Can you do site-to-site RV042 vpn from a Hotel?

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by loudsubz, Mar 3, 2012.

  1. loudsubz

    loudsubz Addicted to LI Member

    Say if you bring an RV042 with you and have a couple of PCs connected, would you be able to establish a site to site vpn back to the office considering your already behind the NAT in the hotel and can't get any ports forwarded?

    Trying to get an idea if this would work or not.
  2. Sfor

    Sfor Network Guru Member

    It could be possible, depending on the capability of the NAT router in the hotel. The RV042 at the office can not be behind NAT, in such a case. I did something like that with two RV042 v1. I do not know if the RV042 v3 is able to do it, as well.
  3. loudsubz

    loudsubz Addicted to LI Member

    Ok so its possible but really depends on how locked down the NAT is, and what access policies they have in affect etc? The RV042 at the office is connected directly to WAN so its ok. What was your setup like to get them connected?

  4. Sfor

    Sfor Network Guru Member

    Well, it was quite a few years ago. As far as I remember I had to use "Dynamic IP + Domain Name(FQDN) Authentication". So, the router behind the NAT would not use own IP during the tunnel negotiation. Because of that, it will be possible to initiate connection from the router behind the NAT, only.
  5. Toxic

    Toxic Administrator Staff Member

    can you not install QuickVPN on the clients and try without the router in the hotel?
  6. loudsubz

    loudsubz Addicted to LI Member

    That would be another quick option. I was hoping to get the idea first, because we could apply it to other scenarios where the end user does not want to open holes in their firewall for certain ports that our network appliances would normally use, so if we could just add a site to site vpn established from the client side we could connect to the device. The devices run busybox and have no native vpn connection option built in, so a hardware site to site vpn would be our next option.
  7. Toxic

    Toxic Administrator Staff Member

    but putting site to site to a hotel room would be a no go as explained by yourself.

    IP Protocol 50 (not Port 50) ESP
    IP Protocol 51 (not Port 51) AH
    UDP 500 ISAKMP

    if you can confirm that any hotel your going to stay in has these enabled by default then yes it would work.

    Personally I'd use either the PPTP or QuickVPN server on the remote RV. Youcould also grab something like the RV200 or RV220W that support SSLVPN which is web browser based VPN. it works very well on my home setup.
  8. loudsubz

    loudsubz Addicted to LI Member

    Thanks I will look into those other routers too.
  9. Statick

    Statick Networkin' Nut Member

    i have a hotel site running a VPN to their software providers using an RV042. been running solidly for 2 years, never had any problems.
  10. DocLarge

    DocLarge Super Moderator Staff Member Member

    It's been a while since I tried this, but the main thing that would have to happen is that you'd need to ensure the hotel has "IPSEC PassThru" enabled on their router; the next thing is making sure to have ports forwarded from the hotel router to the router in your room in the event you had some applications that had certain needs (i.e., mail server, SSL access, etc...).

    It's not "impossible;" I'd lean more to it being "improbable" because not too many hotels are going to allow a guest to come in and "set up shop" inside their domain.

    FYI, a few years ago when I was still living in London, UK, Simon (Toxic), MSN (Eric Stewart) and I would set up vpn tunnels "from behind edge devices" with other Linksys routers we had at the time (I believe we were testing the WRV200/210) and had stable site-to-site IPSEC tunnels. Of course, this was only possible because we owned the edge devices :)

  11. Sfor

    Sfor Network Guru Member

    Wrv200 is very flexible, when it comes to IPSec G2G and NAT. But, it has plenty of other issues. I've been using WRV200/RV042 tunnels for many years with good results. But, WRV200 starts to behave strangely in some cases. I was unable to find the cause, to this day, so I did replace most of them with RV042 v1. I do not know about WRV210, however.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice