?
Solved

Is it possible to set up a VPN Endpoint router behind my ISP's provided router?

Posted on 2004-04-28
8
Medium Priority
?
709 Views
Last Modified: 2010-04-12
Is it possible to set up a VPN Endpoint router behind my ISP's provided router?

My DSL provider only supports PPPoA for their protocol.  My Linksys WRV54G does not.  Therefore I must use the ActionTec DSL gateway that they provide.

I have it set up with the ISP's router connected to the DSL Line and a cable between it's LAN port and the WRV54G's WAN port.

The VPN tunnel works if I move the router to a different location where I can connect the WRV54G directly to the internet.

Site A (WRV54G Only)

WAN IP Address:
111.111.111.111

Local Secure Group:
10.0.1.0 255.255.255.0

Remote Secure Group:
10.0.0.0 255.255.255.0

Remote Gateway:
222.222.222.222

Site B (WRV54G plugged into ActionTec DSL Gateway)

ActionTec WAN IP Address:
222.222.222.222

ActionTec LAN IP Address:
192.168.0.1 255.255.255.0

ActionTec DMZ Host:
192.168.0.2

WRV54G WAN IP Address:
192.168.0.2 255.255.255.0

WRV54G WAN Gateway:
192.168.0.1

WRV54G LAN IP
10.0.0.1 255.255.255.0

Local Secure Group:
10.0.0.0 255.255.255.0

Remote Secure Group:
10.0.1.0 255.255.255.0

Remote Gateway:
111.111.111.111

Does the ActionTec need to support VPN Pass-Through?  If so will it handle more than one tunnel from the WRV54G?

Linksys can't seem to help me with this matter.  ActionTec deferrs me back to Qwest, and Qwest blames it on Linksys.

Please help.

Thanks
0
Comment
Question by:myersbr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
8 Comments
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10952814
Hmm try setting the action tec into transparent bridging mode you will find it in the advanced setup mode of the web interface. This will put the actiontec into straight modem mode and disable all firewall and routing. Then you should be able to setup your linksys.
0
 

Author Comment

by:myersbr
ID: 10958779
The answer I got from Qwest is that they don't support transparent bridging.  I tried it anyway, setting the Linksys to the Static IP, but had no luck.  My guess would be that if I used the Actiontec in transparent bridging mode, then my linksys would need to handle the authentication with Qwest.  Qwest is using PPPoA, and the Linksys doesn't support that protocol.

I spoke with Actiontec again yesterday and they told me that I would need a block of IP addresses from Qwest.  The Actiontec should then be set in unnumbered mode.  They said that the Actiontec would use one of the Intenet IP addesses, and I would set the Linksys to one of the other ones.  My interpretation of this is that the Actiontec would handle the PPPoA and pass the other addresses in the block to its ethernet port.

I plan to try it this weekend.
0
 
LVL 11

Accepted Solution

by:
ewtaylor earned 130 total points
ID: 10959085
Make sure you have the most recent firmware. I just had a radical idea if you move the linksys into the actiontec dmz you should be able to set it up as your vpn endpoint as well.
0
Limited time offer using promo code EXPERTS30

Designed with a wealth of functionality and convenience, ATEN's new Thunderbolt™ 2 Sharing Switch takes your Thunderbolt setup to the next level. Now through September 15, 2017, Experts Exchange members get 30% off the US7220 on the ATEN USA eShop using promo code EXPERTS30.

 
LVL 11

Expert Comment

by:ewtaylor
ID: 10959144
Darn just reread what you wrote and it looks like you already tried that. LEt me look more into how the transparent bridging works on the actiontec you may have to change the mac address on the linksys router to mimic that of the actiontec.
Found this though There are several known problems with the Actiontec 1520 as shipped from Qwest. We recommend upgrading the firmware (the software that runs the Actiontec 1520).
0
 
LVL 6

Assisted Solution

by:Technicon-SG
Technicon-SG earned 130 total points
ID: 10998530
myersbr,

My first recommendation would be to get rid of both units and replace them with a Netopia 3341-ENT or 3347W-ENT modem/router (the 3347W-ENT is much better and has wireless).  Both support PPPoA and VPN tunnels from the same unit...with a higher SLA.  I have seen the 3341 (which can be flashed to 3341-ENT) for as little as $2 on Ebay.

For your hardware:

VPN-Passthrough is irrelevent as it is designed for client VPN connections originating from the LAN side of the Actiontec.

I agree with ew that the bridging option would be the best choice...however only some routers are capable of Authentication & Bridging...which is why you need the actiontec router.  I also agree that the DMZ option should also work...however if it does not, you can forward all traffic from the Actiontec to the linksys.

I would start by turning off the firewall funtions in the Actiontech (you will rely on the linksys for high level firewalling)

This can be done in the Port forwarding screen.

forward 0 - 65535 tcp/udp to 192.168.0.2

this should forward all incoming traffic to the linksys.

There still might be another problem with ESP which uses protocol 50 and 51....if you try this and it does not work post agian.




0
 
LVL 11

Assisted Solution

by:ewtaylor
ewtaylor earned 130 total points
ID: 11261735
split ewtaylor/technicon-sb
0
 

Author Comment

by:myersbr
ID: 11261838
Sorry for the long delay guys.  The fix that we ended up using was to put the ActionTec in Unnumbered-Mode and use an IP address for the Linksys.  This worked well, and it allows me to remotely administer both devices.  It was explained to me from another source that the reason that DMZ or Port Forwarding won't work, is because the ActionTec changes the destination IP address in the Packet, but does not change the checksum.  Thanks for your help anyway.
0

Featured Post

ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question