Solved

Is it possible to set up a VPN Endpoint router behind my ISP's provided router?

Posted on 2004-04-28
8
706 Views
Last Modified: 2010-04-12
Is it possible to set up a VPN Endpoint router behind my ISP's provided router?

My DSL provider only supports PPPoA for their protocol.  My Linksys WRV54G does not.  Therefore I must use the ActionTec DSL gateway that they provide.

I have it set up with the ISP's router connected to the DSL Line and a cable between it's LAN port and the WRV54G's WAN port.

The VPN tunnel works if I move the router to a different location where I can connect the WRV54G directly to the internet.

Site A (WRV54G Only)

WAN IP Address:
111.111.111.111

Local Secure Group:
10.0.1.0 255.255.255.0

Remote Secure Group:
10.0.0.0 255.255.255.0

Remote Gateway:
222.222.222.222

Site B (WRV54G plugged into ActionTec DSL Gateway)

ActionTec WAN IP Address:
222.222.222.222

ActionTec LAN IP Address:
192.168.0.1 255.255.255.0

ActionTec DMZ Host:
192.168.0.2

WRV54G WAN IP Address:
192.168.0.2 255.255.255.0

WRV54G WAN Gateway:
192.168.0.1

WRV54G LAN IP
10.0.0.1 255.255.255.0

Local Secure Group:
10.0.0.0 255.255.255.0

Remote Secure Group:
10.0.1.0 255.255.255.0

Remote Gateway:
111.111.111.111

Does the ActionTec need to support VPN Pass-Through?  If so will it handle more than one tunnel from the WRV54G?

Linksys can't seem to help me with this matter.  ActionTec deferrs me back to Qwest, and Qwest blames it on Linksys.

Please help.

Thanks
0
Comment
Question by:myersbr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
8 Comments
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10952814
Hmm try setting the action tec into transparent bridging mode you will find it in the advanced setup mode of the web interface. This will put the actiontec into straight modem mode and disable all firewall and routing. Then you should be able to setup your linksys.
0
 

Author Comment

by:myersbr
ID: 10958779
The answer I got from Qwest is that they don't support transparent bridging.  I tried it anyway, setting the Linksys to the Static IP, but had no luck.  My guess would be that if I used the Actiontec in transparent bridging mode, then my linksys would need to handle the authentication with Qwest.  Qwest is using PPPoA, and the Linksys doesn't support that protocol.

I spoke with Actiontec again yesterday and they told me that I would need a block of IP addresses from Qwest.  The Actiontec should then be set in unnumbered mode.  They said that the Actiontec would use one of the Intenet IP addesses, and I would set the Linksys to one of the other ones.  My interpretation of this is that the Actiontec would handle the PPPoA and pass the other addresses in the block to its ethernet port.

I plan to try it this weekend.
0
 
LVL 11

Accepted Solution

by:
ewtaylor earned 65 total points
ID: 10959085
Make sure you have the most recent firmware. I just had a radical idea if you move the linksys into the actiontec dmz you should be able to set it up as your vpn endpoint as well.
0
How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

 
LVL 11

Expert Comment

by:ewtaylor
ID: 10959144
Darn just reread what you wrote and it looks like you already tried that. LEt me look more into how the transparent bridging works on the actiontec you may have to change the mac address on the linksys router to mimic that of the actiontec.
Found this though There are several known problems with the Actiontec 1520 as shipped from Qwest. We recommend upgrading the firmware (the software that runs the Actiontec 1520).
0
 
LVL 6

Assisted Solution

by:Technicon-SG
Technicon-SG earned 65 total points
ID: 10998530
myersbr,

My first recommendation would be to get rid of both units and replace them with a Netopia 3341-ENT or 3347W-ENT modem/router (the 3347W-ENT is much better and has wireless).  Both support PPPoA and VPN tunnels from the same unit...with a higher SLA.  I have seen the 3341 (which can be flashed to 3341-ENT) for as little as $2 on Ebay.

For your hardware:

VPN-Passthrough is irrelevent as it is designed for client VPN connections originating from the LAN side of the Actiontec.

I agree with ew that the bridging option would be the best choice...however only some routers are capable of Authentication & Bridging...which is why you need the actiontec router.  I also agree that the DMZ option should also work...however if it does not, you can forward all traffic from the Actiontec to the linksys.

I would start by turning off the firewall funtions in the Actiontech (you will rely on the linksys for high level firewalling)

This can be done in the Port forwarding screen.

forward 0 - 65535 tcp/udp to 192.168.0.2

this should forward all incoming traffic to the linksys.

There still might be another problem with ESP which uses protocol 50 and 51....if you try this and it does not work post agian.




0
 
LVL 11

Assisted Solution

by:ewtaylor
ewtaylor earned 65 total points
ID: 11261735
split ewtaylor/technicon-sb
0
 

Author Comment

by:myersbr
ID: 11261838
Sorry for the long delay guys.  The fix that we ended up using was to put the ActionTec in Unnumbered-Mode and use an IP address for the Linksys.  This worked well, and it allows me to remotely administer both devices.  It was explained to me from another source that the reason that DMZ or Port Forwarding won't work, is because the ActionTec changes the destination IP address in the Packet, but does not change the checksum.  Thanks for your help anyway.
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question