resolveitltd
asked on
Assistance in setting up a vpn
I am having a problem getting my head round setting up a vpn.First time trying it and having no success so far.Does anybody have a step by step guide how to set one up through an adsl vpn router?I would be very grateful for any help anyone can give.
Give us the brand and model 1st :)
ASKER
We have 2 x Level One FBR1407A adsl modem/vpn router.
I'm not sure about the specifics of that particular router, but vpns (and I'm talking IPSec vpn's in particular), generally are composed of the same components.
First, let's understand what a vpn tunnel does and how it functions.
Let's start with you having two sites, each with a router that has a LAN and some sort of WAN connectivity (T-1, cable modem, doesn't really matter).
The idea of the tunnel is that you want the two LANs at the two sites to talk to each other securely.
So, tunnels, in a very general sense, are built by taking LAN-A's traffic that's destined for LAN-B, and wrapping it up (encapsulation) inside a new IP packet that has a source address of WAN-A and a destination of WAN-B, where the wrapper gets stripped off and delivered to the destination on LAN-B.
IPSec vpn's use these basic concepts by taking that encapsulated traffic and encrypting it. In order to get this to work, the two routers need to negotiate and agree on what encryption protocols to use, what passwords are being used and what what networks should each router be routing through this VPN tunnel.
IPSec tunnels generally work in two modes, transport and tunnel. Tunnel is when you use your laptop to 'vpn' into work. Transport mode is generally something you have between two routers/firewalls/vpn devices to create a virtual circuit to route traffic between two or more networks, which is what you want.
It consists of a few definitions:
The endpoints of the tunnels( the WAN-X ip addresses)
The networks that should be routed (from LAN-A to LAN-B, and vice-verse)
The encryption algorithm for the data transfer (3DES, AES, etc...)
a Hashing algorithm for the handshake/building/mainten
a password (pre-shared secret).
Generally the idea is that both routers need to agree on these things in order for it to work. The exception being that the destinations of the tunnels and the source- and destination-networks should be reflexive (A points to B and B points to A).
Usually the problems with building VPN tunnels comes from unknown/dynamic tunnel destinations or sources. Provided you've got static addresses, it's pretty straighforward. You define where tunnel traffic will be coming from, what network sources it would be seeing, passwords match, encryption/hashing and the rest all matches and you should see some action.
Does this help?
So, for example, let's say we have Router-A (which has LAN-A and WAN-A) and Router-B (with similar attributes).
First, let's understand what a vpn tunnel does and how it functions.
Let's start with you having two sites, each with a router that has a LAN and some sort of WAN connectivity (T-1, cable modem, doesn't really matter).
The idea of the tunnel is that you want the two LANs at the two sites to talk to each other securely.
So, tunnels, in a very general sense, are built by taking LAN-A's traffic that's destined for LAN-B, and wrapping it up (encapsulation) inside a new IP packet that has a source address of WAN-A and a destination of WAN-B, where the wrapper gets stripped off and delivered to the destination on LAN-B.
IPSec vpn's use these basic concepts by taking that encapsulated traffic and encrypting it. In order to get this to work, the two routers need to negotiate and agree on what encryption protocols to use, what passwords are being used and what what networks should each router be routing through this VPN tunnel.
IPSec tunnels generally work in two modes, transport and tunnel. Tunnel is when you use your laptop to 'vpn' into work. Transport mode is generally something you have between two routers/firewalls/vpn devices to create a virtual circuit to route traffic between two or more networks, which is what you want.
It consists of a few definitions:
The endpoints of the tunnels( the WAN-X ip addresses)
The networks that should be routed (from LAN-A to LAN-B, and vice-verse)
The encryption algorithm for the data transfer (3DES, AES, etc...)
a Hashing algorithm for the handshake/building/mainten
a password (pre-shared secret).
Generally the idea is that both routers need to agree on these things in order for it to work. The exception being that the destinations of the tunnels and the source- and destination-networks should be reflexive (A points to B and B points to A).
Usually the problems with building VPN tunnels comes from unknown/dynamic tunnel destinations or sources. Provided you've got static addresses, it's pretty straighforward. You define where tunnel traffic will be coming from, what network sources it would be seeing, passwords match, encryption/hashing and the rest all matches and you should see some action.
Does this help?
So, for example, let's say we have Router-A (which has LAN-A and WAN-A) and Router-B (with similar attributes).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.