caninia
asked on
Two IP Addresses for One Router Creates Problem
We have two offices. Office A1 has a Qwest DSL with ActionTec modem using one of 5 static public IPs. Behind the modem is a Linksys RV082 router. The RV082 is assigned one of the static IPs and the ActionTec another. I enabled the VPN on the RV082 and can connect using the Linksys VPN client program. Good so far.
Office B2 has a different setup. It has a wireless broadband ISP with no modem provided. It's the only way to get Internet access at this location. A RJ45 plug comes out from the connection box on the wall (satellite disk on the roof points to a tower about a mile away). The ISP provided a static public IP but the router has to use a different IP address to connect. For example, let’s say the IP address provided by the ISP for connecting to the Internet through them is 10.10.10.10 but my public IP is 221.221.221.221. My ISP tells me they handle routing the 221.221.221.221 to the 10.10.10.10.
Okay, now for the problem. I go out and get another RV082 router because I want office A1 and B2 to talk to each other using the Linksys’ gateway to gateway VPN. However, the Linksys RV082 router at office B2 doesn’t seem to like the fact that it’s on 10.10.10.10 when it sees the 221.221.221.221 address. An error in the log says something about "I'm being call 221.221.221.221 but I’m really 10.10.10.10". Therefore, the two routers won’t talk to each other neither will the VPN client connect to the RV082 at office B2.
I’m thinking that I can set up a configuration just like the one at office A1. In other words, install a basic DSL modem (just like the ActionTec at office A1) for the Internet connection then place the RV082 behind it. But with this IP situation (221.221.221.221 going to 10.10.10.10) will this have any better chance of working? If not, what would be a possible solution?
Office B2 has a different setup. It has a wireless broadband ISP with no modem provided. It's the only way to get Internet access at this location. A RJ45 plug comes out from the connection box on the wall (satellite disk on the roof points to a tower about a mile away). The ISP provided a static public IP but the router has to use a different IP address to connect. For example, let’s say the IP address provided by the ISP for connecting to the Internet through them is 10.10.10.10 but my public IP is 221.221.221.221. My ISP tells me they handle routing the 221.221.221.221 to the 10.10.10.10.
Okay, now for the problem. I go out and get another RV082 router because I want office A1 and B2 to talk to each other using the Linksys’ gateway to gateway VPN. However, the Linksys RV082 router at office B2 doesn’t seem to like the fact that it’s on 10.10.10.10 when it sees the 221.221.221.221 address. An error in the log says something about "I'm being call 221.221.221.221 but I’m really 10.10.10.10". Therefore, the two routers won’t talk to each other neither will the VPN client connect to the RV082 at office B2.
I’m thinking that I can set up a configuration just like the one at office A1. In other words, install a basic DSL modem (just like the ActionTec at office A1) for the Internet connection then place the RV082 behind it. But with this IP situation (221.221.221.221 going to 10.10.10.10) will this have any better chance of working? If not, what would be a possible solution?
ASKER
Yes, I have tried the vpn connection in reverse with no luck.
Yes, I have talked to our ISP and they don't see any reason why the vpn won't work. They say there are other clients who are successfully using vpn on their service. I have asked for a name or two and they are going to get back to me on that. This ISP doesn't offer much techinical services beyond basic install.
Thanks for the input, Cheers.
Yes, I have talked to our ISP and they don't see any reason why the vpn won't work. They say there are other clients who are successfully using vpn on their service. I have asked for a name or two and they are going to get back to me on that. This ISP doesn't offer much techinical services beyond basic install.
Thanks for the input, Cheers.
Are you asking whether changing to DSL at office B2 will help the 221.221.221.221 to 10.10.10.10 NAT'ing issue? Well unless I am misunderstanding something here, that would mean a new service provider, new modem, new connection to the internet etc. So your whole method of connecting to the internet, and thus the IP scheme will change. So you will not have the same address or anything. Am I misunderstanding?
And also:
"An error in the log says something about "I'm being call 221.221.221.221 but I’m really 10.10.10.10"."
Can you post this error here, please?
"An error in the log says something about "I'm being call 221.221.221.221 but I’m really 10.10.10.10"."
Can you post this error here, please?
ASKER
Conradie;
No, I'm not thinking of changing my ISP, in fact I don't have any other options at this time. What I was saying is, using my current ISP and wireless DSL, I would install a simple DSL modem just like the ActionTec at the other location then put the RV082 behind it. The modem would pass everything through and would contain the 10.10.10.10 address. That would allow me to assign a different public IP to the RV082.
Currently...
Site A: ISP (WAN)---->ActionTec---->RV
Site B: ISP (WAN)---->RV082
Change B to...
ISP (WAN)---->DSL Modem----->RV082
I'll post the exact error as soon as I can.
Thanks for the input, Conradie.
No, I'm not thinking of changing my ISP, in fact I don't have any other options at this time. What I was saying is, using my current ISP and wireless DSL, I would install a simple DSL modem just like the ActionTec at the other location then put the RV082 behind it. The modem would pass everything through and would contain the 10.10.10.10 address. That would allow me to assign a different public IP to the RV082.
Currently...
Site A: ISP (WAN)---->ActionTec---->RV
Site B: ISP (WAN)---->RV082
Change B to...
