Solved

VPN Connection Between ZyXel ZyWALL 10W and Linksys WRV54G

Posted on 2004-10-19
9
1,173 Views
Last Modified: 2010-05-18
I am trying to establish a VPN connection between two devices: a ZyXel ZyWALL 10W and a Linksys WRV54G.

The ZyXel resides in my office and serves as the company firewall. The Linksys is at my home and I want to use it to access the corporate network.

How do I establish a VPN connection between these two devices?

Also, once a connection is established between these two hardware devices, what steps do you take to share files and access program via this connection.

Thanks,

Todd
0
Comment
Question by:tstellfox
  • 4
  • 2
9 Comments
 
LVL 2

Expert Comment

by:chris_shaw
ID: 12356715
I assume the Zywall is on a fixed IP address,  What about the Linksys?

To configure VPN on the ZYwall you need to do 2 things (assuming you wish to use IPSEC):
1.  Telnet to the box and configure the VPN tunnel under menu 27.  How you do this will depend on whether you have a fixed IP at the Linksys end or not.
2.  Connect to the Zywall using your browser, and configure the Firewall to permit WAN to WAN (Zywall) connections on Port 500.

The Linksys I am not familiar with, but it looks like you configure the VPN tunnel using its HTTP (Browser) interface.  

You need to agree settings for Phases 1 & 2 of authentication.  It looks like the Linksys uses DES or 3DES which can both be used by the Zywall.  You also need to decide on a pre-shared key which is entered at both ends of the tunnel. EVERY setting at each end must exactly correspond, otherwise the tunnel will not come up.  Unfortunately, although IPSEC is supposed to be agreed standard, manufacturers tend to proprietise it.  You would have been better advised to get the ZYxel 662 or similar for home. But the Linksys may well be OK.

Once the tunnel is established, you will be able to browse the network at the other end either by specifying the address of your WINS server in the ofiice (if you have one) or by creating an LMHOSTS file.

Regards

Chris




0
 

Author Comment

by:tstellfox
ID: 12357013
Chris,

Thanks for your response.  This clarifies some questions, but I still have some to go.

Below, I have highlighted my answers to your questions and my own questions in CAPS.

Thanks.
____________________________________

I assume the Zywall is on a fixed IP address,  What about the Linksys?

BOTH IP ADDRESSES ARE DYNAMIC. I SET UP AN ACCOUNT WITH DSN2GO.COM AND DOWNLOAD THEIR CLIENT SOFTWARE ON EACH MACHINE TO DEAL WITH THIS ISSUE. IS THIS APPROPRIATE?

To configure VPN on the ZYwall you need to do 2 things (assuming you wish to use IPSEC):
1.  Telnet to the box and configure the VPN tunnel under menu 27.  How you do this will depend on whether you have a fixed IP at the Linksys end or not.

I HAVE NEVER HEARD OF TELNETING TO THE ZYXEL BOX. HOW DO YOU DO THIS? I USUALLY  USE THE HTTP INTERFACE.

2.  Connect to the Zywall using your browser, and configure the Firewall to permit WAN to WAN (Zywall) connections on Port 500.

OK.

The Linksys I am not familiar with, but it looks like you configure the VPN tunnel using its HTTP (Browser) interface.

THAT'S CORRECT.  

You need to agree settings for Phases 1 & 2 of authentication.  It looks like the Linksys uses DES or 3DES which can both be used by the Zywall.  You also need to decide on a pre-shared key which is entered at both ends of the tunnel. EVERY setting at each end must exactly correspond, otherwise the tunnel will not come up.  Unfortunately, although IPSEC is supposed to be agreed standard, manufacturers tend to proprietise it.

WHAT DO YOU MEAN BY 'PROPRIETISE IT'?

You would have been better advised to get the ZYxel 662 or similar for home. But the Linksys may well be OK.

THANKS.

Once the tunnel is established, you will be able to browse the network at the other end either by specifying the address of your WINS server in the ofiice (if you have one) or by creating an LMHOSTS file.

HOW DO YOU FIND OUT WHAT THE WINS SERVER ADDRESS IS?

HOW DO YOU CREATE AN LMHOSTS FILE?

Regards

Chris
0
 
LVL 2

Expert Comment

by:chris_shaw
ID: 12357407
BOTH IP ADDRESSES ARE DYNAMIC. I SET UP AN ACCOUNT WITH DSN2GO.COM AND DOWNLOAD THEIR CLIENT SOFTWARE ON EACH MACHINE TO DEAL WITH THIS ISSUE. IS THIS APPROPRIATE?

Although it is possible to set these tunnels up with Dynamic DNS, it makes life much more difficult.  I strongly recommend fixed IP at both ends.

I HAVE NEVER HEARD OF TELNETING TO THE ZYXEL BOX. HOW DO YOU DO THIS? I USUALLY  USE THE HTTP INTERFACE

Exit to DOS, type telnet <IP address of Zywall>. It gives a text interface.  You can set up tunnels using the HTTP interface, but I have always used TELNET as it has been recommended.

WHAT DO YOU MEAN BY 'PROPRIETISE IT'?

Different manufacturers add their own bits onto the standard spec, making communication between different bits of kit difficult or impossible at times.

HOW DO YOU FIND OUT WHAT THE WINS SERVER ADDRESS IS?

Do you have a Windows Server at the office running a service called WINS?  If not you need to use LMHOSTS which is a text file for translating NETBIOS names to IP addresses.  This is required by Windows for browsing.

Regards

Chris

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:tstellfox
ID: 12358098
Chris -

At this time, we only have dynamic IPs at both ends. I will setup an account with www.dyndns.org because that is the service which is supported by ZyXel for this purpose.

Any there any other problems associated with using dynamic IPs?

We have a small office network and are not running server software on our server. We are using Win XP Pro. Can I setup a WINS service with this software? If so, can you tell me how?

Or do I need to setup LMHOSTS?

If I need to setup LMHOSTS, can you tell me how to do so?

Thanks,

Todd

0
 
LVL 2

Accepted Solution

by:
chris_shaw earned 500 total points
ID: 12358841
A Windows XP Pro machine cannot act as a WINS server, so you will need to set up a LMHOSTS file.  The PCS at both ends of the VPN tunnel should normally be on different private subnets, so if you wantt to see things at the other end of the tunnel you require an LMHOSTS file on the local PC to enable it to be resolved across the tunnel.  This is something that is normally done by NETBIOS broadcasts, and these are not normally routed.

If you look in the folder \windows\system32\drivers\etc you will see that there is a file callled lmhosts.sam which contains examples and descriptions of how to set one up.  The use a text editor to create your own in the same directory, but name it LMHOSTS (with no file extension).  I use #PRE on each line so it is loaded into cache. The reboot the PC.  NETBIOS should then be able to resolve the remote PC name to an IP address.

Regards

Chris
0
 
LVL 2

Expert Comment

by:chris_shaw
ID: 13227782
This was a very open ended question without a specific 'answer'.  The number of 'sub questions' that could be generated was virtually endless.  However, I hope that the information given was useful, and at least pointed tha asker in the right direction.

Chris

0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Change Time 5 43
Exchange 2007 - change IP 3 62
Multiple Static IP addresses on Router 14 71
sync conflicts 1 24
Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now