?
Solved

VPN Connection Between ZyXel ZyWALL 10W and Linksys WRV54G

Posted on 2004-10-19
9
Medium Priority
?
1,211 Views
Last Modified: 2010-05-18
I am trying to establish a VPN connection between two devices: a ZyXel ZyWALL 10W and a Linksys WRV54G.

The ZyXel resides in my office and serves as the company firewall. The Linksys is at my home and I want to use it to access the corporate network.

How do I establish a VPN connection between these two devices?

Also, once a connection is established between these two hardware devices, what steps do you take to share files and access program via this connection.

Thanks,

Todd
0
Comment
Question by:tstellfox
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
9 Comments
 
LVL 2

Expert Comment

by:chris_shaw
ID: 12356715
I assume the Zywall is on a fixed IP address,  What about the Linksys?

To configure VPN on the ZYwall you need to do 2 things (assuming you wish to use IPSEC):
1.  Telnet to the box and configure the VPN tunnel under menu 27.  How you do this will depend on whether you have a fixed IP at the Linksys end or not.
2.  Connect to the Zywall using your browser, and configure the Firewall to permit WAN to WAN (Zywall) connections on Port 500.

The Linksys I am not familiar with, but it looks like you configure the VPN tunnel using its HTTP (Browser) interface.  

You need to agree settings for Phases 1 & 2 of authentication.  It looks like the Linksys uses DES or 3DES which can both be used by the Zywall.  You also need to decide on a pre-shared key which is entered at both ends of the tunnel. EVERY setting at each end must exactly correspond, otherwise the tunnel will not come up.  Unfortunately, although IPSEC is supposed to be agreed standard, manufacturers tend to proprietise it.  You would have been better advised to get the ZYxel 662 or similar for home. But the Linksys may well be OK.

Once the tunnel is established, you will be able to browse the network at the other end either by specifying the address of your WINS server in the ofiice (if you have one) or by creating an LMHOSTS file.

Regards

Chris




0
 

Author Comment

by:tstellfox
ID: 12357013
Chris,

Thanks for your response.  This clarifies some questions, but I still have some to go.

Below, I have highlighted my answers to your questions and my own questions in CAPS.

Thanks.
____________________________________

I assume the Zywall is on a fixed IP address,  What about the Linksys?

BOTH IP ADDRESSES ARE DYNAMIC. I SET UP AN ACCOUNT WITH DSN2GO.COM AND DOWNLOAD THEIR CLIENT SOFTWARE ON EACH MACHINE TO DEAL WITH THIS ISSUE. IS THIS APPROPRIATE?

To configure VPN on the ZYwall you need to do 2 things (assuming you wish to use IPSEC):
1.  Telnet to the box and configure the VPN tunnel under menu 27.  How you do this will depend on whether you have a fixed IP at the Linksys end or not.

I HAVE NEVER HEARD OF TELNETING TO THE ZYXEL BOX. HOW DO YOU DO THIS? I USUALLY  USE THE HTTP INTERFACE.

2.  Connect to the Zywall using your browser, and configure the Firewall to permit WAN to WAN (Zywall) connections on Port 500.

OK.

The Linksys I am not familiar with, but it looks like you configure the VPN tunnel using its HTTP (Browser) interface.

THAT'S CORRECT.  

You need to agree settings for Phases 1 & 2 of authentication.  It looks like the Linksys uses DES or 3DES which can both be used by the Zywall.  You also need to decide on a pre-shared key which is entered at both ends of the tunnel. EVERY setting at each end must exactly correspond, otherwise the tunnel will not come up.  Unfortunately, although IPSEC is supposed to be agreed standard, manufacturers tend to proprietise it.

WHAT DO YOU MEAN BY 'PROPRIETISE IT'?

You would have been better advised to get the ZYxel 662 or similar for home. But the Linksys may well be OK.

THANKS.

Once the tunnel is established, you will be able to browse the network at the other end either by specifying the address of your WINS server in the ofiice (if you have one) or by creating an LMHOSTS file.

HOW DO YOU FIND OUT WHAT THE WINS SERVER ADDRESS IS?

HOW DO YOU CREATE AN LMHOSTS FILE?

Regards

Chris
0
 
LVL 2

Expert Comment

by:chris_shaw
ID: 12357407
BOTH IP ADDRESSES ARE DYNAMIC. I SET UP AN ACCOUNT WITH DSN2GO.COM AND DOWNLOAD THEIR CLIENT SOFTWARE ON EACH MACHINE TO DEAL WITH THIS ISSUE. IS THIS APPROPRIATE?

Although it is possible to set these tunnels up with Dynamic DNS, it makes life much more difficult.  I strongly recommend fixed IP at both ends.

I HAVE NEVER HEARD OF TELNETING TO THE ZYXEL BOX. HOW DO YOU DO THIS? I USUALLY  USE THE HTTP INTERFACE

Exit to DOS, type telnet <IP address of Zywall>. It gives a text interface.  You can set up tunnels using the HTTP interface, but I have always used TELNET as it has been recommended.

WHAT DO YOU MEAN BY 'PROPRIETISE IT'?

Different manufacturers add their own bits onto the standard spec, making communication between different bits of kit difficult or impossible at times.

HOW DO YOU FIND OUT WHAT THE WINS SERVER ADDRESS IS?

Do you have a Windows Server at the office running a service called WINS?  If not you need to use LMHOSTS which is a text file for translating NETBIOS names to IP addresses.  This is required by Windows for browsing.

Regards

Chris

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:tstellfox
ID: 12358098
Chris -

At this time, we only have dynamic IPs at both ends. I will setup an account with www.dyndns.org because that is the service which is supported by ZyXel for this purpose.

Any there any other problems associated with using dynamic IPs?

We have a small office network and are not running server software on our server. We are using Win XP Pro. Can I setup a WINS service with this software? If so, can you tell me how?

Or do I need to setup LMHOSTS?

If I need to setup LMHOSTS, can you tell me how to do so?

Thanks,

Todd

0
 
LVL 2

Accepted Solution

by:
chris_shaw earned 2000 total points
ID: 12358841
A Windows XP Pro machine cannot act as a WINS server, so you will need to set up a LMHOSTS file.  The PCS at both ends of the VPN tunnel should normally be on different private subnets, so if you wantt to see things at the other end of the tunnel you require an LMHOSTS file on the local PC to enable it to be resolved across the tunnel.  This is something that is normally done by NETBIOS broadcasts, and these are not normally routed.

If you look in the folder \windows\system32\drivers\etc you will see that there is a file callled lmhosts.sam which contains examples and descriptions of how to set one up.  The use a text editor to create your own in the same directory, but name it LMHOSTS (with no file extension).  I use #PRE on each line so it is loaded into cache. The reboot the PC.  NETBIOS should then be able to resolve the remote PC name to an IP address.

Regards

Chris
0
 
LVL 2

Expert Comment

by:chris_shaw
ID: 13227782
This was a very open ended question without a specific 'answer'.  The number of 'sub questions' that could be generated was virtually endless.  However, I hope that the information given was useful, and at least pointed tha asker in the right direction.

Chris

0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question