Is there a good solution for this scenario?

Posted on 2005-03-02
Medium Priority
Last Modified: 2010-04-12
My customer currently sits in an office that he shares with his secretary.  He has an XP pro laptop.  She has Win 2k system.  They both connect to the Internet via an old Linksys BEFSR41 (not V3, and firmware could be upgraded to 1.46.02).  Their DSL account is dynamic.  They both have private static addresses in the 192.168.1.xxx range. He runs ACT!, but the ACT! files are on her system.  She has access to his Briefcase.  He can print to her shared printers.  Everything works well.  However, he has decided he wants to work from home, using his laptop, (150 miles away), while she will remain in her current location.  He would prefer not to lose any of the current functionality.  He will have a broadband connection from home, probably also dynamic, with no router.  
Question:  What is the best solution?
Question by:atek1942
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 10

Accepted Solution

plemieux72 earned 1600 total points
ID: 13446185
Best solution (not the only solution):

Obtain public static IP addresses at one or both ISP.  Then, get two identical routers that can terminate a site-to-site IPSec VPN tunnel and install them at each site.  Configure them to reach each other via a 3DES or AES IPSec VPN tunnel.  This way, the manager can virtually be at his old LAN while being at home and still have access to everything.  Ensure the private IP address range of the new site (his home) does not overlap with the other LAN.

Author Comment

ID: 13452337
plemieux72, thanks for your response.  Please comment on the correctness of the following:
I would set one lan to 192.168.1, the other to 192.168.2.  
I would need to install a 3rd party IPSec VPN client on both systems.  
I would not need to upgrade the OS of either system.  
Both parties would need to "connect" and stay connected for full functionality.

Additionally, she has a Certance USB tape drive running Retrospect Pro attached to her system, that currently executes scheduled backups of files on her system and his system over the LAN.  I hadn't considered retaining the ability to backup his files, but might that work as well?

Assisted Solution

MamboDee earned 400 total points
ID: 13454059
You don't actually needneed to get static addresses for either side of your VPN tunnel. Many vpn endpoints/servers these days work with a dynamic dns service (like the free dyndns.org) that will register a dynamic ip addess to a static name. You just plug the name to the endpoint or software at the other side.

A simple solution for you would be the likesys WRV54G.

1. Switch out the befsr41 with the wrv54g.
2. Creat a choose and DDNS service (most are free), create an account and enter your account info into the router.
3. Create a username on the router.
4. Install the accompanying software on the remote computer and plug in your DDNS name for your office and the username and password.

You may have to change the subnet at the office from a 192.168.x.x to a 10.x.x.x to avoid conflict. When you connect, the client will do the ip configuration for you on the remote computer and it will be as if he is sitting at the office.

There are many home VPN endpoints out there that have specialized clients that make it that easy. The WRV54G is actually a wireless router, so you might not want to pay for overkill. I just chose linksys becuase I am already familiar with the process. So by all means do some research and chose the produce that best fits you, but it is that easy.
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

LVL 10

Assisted Solution

plemieux72 earned 1600 total points
ID: 13455214
Right, the best solution is what I stated because you asked... but as MamboDee said, you don't actually need to get static IP addresses from your ISP.  Anyway, a WRV54G or any other router that can terminate a VPN tunnel would do.  No client needed to install on any of the computers.  The two routers are going to negotiate the tunnel and this will be transparent to both clients at each site.

It will look like this:

(managerPC) -----> mask (VPNrouter) x.x.x.x ----- Internet ----- y.y.y.y (VPNrouter) <----- (secretaryPC)

The x.x.x.x and y.y.y.y are the dynamic addresses assigned from the ISP.  Each router will connect to the other one based on whatever DDNS entry you make with dyndns.org or a similar service.


Author Comment

ID: 13455411
Thanks to both of you.  I have been checking the Linksys BEFVP41 router.  If my client opts for the less expensive dynamic addressing from his ISP on both ends, can each router use the same DDNS entry?  And, do you agree that backup to the tape drive over the VPN probably would work?  And, finally, if the "keep alive" option is set on both routers, it would seem that the tunnel would be automatically established as soon as both systems were booted up, as long as the relevant "Local Area Connection" is enabled at both ends.  I'm sure that is what they would prefer.
LVL 10

Assisted Solution

plemieux72 earned 1600 total points
ID: 13458131
Each router will require a different DDNS "A record".

For example:

vpnrouter1.mycompany.com     A    x.x.x.x
vpnrouter2.mycompany.com     A    y.y.y.y

On vpnrouter1, you point it to connect to vpnrouter2 and vice-versa.

As for the backup, I currently have a monthly scheduled backup running over a VPN using Retrospect 6.5 Server.  However, it take a really long time to complete because each time, there is about 400MB to do.  It actually takes around 15 hours.  It's no big deal because it's personal (not company related) data.  Regardless, the performance might not be very good but it works!  Also, my two routers are Cisco routers, not Linksys... but I don't see why the BEFVP41 would not work.  Also, my VPN connection is automatic and the remote router negociates the tunnel automatically.  I never have to do anything and there is always a tunnel present.

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question