Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 711
  • Last Modified:

Is it possible to set up a VPN Endpoint router behind my ISP's provided router?

Is it possible to set up a VPN Endpoint router behind my ISP's provided router?

My DSL provider only supports PPPoA for their protocol.  My Linksys WRV54G does not.  Therefore I must use the ActionTec DSL gateway that they provide.

I have it set up with the ISP's router connected to the DSL Line and a cable between it's LAN port and the WRV54G's WAN port.

The VPN tunnel works if I move the router to a different location where I can connect the WRV54G directly to the internet.

Site A (WRV54G Only)

WAN IP Address:
111.111.111.111

Local Secure Group:
10.0.1.0 255.255.255.0

Remote Secure Group:
10.0.0.0 255.255.255.0

Remote Gateway:
222.222.222.222

Site B (WRV54G plugged into ActionTec DSL Gateway)

ActionTec WAN IP Address:
222.222.222.222

ActionTec LAN IP Address:
192.168.0.1 255.255.255.0

ActionTec DMZ Host:
192.168.0.2

WRV54G WAN IP Address:
192.168.0.2 255.255.255.0

WRV54G WAN Gateway:
192.168.0.1

WRV54G LAN IP
10.0.0.1 255.255.255.0

Local Secure Group:
10.0.0.0 255.255.255.0

Remote Secure Group:
10.0.1.0 255.255.255.0

Remote Gateway:
111.111.111.111

Does the ActionTec need to support VPN Pass-Through?  If so will it handle more than one tunnel from the WRV54G?

Linksys can't seem to help me with this matter.  ActionTec deferrs me back to Qwest, and Qwest blames it on Linksys.

Please help.

Thanks
0
myersbr
Asked:
myersbr
  • 4
  • 2
3 Solutions
 
ewtaylorCommented:
Hmm try setting the action tec into transparent bridging mode you will find it in the advanced setup mode of the web interface. This will put the actiontec into straight modem mode and disable all firewall and routing. Then you should be able to setup your linksys.
0
 
myersbrAuthor Commented:
The answer I got from Qwest is that they don't support transparent bridging.  I tried it anyway, setting the Linksys to the Static IP, but had no luck.  My guess would be that if I used the Actiontec in transparent bridging mode, then my linksys would need to handle the authentication with Qwest.  Qwest is using PPPoA, and the Linksys doesn't support that protocol.

I spoke with Actiontec again yesterday and they told me that I would need a block of IP addresses from Qwest.  The Actiontec should then be set in unnumbered mode.  They said that the Actiontec would use one of the Intenet IP addesses, and I would set the Linksys to one of the other ones.  My interpretation of this is that the Actiontec would handle the PPPoA and pass the other addresses in the block to its ethernet port.

I plan to try it this weekend.
0
 
ewtaylorCommented:
Make sure you have the most recent firmware. I just had a radical idea if you move the linksys into the actiontec dmz you should be able to set it up as your vpn endpoint as well.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
ewtaylorCommented:
Darn just reread what you wrote and it looks like you already tried that. LEt me look more into how the transparent bridging works on the actiontec you may have to change the mac address on the linksys router to mimic that of the actiontec.
Found this though There are several known problems with the Actiontec 1520 as shipped from Qwest. We recommend upgrading the firmware (the software that runs the Actiontec 1520).
0
 
Technicon-SGCommented:
myersbr,

My first recommendation would be to get rid of both units and replace them with a Netopia 3341-ENT or 3347W-ENT modem/router (the 3347W-ENT is much better and has wireless).  Both support PPPoA and VPN tunnels from the same unit...with a higher SLA.  I have seen the 3341 (which can be flashed to 3341-ENT) for as little as $2 on Ebay.

For your hardware:

VPN-Passthrough is irrelevent as it is designed for client VPN connections originating from the LAN side of the Actiontec.

I agree with ew that the bridging option would be the best choice...however only some routers are capable of Authentication & Bridging...which is why you need the actiontec router.  I also agree that the DMZ option should also work...however if it does not, you can forward all traffic from the Actiontec to the linksys.

I would start by turning off the firewall funtions in the Actiontech (you will rely on the linksys for high level firewalling)

This can be done in the Port forwarding screen.

forward 0 - 65535 tcp/udp to 192.168.0.2

this should forward all incoming traffic to the linksys.

There still might be another problem with ESP which uses protocol 50 and 51....if you try this and it does not work post agian.




0
 
ewtaylorCommented:
split ewtaylor/technicon-sb
0
 
myersbrAuthor Commented:
Sorry for the long delay guys.  The fix that we ended up using was to put the ActionTec in Unnumbered-Mode and use an IP address for the Linksys.  This worked well, and it allows me to remotely administer both devices.  It was explained to me from another source that the reason that DMZ or Port Forwarding won't work, is because the ActionTec changes the destination IP address in the Packet, but does not change the checksum.  Thanks for your help anyway.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now