IPsec, SSL and PPTP are the supported VPN methods on the RV320. The RV320 will support up to 50 IPsec tunnels, including IPsec Site-to-Site and Client-to-Site tunnels, plus (not mentioned in Cisco's specs) 30 additional IPsec Easy VPN tunnels, which are established using the Cisco VPN client. Further, the RV320 supports 10 SSL tunnels and 10 PPTP tunnels.
Configuring an IPsec tunnel was straightforward. The RV320 supports DES, 3DES, 128/192/256 AES encryption, MD5 and SHA-1 authentication, as well as most typical Phase 1 and Phase 2 IPsec options. As mentioned earlier, all the IPsec configuration options on the RV320 are available on a single page, which helps keep track of selected options.
Using 256-bit AES encryption and SHA-1 authentication protocols, I was able to concurrently establish an IPsec Site-to-Site tunnel with a Cisco ISA550W and Zyxel Zywall 110, as well as an IPsec Client-to-Site tunnel to a PC running the Shrew Soft IPsec client. The screen shot below shows all three tunnels connected.
The RV320 includes Cisco's VPN client software on a utilities disk for Easy VPN connectivity. According to the RV320 manual, the version 18.104.22.168 Cisco VPN client on the disk supports Win 7 (32-bit and 64-bit), Windows Vista (32-bit and 64-bit), and Windows XP (32-bit). Older versions of the Cisco VPN client support Mac OS 10.4 and 10.5, as well as Linux.
I was able to establish an Easy VPN tunnel with the RV320 using the Cisco VPN client with a Win 7 64-bit PC by following the instructions in the RV320 manual. My RV320 configs for the Cisco VPN client are shown below.
The RV320 admin guide states TheGreenBow IPsec VPN client is also supported. As mentioned above, I found ShrewSoft's IPsec VPN client also works with the RV320.
Configuring the RV320 for SSL VPN wasn't too difficult, just click a checkbox in the firewall menu to enable SSL VPN, add a Mobile user name and password in the user management menu and enable the SSL Mobile user group. Configuring a client for SSL VPNs is supposed to be even easier, but I had trouble due to the virtual passage adapter/driver that should automatically install on the client PC.
I was able to establish an SSL VPN tunnel from a Windows 7 32-bit PC to the RV320. However, I couldn’t get an SSL VPN tunnel to work on a Windows 8.1 64-bit PC, a Windows 7 64-bit PC, or a Mac OS 10.6.8 PC. In each case, I saw error messages on my PCs regarding the virtual passage driver. Below is a screenshot of the error message from my Win 7 64-bit PC.
SSL Driver Error
For Mac OS, I was told to log in as root to install the virtual passage driver. Last, Cisco told me they have verified SSL VPN with the RV320 with the following operating systems and browsers:
- Win7 32 bit with IE9 and Firefox
- Win7 64 bit with IE9 (64bit)
- Linux (Ubuntu) with Firefox
- Mac OS(10.7.5) with Safari
- Mac OS (10.8.2, 64bit) with Firefox, Safari, Chrome
With this new information, I downgraded my Win 7 64-bit PC to IE9 and followed Cisco's guidance, but had no luck. Perhaps the problem was in my PC. However, I recently had SSL VPNs working with this same Win 7 64-bit PC to both the Cisco ISA550W and the Zywall 110. Interestingly, neither the ISA550W or the Zywall 110 use the virtual passage driver.
I had better success with PPTP VPN tunnels. All I had to do on the RV320 was enable PPTP with a single checkbox. The user name I created for remote access above worked on PPTP, so I didn't have to add a new one.
I had no problem establishing a PPTP connection to the RV320 from all my Windows PCs, my MAC, and an iPhone. Below is a screenshot from the RV320 showing an active PPTP connection.
Cisco rates the RV320 capable of 100 Mbps IPsec throughput for UDP traffic. I tested the RV320's VPN performance with TCP traffic, which is the protocol used for common network applications like web browsers and email clients and also my VPN performance test standard.
I used iperf as my throughput measuring tool with default TCP settings, a TCP window size of 8 KB and no other options. I ran iperf on two PCs running 64-bit Windows with their software firewall disabled over a Gigabit network. (Running a simple iperf throughput test between two PCs uses the command iperf -s -w 8k on one PC and iperf -c (ip) -w 8k on the other PC.)
Table 3 summarizes my peak throughput measurements for each VPN tunnel type.
|IPsec Site to Site||39.4||55.3|
Table 3: VPN Performance summary
The RV320's IPsec VPN measurements of 39.4 / 55.3 Mbps for a Site-to-Site IPsec tunnel were achieved with a ZyWALL 110, which I recently measured as capable of 61.3 / 72.5 Mbps.
The IPsec Client throughput numbers of 8.6 / 56.0 Mbps are with the Cisco VPN Client. I also tested IPsec Client throughput with the Shrew Soft VPN client and got slightly different numbers of 11.5 / 52.7 Mbps.
PPTP and SSL VPN throughput were a bit more symmetrical and closer to what Cisco reported. Cisco told me they measured PPTP above 20 Mbps and SSL VPN around 18 Mbps. As you can see in the table, I measured the RV320 PPTP performance at 20.9 / 22.7 Mbps and SSL performance at 10.7 / 15.2 Mbps.
To summarize my VPN impressions of the RV320, I found the configurations on the router to be easy and IPsec and PPTP VPN tunnels worked well. Based on my tests, the RV320 IPsec throughput isn't significantly faster than Cisco's RV180 or RV220W, which I measured at 39.7 / 50.9 Mbps and 38.3 / 49.3 Mbps.
On the downside, SSL VPN connectivity on the RV320 was a bummer; I could only get it working on Win 7 32-bit. Fortunately, both Quick VPN and PPTP connectivity on the RV320 worked well and provide good options for remote connectivity.