote Users

Internal Web Server:10.1.30.83

Data VLAN:10.1.30.0/24Voice VLAN: 10.1.40.0/24

PPT VPN Tunnelktop PC

LaptopIP Camera Video: 10.1.30.110

WAN IP: Dynamic (e.g. 171.71.233.166)DDNS Host: rv110w.dyndns.org

SSL VPN IP Address: 192.168.2.0/24

LANInternet

Step 1 Go to Networking > DynamFigure 2). For more details, refer to SmDDNS and Port Forwarding.

Figure 2 Small Business Link Agg

Configuring the PPTP VPThe PPTP server needs to be enableduser account should also be created o

Step 1 Go to VPN > VPN Clients andFigure 3.)

Step 2 Change the IP address for th192.168.11.1 for the PPTP server and of PPTP clients. (The end IP address o

PN Server on a Cisco Small Business S

Co Page 3

Fi

CPAst

SopcoA

Fi

S

a

b

c

d

e window, do the following:

ame of the PPTP VPN server (see Figure 5.) dress rv110w.dyndns.org.

ce

for the PPTP client (see Figure 6) and click

nfiguring Point-to-Point Tunneling Protocol (PPTP) VPN

tep 2 In the Network and Sharing Center, do the following:

. Select Setup a new connection or network.

. In the popup window, select Connect to a workplace (Set up a dial-up or VPN connection to your workplace.

. Click Next.

. Select Use my Internet Connection (VPN).

Configuring PPTP Vmart Tips for Small Businesses

gure 3 PPTP Configuration Screen

onnecting to the PPTP Server from Windows 7 C/Laptop

ll Windows operating systems have a built-in PPTP client. This section provides ep-by-step instructions on how to use the PPTP client in Windows 7.

tep 1 From the Windows 7 client PC or laptop that is connected to the Internet, en the Network and Sharing Center by clicking the system tray icon for network nnection (see Figure 4) and selecting Open Network and Sharing Center.

lternatively, launch the Network and Sharing Center from the control panel.

gure 4 System Tray Icon for Wired Connection (left) and Wireless Connection (right)

Step 3 In the Connect to a Workplac

a. Input the Internet address or host nThis example uses the Internet ad

Figure 5 Connecting to a Workpla

b. Click Next.c. Input the user name and password

Connect.

PN Server on a Cisco Small Business S

Co Page 4

Fi

Ssucoan

SneD

Fi

the following:

e 8).

Authentication Protocol (CHAP), keep HAP v2) selected, and make sure the data

(disconnect if server declines). tion.

n system tray icon as you did in Step 1 and

d PPTP VPN in this example).

e login window pops up (see Figure 9). Input click Connect button. The connection should

nfiguring Point-to-Point Tunneling Protocol (PPTP) VPN

Step 7 Click the Network Connectiodo the following:

a. Click the PPTP connection (name

b. Left-click and select Connect. Ththe user name and password and be successful.

Configuring PPTP Vmart Tips for Small Businesses

gure 6 Entering User Name and Password

tep 4 The connection may fail and show the error “The local computer does not pport the required data encryption type”. Ignore this error and click Setup the nnection anyway to complete the initial setup. You will adjust the authentication d encryption settings manually.

tep 5 Click the network connection system tray icon as you did in Step 1. The wly created PPTP connection (named PPTP VPN in this example) appears in

ial-up and VPN category. Right-click and select Properties.(see Figure 7).

gure 7 Currently Connected To

Step 6 In the Properties window, do

a. Select the Security tab (see Figur

b. De-select Challenge HandshakeMicrosoft CHAP Version 2 (MS-Cencryption is Require encryption

c. Click OK to complete the modifica

Figure 8 PPTP VPNJ Properties

PN Server on a Cisco Small Business S

Co Page 5

Fi

c

Fi

er from Mac OS 10.5m Preference > Network, and click the '+' ion.

t/input the following:

(in this example, VPN PPTP).

re 12), do the following:

address or host name. In this example, it is

TP VPN client user name.

sure the Encryption is Automatic (128 bit or menu bar is selected.

nfiguring Point-to-Point Tunneling Protocol (PPTP) VPN

Step 3 In the next window (see Figu

a. For Server address, type in the IPrv110w.dyndns.org.

b. For Account Name, type in the PP

c. Keep other default options; make 40 bit) and Show VPN status in

d. Click Apply.

