Solved

Assistance in setting up a vpn

Posted on 2004-08-13
4
221 Views
Last Modified: 2011-09-20
I am having a problem getting my head round setting up a vpn.First time trying it and having no success so far.Does anybody have a step by step guide how to set one up through an adsl vpn router?I would be very grateful for any help anyone can give.
0
Comment
Question by:resolveitltd
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Yan_west
ID: 11792446
Give us the brand and model 1st :)
0
 

Author Comment

by:resolveitltd
ID: 11792550
We have 2 x Level One FBR1407A adsl modem/vpn router.
0
 
LVL 7

Expert Comment

by:pedrow
ID: 11857598
I'm not sure about the specifics of that particular router, but vpns (and I'm talking IPSec vpn's in particular), generally are composed of the same components.

First, let's understand what a vpn tunnel does and how it functions.

Let's start with you having two sites, each with a router that has a LAN and some sort of WAN connectivity (T-1, cable modem, doesn't really matter).

The idea of the tunnel is that you want the two LANs at the two sites to talk to each other securely.

So, tunnels, in a very general sense, are built by taking LAN-A's traffic that's destined for LAN-B, and wrapping it up (encapsulation) inside a new IP packet that has a source address of WAN-A and a destination of WAN-B, where the wrapper gets stripped off and delivered to the destination on LAN-B.

IPSec vpn's use these basic concepts by taking that encapsulated traffic and encrypting it. In order to get this to work, the two routers need to negotiate and agree on what encryption protocols to use, what passwords are being used and what what networks should each router be routing through this VPN tunnel.

IPSec tunnels generally work in two modes, transport and tunnel. Tunnel is when you use your laptop to 'vpn' into work. Transport mode is generally something you have between two routers/firewalls/vpn devices to create a virtual circuit to route traffic between two or more networks, which is what you want.

It consists of a few definitions:
The endpoints of the tunnels( the WAN-X ip addresses)
The networks that should be routed (from LAN-A to LAN-B, and vice-verse)
The encryption algorithm for the data transfer (3DES, AES, etc...)
a Hashing algorithm for the handshake/building/maintenance of the tunnel (usually SHA1 or MD5)
a password (pre-shared secret).

Generally the idea is that both routers need to agree on these things in order for it to work. The exception being that the destinations of the tunnels and the source- and destination-networks should be reflexive (A points to B and B points to A).

Usually the problems with building VPN tunnels comes from unknown/dynamic tunnel destinations or sources. Provided you've got static addresses, it's pretty straighforward. You define where tunnel traffic will be coming from, what network sources it would be seeing, passwords match, encryption/hashing and the rest all matches and you should see some action.

Does this help?

So, for example, let's say we have Router-A (which has LAN-A and WAN-A) and Router-B (with similar attributes).

0
 
LVL 7

Accepted Solution

by:
pedrow earned 500 total points
ID: 11857604
sorry...i should edit better before posting...
> So, for example, let's say we have Router-A (which has LAN-A and WAN-A) and Router-B (with similar attributes).

was an abandoned train of thought ...

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question