Solved

Is it possible to set up a VPN Endpoint router behind my ISP's provided router?

Posted on 2004-04-28
8
702 Views
Last Modified: 2010-04-12
Is it possible to set up a VPN Endpoint router behind my ISP's provided router?

My DSL provider only supports PPPoA for their protocol.  My Linksys WRV54G does not.  Therefore I must use the ActionTec DSL gateway that they provide.

I have it set up with the ISP's router connected to the DSL Line and a cable between it's LAN port and the WRV54G's WAN port.

The VPN tunnel works if I move the router to a different location where I can connect the WRV54G directly to the internet.

Site A (WRV54G Only)

WAN IP Address:
111.111.111.111

Local Secure Group:
10.0.1.0 255.255.255.0

Remote Secure Group:
10.0.0.0 255.255.255.0

Remote Gateway:
222.222.222.222

Site B (WRV54G plugged into ActionTec DSL Gateway)

ActionTec WAN IP Address:
222.222.222.222

ActionTec LAN IP Address:
192.168.0.1 255.255.255.0

ActionTec DMZ Host:
192.168.0.2

WRV54G WAN IP Address:
192.168.0.2 255.255.255.0

WRV54G WAN Gateway:
192.168.0.1

WRV54G LAN IP
10.0.0.1 255.255.255.0

Local Secure Group:
10.0.0.0 255.255.255.0

Remote Secure Group:
10.0.1.0 255.255.255.0

Remote Gateway:
111.111.111.111

Does the ActionTec need to support VPN Pass-Through?  If so will it handle more than one tunnel from the WRV54G?

Linksys can't seem to help me with this matter.  ActionTec deferrs me back to Qwest, and Qwest blames it on Linksys.

Please help.

Thanks
0
Comment
Question by:myersbr
  • 4
  • 2
8 Comments
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10952814
Hmm try setting the action tec into transparent bridging mode you will find it in the advanced setup mode of the web interface. This will put the actiontec into straight modem mode and disable all firewall and routing. Then you should be able to setup your linksys.
0
 

Author Comment

by:myersbr
ID: 10958779
The answer I got from Qwest is that they don't support transparent bridging.  I tried it anyway, setting the Linksys to the Static IP, but had no luck.  My guess would be that if I used the Actiontec in transparent bridging mode, then my linksys would need to handle the authentication with Qwest.  Qwest is using PPPoA, and the Linksys doesn't support that protocol.

I spoke with Actiontec again yesterday and they told me that I would need a block of IP addresses from Qwest.  The Actiontec should then be set in unnumbered mode.  They said that the Actiontec would use one of the Intenet IP addesses, and I would set the Linksys to one of the other ones.  My interpretation of this is that the Actiontec would handle the PPPoA and pass the other addresses in the block to its ethernet port.

I plan to try it this weekend.
0
 
LVL 11

Accepted Solution

by:
ewtaylor earned 65 total points
ID: 10959085
Make sure you have the most recent firmware. I just had a radical idea if you move the linksys into the actiontec dmz you should be able to set it up as your vpn endpoint as well.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 11

Expert Comment

by:ewtaylor
ID: 10959144
Darn just reread what you wrote and it looks like you already tried that. LEt me look more into how the transparent bridging works on the actiontec you may have to change the mac address on the linksys router to mimic that of the actiontec.
Found this though There are several known problems with the Actiontec 1520 as shipped from Qwest. We recommend upgrading the firmware (the software that runs the Actiontec 1520).
0
 
LVL 6

Assisted Solution

by:Technicon-SG
Technicon-SG earned 65 total points
ID: 10998530
myersbr,

My first recommendation would be to get rid of both units and replace them with a Netopia 3341-ENT or 3347W-ENT modem/router (the 3347W-ENT is much better and has wireless).  Both support PPPoA and VPN tunnels from the same unit...with a higher SLA.  I have seen the 3341 (which can be flashed to 3341-ENT) for as little as $2 on Ebay.

For your hardware:

VPN-Passthrough is irrelevent as it is designed for client VPN connections originating from the LAN side of the Actiontec.

I agree with ew that the bridging option would be the best choice...however only some routers are capable of Authentication & Bridging...which is why you need the actiontec router.  I also agree that the DMZ option should also work...however if it does not, you can forward all traffic from the Actiontec to the linksys.

I would start by turning off the firewall funtions in the Actiontech (you will rely on the linksys for high level firewalling)

This can be done in the Port forwarding screen.

forward 0 - 65535 tcp/udp to 192.168.0.2

this should forward all incoming traffic to the linksys.

There still might be another problem with ESP which uses protocol 50 and 51....if you try this and it does not work post agian.




0
 
LVL 11

Assisted Solution

by:ewtaylor
ewtaylor earned 65 total points
ID: 11261735
split ewtaylor/technicon-sb
0
 

Author Comment

by:myersbr
ID: 11261838
Sorry for the long delay guys.  The fix that we ended up using was to put the ActionTec in Unnumbered-Mode and use an IP address for the Linksys.  This worked well, and it allows me to remotely administer both devices.  It was explained to me from another source that the reason that DMZ or Port Forwarding won't work, is because the ActionTec changes the destination IP address in the Packet, but does not change the checksum.  Thanks for your help anyway.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now