Configuring PPTP Vmart Tips for Small Businesses

gure 9 Connect PPTP VPN Login

. Once the PPTP VPN connects, right-click the PPTP connection and select Status. In the Status window (see Figure 10), select the Details tab.The screen shows the correct encryption and authentication type and the assigned client IP address. In this example, the PPTP client use MS CHAPv2 for authentication, MPPE 128 for encryption, and 192.168.11.100 for client IP address.

gure 10 PPTP VPN Status—Details

Connecting to PPTP ServStep 1 Select Apple Menu > Systebutton to add a new Network Connect

Step 2 In the Network window, selec

a. For Interface, select VPN.

b. For VPN Type, select PPTP.

c. For Service Name, type any name

d. Click Create button to continue.

Figure 11 Network Connection

PN Server on a Cisco Small Business S

Co Page 6

Fi e Options tab, make sure to check Send all OK.

have Mac OS save your password, click nd enter the password. (See Figure 14.)

nfiguring Point-to-Point Tunneling Protocol (PPTP) VPN

Configuring PPTP Vmart Tips for Small Businesses

gure 12 Network Configuration Step 4 Click Advanced and under thtraffic over VPN (see Figure 13). Click

Figure 13 Network Options

Step 5 (Optional) If you would like tothe Authentication Settings button a

PN Server on a Cisco Small Business S

Co Page 7

Fi

Yoto

CDAopst

SVSin

a

b

c

d

e

f

ngs

e option to turn VPN on or off appears in the

t the desired VPN connection, and turn the

nfiguring Point-to-Point Tunneling Protocol (PPTP) VPN

PN Configuration.

tep 2 In the Add Configuration page (see Figure 15), select the PPTP tab, and put the following:

. For Description, input a name for this VPN connection; for example, RV180.

. For Server, input the PPTP VPN server name (RV router DNS or DDNS name) or IP address (RV router WAN IP address).

. For Account, input the PPTP client username.

. For Password, input the PPTP client password.

. Keep other default settings (RSA SecurID = Off, Encryption Level = Auto, Send All Traffic = On, Proxy = Off ).

. Click Save to save the configuration.

Configuring PPTP Vmart Tips for Small Businesses

gure 14 Authentication Settings

u have successfully set up your PPTP VPN connection. Click Connect to connect the PPTP VPN server.

onnecting to the PPTP Server from Apple iOS Mobile evice

pple mobile devices such as iPhones, iPads, and iPod Touches that run the iOS erating system have a built-in PPTP VPN client. This section provides

ep-by-step instructions on how to use the PPTP VPN client in the iPhone.

tep 1 Choose Settings > General > Network > VPN, and then choose Add

Figure 15 Add Configuration Setti

After the VPN connection is created, thmain Settings screen.

Step 3 Go to Settings > VPN, selecVPN On, as shown in Figure 16.

Figure 16 VPN Settings

Co Page 8

Configuring PPTP VPN Server on a Cisco Small Business Sm

AftCo

Whin F

Fig

VP

SteVP

For basic information on how to configure the iPhone, iPad, or iPod Touch to use VPN, see the User Guide for your device from Apple.com, as well as iOS devices that work with VPN servers that support these protocols and authentication methods.

nitoring PPTP VPN Connections on Server administrator can go to Status > VPN Status to view the status of all the active P VPN clients (see Figure 18). The status information includes users name, PPTP t IP address, status, start and end time, duration, and protocol. The administrator

also use the Disconnect button to terminate each connection.

re 18 VPN Status

Cis s. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third-party trad nership relationship between Cisco and any other company. (1005R)

© 2

nfiguring Point-to-Point Tunneling Protocol (PPTP) VPN

N Off.

co and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countrieemarks mentioned are the property of their respective owners. The use of the word partner does not imply a part

012 Cisco Systems, Inc. All rights reserved.

art Tips for Small Businesses

er the VPN client is successfully connected to the VPN server, the status shows nnected with the VPN connection up time.

en you are connected using VPN, the VPN icon appears in the status bar, as shown igure 17

ure 17 VPN Appears in Status Bar

N works over both Wi-Fi and cellular data network connections.

p 4 To disconnect the current VPN connection, go to Settings > VPN to turn the

Note

MoThe PPTcliencan

Figu