Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Is there a good solution for this scenario?

Posted on 2005-03-02
Medium Priority
Last Modified: 2010-04-12
My customer currently sits in an office that he shares with his secretary.  He has an XP pro laptop.  She has Win 2k system.  They both connect to the Internet via an old Linksys BEFSR41 (not V3, and firmware could be upgraded to 1.46.02).  Their DSL account is dynamic.  They both have private static addresses in the 192.168.1.xxx range. He runs ACT!, but the ACT! files are on her system.  She has access to his Briefcase.  He can print to her shared printers.  Everything works well.  However, he has decided he wants to work from home, using his laptop, (150 miles away), while she will remain in her current location.  He would prefer not to lose any of the current functionality.  He will have a broadband connection from home, probably also dynamic, with no router.  
Question:  What is the best solution?
Question by:atek1942
  • 3
  • 2
LVL 10

Accepted Solution

plemieux72 earned 1600 total points
ID: 13446185
Best solution (not the only solution):

Obtain public static IP addresses at one or both ISP.  Then, get two identical routers that can terminate a site-to-site IPSec VPN tunnel and install them at each site.  Configure them to reach each other via a 3DES or AES IPSec VPN tunnel.  This way, the manager can virtually be at his old LAN while being at home and still have access to everything.  Ensure the private IP address range of the new site (his home) does not overlap with the other LAN.

Author Comment

ID: 13452337
plemieux72, thanks for your response.  Please comment on the correctness of the following:
I would set one lan to 192.168.1, the other to 192.168.2.  
I would need to install a 3rd party IPSec VPN client on both systems.  
I would not need to upgrade the OS of either system.  
Both parties would need to "connect" and stay connected for full functionality.

Additionally, she has a Certance USB tape drive running Retrospect Pro attached to her system, that currently executes scheduled backups of files on her system and his system over the LAN.  I hadn't considered retaining the ability to backup his files, but might that work as well?

Assisted Solution

MamboDee earned 400 total points
ID: 13454059
You don't actually needneed to get static addresses for either side of your VPN tunnel. Many vpn endpoints/servers these days work with a dynamic dns service (like the free dyndns.org) that will register a dynamic ip addess to a static name. You just plug the name to the endpoint or software at the other side.

A simple solution for you would be the likesys WRV54G.

1. Switch out the befsr41 with the wrv54g.
2. Creat a choose and DDNS service (most are free), create an account and enter your account info into the router.
3. Create a username on the router.
4. Install the accompanying software on the remote computer and plug in your DDNS name for your office and the username and password.

You may have to change the subnet at the office from a 192.168.x.x to a 10.x.x.x to avoid conflict. When you connect, the client will do the ip configuration for you on the remote computer and it will be as if he is sitting at the office.

There are many home VPN endpoints out there that have specialized clients that make it that easy. The WRV54G is actually a wireless router, so you might not want to pay for overkill. I just chose linksys becuase I am already familiar with the process. So by all means do some research and chose the produce that best fits you, but it is that easy.
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

LVL 10

Assisted Solution

plemieux72 earned 1600 total points
ID: 13455214
Right, the best solution is what I stated because you asked... but as MamboDee said, you don't actually need to get static IP addresses from your ISP.  Anyway, a WRV54G or any other router that can terminate a VPN tunnel would do.  No client needed to install on any of the computers.  The two routers are going to negotiate the tunnel and this will be transparent to both clients at each site.

It will look like this:

(managerPC) -----> mask (VPNrouter) x.x.x.x ----- Internet ----- y.y.y.y (VPNrouter) <----- (secretaryPC)

The x.x.x.x and y.y.y.y are the dynamic addresses assigned from the ISP.  Each router will connect to the other one based on whatever DDNS entry you make with dyndns.org or a similar service.


Author Comment

ID: 13455411
Thanks to both of you.  I have been checking the Linksys BEFVP41 router.  If my client opts for the less expensive dynamic addressing from his ISP on both ends, can each router use the same DDNS entry?  And, do you agree that backup to the tape drive over the VPN probably would work?  And, finally, if the "keep alive" option is set on both routers, it would seem that the tunnel would be automatically established as soon as both systems were booted up, as long as the relevant "Local Area Connection" is enabled at both ends.  I'm sure that is what they would prefer.
LVL 10

Assisted Solution

plemieux72 earned 1600 total points
ID: 13458131
Each router will require a different DDNS "A record".

For example:

vpnrouter1.mycompany.com     A    x.x.x.x
vpnrouter2.mycompany.com     A    y.y.y.y

On vpnrouter1, you point it to connect to vpnrouter2 and vice-versa.

As for the backup, I currently have a monthly scheduled backup running over a VPN using Retrospect 6.5 Server.  However, it take a really long time to complete because each time, there is about 400MB to do.  It actually takes around 15 hours.  It's no big deal because it's personal (not company related) data.  Regardless, the performance might not be very good but it works!  Also, my two routers are Cisco routers, not Linksys... but I don't see why the BEFVP41 would not work.  Also, my VPN connection is automatic and the remote router negociates the tunnel automatically.  I never have to do anything and there is always a tunnel present.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses
Course of the Month15 days, 14 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question