ISP (WAN)---->DSL Modem----->RV082
I'll post the exact error as soon as I can.
Thanks for the input, Conradie.
Well the handoff that you are putting into the RV082 right now is ethernet. This, along with the fact that there is already something performing NAT upstream on this connection leads me to believe that the DSL modem will not work or even be able to plug in there.
You likely need to find out from your ISP what is performing NAT upstream from your router, and why. They then need to allow VPN traffic to pass through this device. Can you access any other services using this public IP they have provided you, if you open ports in the RV082? That may be a good test.
You likely need to find out from your ISP what is performing NAT upstream from your router, and why. They then need to allow VPN traffic to pass through this device. Can you access any other services using this public IP they have provided you, if you open ports in the RV082? That may be a good test.
ASKER
Conradie;
I can get the built-in PPTP support provided by the RV082 to work from my home using the Windows XP VPN client (using default setting). I put in the user name and password in the PPTP section of the RV082 setup then, from home, I start the Windows VPN connection, enter the same user name and password and I'm connected. Problem is the RV082 only supports 5 PPTP users. Each user has to be defined on the RV082.
I try the same thing using the RV082's built-in VPN support for the Linksys' VPN client and it doesn't work, neither will the Windows VPN client to the Linksys "Client to VPN" setup.
Does this mean that my ISP is not the problem?
I can get the built-in PPTP support provided by the RV082 to work from my home using the Windows XP VPN client (using default setting). I put in the user name and password in the PPTP section of the RV082 setup then, from home, I start the Windows VPN connection, enter the same user name and password and I'm connected. Problem is the RV082 only supports 5 PPTP users. Each user has to be defined on the RV082.
I try the same thing using the RV082's built-in VPN support for the Linksys' VPN client and it doesn't work, neither will the Windows VPN client to the Linksys "Client to VPN" setup.
Does this mean that my ISP is not the problem?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Offhand, I don't see any reason why your scenario doesn't work. One thing I do have a question on is how the Linksys in office B is configured. The numbering of the external interface should be 10.10.10.10. That router shouldn't really ever be called at the 221.221.221.221 number. What in office B is attempting to connect via that number? The translation from 221.221.221.221 to 10.10.10.10 happens at the ISP level, and translation should occur for both incoming traffic (inbound to 221.221.221.221 get's translated to 10.10.10.10) and outbound traffic (outbound as 10.10.10.10 is translated to 221.221.221.221) and your linksys shouldn't even care about this.
You do not post whether the local subnet for office A is different than office B, but if they are both using the same non-routed subnet at both locations then you might have an issue.
Here is linksys' instruction page for the set-up when one end is static and one is dynamic:
http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=1705&p_created=1094687137&p_sid=4imrYIAh&p_lva=&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PSZwX2dyaWRzb3J0PSZwX3Jvd19jbnQ9MTE5JnBfcHJvZHM9MCZwX2NhdHM9JnBfcHY9JnBfY3Y9JnBfc2VhcmNoX3R5cGU9YW5zd2Vycy5zZWFyY2hfbmwmcF9zY2ZfbGFuZz0xJnBfcGFnZT0xJnBfc2VhcmNoX3RleHQ9UlYwODI*&p_li=&p_topview=1
You do not post whether the local subnet for office A is different than office B, but if they are both using the same non-routed subnet at both locations then you might have an issue.
Here is linksys' instruction page for the set-up when one end is static and one is dynamic:
http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=1705&p_created=1094687137&p_sid=4imrYIAh&p_lva=&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PSZwX2dyaWRzb3J0PSZwX3Jvd19jbnQ9MTE5JnBfcHJvZHM9MCZwX2NhdHM9JnBfcHY9JnBfY3Y9JnBfc2VhcmNoX3R5cGU9YW5zd2Vycy5zZWFyY2hfbmwmcF9zY2ZfbGFuZz0xJnBfcGFnZT0xJnBfc2VhcmNoX3RleHQ9UlYwODI*&p_li=&p_topview=1
ASKER
I moved the RV082 to a wired DSL line with static IP and it worked without a problem. Therefore, the problem has to be with my wireless ISP's use of NAT to my router. The Linksys VPN won't work under these conditions. I tried to explain this to Linksys' tech support but they just shot me back a link to a worthless support document on their site explaining how to set up the router to use VPN.
No point in continuing this discussion. Thanks all for trying.
No point in continuing this discussion. Thanks all for trying.
Yes, like i suggested, give their tech support an experiment result that proves that their network is the problem. at least that may get them thinking.
Cheers.
Cheers.
I have no experience with Linksys, however NAT does break IPSEC VPNs unless you are using NAT-T devices (NAT Traversal).
Does the linksys support NAT-T (if infact you are using an IPSEC VPN). Don't think NAT will cause a problem with PPTP but I could be wrong.
I'd go down the NAT-T route and elliminate this as as it sounds like the route of the problem to me.
Does the linksys support NAT-T (if infact you are using an IPSEC VPN). Don't think NAT will cause a problem with PPTP but I could be wrong.
I'd go down the NAT-T route and elliminate this as as it sounds like the route of the problem to me.
seems like there is some kind of NAT going on with the wireless ISP - have you talked to them about this problem, maybe they may have some solution ideas?
cheers.