tstellfox
asked on
VPN Connection Between ZyXel ZyWALL 10W and Linksys WRV54G
I am trying to establish a VPN connection between two devices: a ZyXel ZyWALL 10W and a Linksys WRV54G.
The ZyXel resides in my office and serves as the company firewall. The Linksys is at my home and I want to use it to access the corporate network.
How do I establish a VPN connection between these two devices?
Also, once a connection is established between these two hardware devices, what steps do you take to share files and access program via this connection.
Thanks,
Todd
The ZyXel resides in my office and serves as the company firewall. The Linksys is at my home and I want to use it to access the corporate network.
How do I establish a VPN connection between these two devices?
Also, once a connection is established between these two hardware devices, what steps do you take to share files and access program via this connection.
Thanks,
Todd
ASKER
Chris,
Thanks for your response. This clarifies some questions, but I still have some to go.
Below, I have highlighted my answers to your questions and my own questions in CAPS.
Thanks.
__________________________
I assume the Zywall is on a fixed IP address, What about the Linksys?
BOTH IP ADDRESSES ARE DYNAMIC. I SET UP AN ACCOUNT WITH DSN2GO.COM AND DOWNLOAD THEIR CLIENT SOFTWARE ON EACH MACHINE TO DEAL WITH THIS ISSUE. IS THIS APPROPRIATE?
To configure VPN on the ZYwall you need to do 2 things (assuming you wish to use IPSEC):
1. Telnet to the box and configure the VPN tunnel under menu 27. How you do this will depend on whether you have a fixed IP at the Linksys end or not.
I HAVE NEVER HEARD OF TELNETING TO THE ZYXEL BOX. HOW DO YOU DO THIS? I USUALLY USE THE HTTP INTERFACE.
2. Connect to the Zywall using your browser, and configure the Firewall to permit WAN to WAN (Zywall) connections on Port 500.
OK.
The Linksys I am not familiar with, but it looks like you configure the VPN tunnel using its HTTP (Browser) interface.
THAT'S CORRECT.
You need to agree settings for Phases 1 & 2 of authentication. It looks like the Linksys uses DES or 3DES which can both be used by the Zywall. You also need to decide on a pre-shared key which is entered at both ends of the tunnel. EVERY setting at each end must exactly correspond, otherwise the tunnel will not come up. Unfortunately, although IPSEC is supposed to be agreed standard, manufacturers tend to proprietise it.
WHAT DO YOU MEAN BY 'PROPRIETISE IT'?
You would have been better advised to get the ZYxel 662 or similar for home. But the Linksys may well be OK.
THANKS.
Once the tunnel is established, you will be able to browse the network at the other end either by specifying the address of your WINS server in the ofiice (if you have one) or by creating an LMHOSTS file.
HOW DO YOU FIND OUT WHAT THE WINS SERVER ADDRESS IS?
HOW DO YOU CREATE AN LMHOSTS FILE?
Regards
Chris
Thanks for your response. This clarifies some questions, but I still have some to go.
Below, I have highlighted my answers to your questions and my own questions in CAPS.
Thanks.
__________________________
I assume the Zywall is on a fixed IP address, What about the Linksys?
BOTH IP ADDRESSES ARE DYNAMIC. I SET UP AN ACCOUNT WITH DSN2GO.COM AND DOWNLOAD THEIR CLIENT SOFTWARE ON EACH MACHINE TO DEAL WITH THIS ISSUE. IS THIS APPROPRIATE?
To configure VPN on the ZYwall you need to do 2 things (assuming you wish to use IPSEC):
1. Telnet to the box and configure the VPN tunnel under menu 27. How you do this will depend on whether you have a fixed IP at the Linksys end or not.
I HAVE NEVER HEARD OF TELNETING TO THE ZYXEL BOX. HOW DO YOU DO THIS? I USUALLY USE THE HTTP INTERFACE.
2. Connect to the Zywall using your browser, and configure the Firewall to permit WAN to WAN (Zywall) connections on Port 500.
OK.
The Linksys I am not familiar with, but it looks like you configure the VPN tunnel using its HTTP (Browser) interface.
THAT'S CORRECT.
You need to agree settings for Phases 1 & 2 of authentication. It looks like the Linksys uses DES or 3DES which can both be used by the Zywall. You also need to decide on a pre-shared key which is entered at both ends of the tunnel. EVERY setting at each end must exactly correspond, otherwise the tunnel will not come up. Unfortunately, although IPSEC is supposed to be agreed standard, manufacturers tend to proprietise it.
WHAT DO YOU MEAN BY 'PROPRIETISE IT'?
You would have been better advised to get the ZYxel 662 or similar for home. But the Linksys may well be OK.
THANKS.
Once the tunnel is established, you will be able to browse the network at the other end either by specifying the address of your WINS server in the ofiice (if you have one) or by creating an LMHOSTS file.
HOW DO YOU FIND OUT WHAT THE WINS SERVER ADDRESS IS?
HOW DO YOU CREATE AN LMHOSTS FILE?
Regards
Chris
BOTH IP ADDRESSES ARE DYNAMIC. I SET UP AN ACCOUNT WITH DSN2GO.COM AND DOWNLOAD THEIR CLIENT SOFTWARE ON EACH MACHINE TO DEAL WITH THIS ISSUE. IS THIS APPROPRIATE?
Although it is possible to set these tunnels up with Dynamic DNS, it makes life much more difficult. I strongly recommend fixed IP at both ends.
I HAVE NEVER HEARD OF TELNETING TO THE ZYXEL BOX. HOW DO YOU DO THIS? I USUALLY USE THE HTTP INTERFACE
Exit to DOS, type telnet <IP address of Zywall>. It gives a text interface. You can set up tunnels using the HTTP interface, but I have always used TELNET as it has been recommended.
WHAT DO YOU MEAN BY 'PROPRIETISE IT'?
Different manufacturers add their own bits onto the standard spec, making communication between different bits of kit difficult or impossible at times.
HOW DO YOU FIND OUT WHAT THE WINS SERVER ADDRESS IS?
Do you have a Windows Server at the office running a service called WINS? If not you need to use LMHOSTS which is a text file for translating NETBIOS names to IP addresses. This is required by Windows for browsing.
Regards
Chris
Although it is possible to set these tunnels up with Dynamic DNS, it makes life much more difficult. I strongly recommend fixed IP at both ends.
I HAVE NEVER HEARD OF TELNETING TO THE ZYXEL BOX. HOW DO YOU DO THIS? I USUALLY USE THE HTTP INTERFACE
Exit to DOS, type telnet <IP address of Zywall>. It gives a text interface. You can set up tunnels using the HTTP interface, but I have always used TELNET as it has been recommended.
WHAT DO YOU MEAN BY 'PROPRIETISE IT'?
Different manufacturers add their own bits onto the standard spec, making communication between different bits of kit difficult or impossible at times.
HOW DO YOU FIND OUT WHAT THE WINS SERVER ADDRESS IS?
Do you have a Windows Server at the office running a service called WINS? If not you need to use LMHOSTS which is a text file for translating NETBIOS names to IP addresses. This is required by Windows for browsing.
Regards
Chris
ASKER
Chris -
At this time, we only have dynamic IPs at both ends. I will setup an account with www.dyndns.org because that is the service which is supported by ZyXel for this purpose.
Any there any other problems associated with using dynamic IPs?
We have a small office network and are not running server software on our server. We are using Win XP Pro. Can I setup a WINS service with this software? If so, can you tell me how?
Or do I need to setup LMHOSTS?
If I need to setup LMHOSTS, can you tell me how to do so?
Thanks,
Todd
At this time, we only have dynamic IPs at both ends. I will setup an account with www.dyndns.org because that is the service which is supported by ZyXel for this purpose.
Any there any other problems associated with using dynamic IPs?
We have a small office network and are not running server software on our server. We are using Win XP Pro. Can I setup a WINS service with this software? If so, can you tell me how?
Or do I need to setup LMHOSTS?
If I need to setup LMHOSTS, can you tell me how to do so?
Thanks,
Todd
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This was a very open ended question without a specific 'answer'. The number of 'sub questions' that could be generated was virtually endless. However, I hope that the information given was useful, and at least pointed tha asker in the right direction.
Chris
Chris
To configure VPN on the ZYwall you need to do 2 things (assuming you wish to use IPSEC):
1. Telnet to the box and configure the VPN tunnel under menu 27. How you do this will depend on whether you have a fixed IP at the Linksys end or not.
2. Connect to the Zywall using your browser, and configure the Firewall to permit WAN to WAN (Zywall) connections on Port 500.
The Linksys I am not familiar with, but it looks like you configure the VPN tunnel using its HTTP (Browser) interface.
You need to agree settings for Phases 1 & 2 of authentication. It looks like the Linksys uses DES or 3DES which can both be used by the Zywall. You also need to decide on a pre-shared key which is entered at both ends of the tunnel. EVERY setting at each end must exactly correspond, otherwise the tunnel will not come up. Unfortunately, although IPSEC is supposed to be agreed standard, manufacturers tend to proprietise it. You would have been better advised to get the ZYxel 662 or similar for home. But the Linksys may well be OK.
Once the tunnel is established, you will be able to browse the network at the other end either by specifying the address of your WINS server in the ofiice (if you have one) or by creating an LMHOSTS file.
Regards
Chris