Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 514
  • Last Modified:

Two IP Addresses for One Router Creates Problem

We have two offices. Office A1 has a Qwest DSL with ActionTec modem using one of 5 static public IPs. Behind the modem is a Linksys RV082 router. The RV082 is assigned one of the static IPs and the ActionTec another. I enabled the VPN on the RV082 and can connect using the Linksys VPN client program. Good so far.

Office B2 has a different setup. It has a wireless broadband ISP with no modem provided. It's the only way to get Internet access at this location. A RJ45 plug comes out from the connection box on the wall (satellite disk on the roof points to a tower about a mile away). The ISP provided a static public IP but the router has to use a different IP address to connect. For example, let’s say the IP address provided by the ISP for connecting to the Internet through them is 10.10.10.10 but my public IP is 221.221.221.221. My ISP tells me they handle routing the 221.221.221.221 to the 10.10.10.10.

Okay, now for the problem. I go out and get another RV082 router because I want office A1 and B2 to talk to each other using the Linksys’ gateway to gateway VPN. However, the Linksys RV082 router at office B2 doesn’t seem to like the fact that it’s on 10.10.10.10 when it sees the 221.221.221.221 address. An error in the log says something about "I'm being call 221.221.221.221 but I’m really 10.10.10.10". Therefore, the two routers won’t talk to each other neither will the VPN client connect to the RV082 at office B2.

I’m thinking that I can set up a configuration just like the one at office A1. In other words, install a basic DSL modem (just like the ActionTec at office A1) for the Internet connection then place the RV082 behind it. But with this IP situation (221.221.221.221 going to 10.10.10.10) will this have any better chance of working? If not, what would be a possible solution?
0
caninia
Asked:
caninia
  • 4
  • 3
  • 3
  • +2
1 Solution
 
meverestCommented:
i am finding it difficult to visualise exactly the setup, but just wondering have you considered (or tried) doing the vpn connection in reverse?  (ie office B connect to A)?

seems like there is some kind of NAT going on with the wireless ISP - have you talked to them about this problem, maybe they may have some solution ideas?

cheers.
0
 
caniniaAuthor Commented:
Yes, I have tried the vpn connection in reverse with no luck.

Yes, I have talked to our ISP and they don't see any reason why the vpn won't work. They say there are other clients who are successfully using vpn on their service. I have asked for a name or two and they are going to get back to me on that. This ISP doesn't offer much techinical services beyond basic install.

Thanks for the input, Cheers.
0
 
conradieCommented:
Are you asking whether changing to DSL at office B2 will help the 221.221.221.221 to 10.10.10.10 NAT'ing issue? Well unless I am misunderstanding something here, that would mean a new service provider, new modem, new connection to the internet etc. So your whole method of connecting to the internet, and thus the IP scheme will change. So you will not have the same address or anything. Am I misunderstanding?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
conradieCommented:
And also:

"An error in the log says something about "I'm being call 221.221.221.221 but I’m really 10.10.10.10"."

Can you post this error here, please?
0
 
caniniaAuthor Commented:
Conradie;

No, I'm not thinking of changing my ISP, in fact I don't have any other options at this time. What I was saying is, using my current ISP and wireless DSL, I would install a simple DSL modem just like the ActionTec at the other location then put the RV082 behind it. The modem would pass everything through and would contain the 10.10.10.10 address. That would allow me to assign a different public IP to the RV082.
Currently...
Site A: ISP (WAN)---->ActionTec---->RV082
Site B: ISP (WAN)---->RV082

Change B to...
ISP (WAN)---->DSL Modem----->RV082

I'll post the exact error as soon as I can.

Thanks for the input, Conradie.
0
 
conradieCommented:
Well the handoff that you are putting into the RV082 right now is ethernet. This, along with the fact that there is already something performing NAT upstream on this connection leads me to believe that the DSL modem will not work or even be able to plug in there.

You likely need to find out from your ISP what is performing NAT upstream from your router, and why. They then need to allow VPN traffic to pass through this device. Can you access any other services using this public IP they have provided you, if you open ports in the RV082? That may be a good test.
0
 
caniniaAuthor Commented:
Conradie;

I can get the built-in PPTP support provided by the RV082 to work from my home using the Windows XP VPN client (using default setting). I put in the user name and password in the PPTP section of the RV082 setup then, from home, I start the Windows VPN connection, enter the same user name and password and I'm connected. Problem is the RV082 only supports 5 PPTP users. Each user has to be defined on the RV082.
I try the same thing using the RV082's built-in VPN support for the Linksys' VPN client and it doesn't work, neither will the Windows VPN client to the Linksys "Client to VPN" setup.
Does this mean that my ISP is not the problem?
0
 
meverestCommented:
Hi,

you can prove it to the wireless isp that their network is the problem by trying to connect from an XP client the same as you can do from your home PC.  if it works at home but not at the remote office, then you have demonstrated the network to be the issue.  if it does waor via XP at the remote office, then you have demonstrated that it is rv082 config.

Cheers.
0
 
susanzeiglerCommented:
Offhand, I don't see any reason why your scenario doesn't work. One thing I do have a question on is how the Linksys in office B is configured. The numbering of the external interface should be 10.10.10.10. That router shouldn't really ever be called at the 221.221.221.221 number. What in office B is attempting to connect via that number? The translation from 221.221.221.221 to 10.10.10.10 happens at the ISP level, and translation should occur for both incoming traffic (inbound to 221.221.221.221 get's translated to 10.10.10.10) and outbound traffic (outbound as 10.10.10.10 is translated to 221.221.221.221) and your linksys shouldn't even care about this.

You do not post whether the local subnet for office A is different than office B, but if they are both using the same non-routed subnet at both locations then you might have an issue.

Here is linksys' instruction page for the set-up when one end is static and one is dynamic:
http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=1705&p_created=1094687137&p_sid=4imrYIAh&p_lva=&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PSZwX2dyaWRzb3J0PSZwX3Jvd19jbnQ9MTE5JnBfcHJvZHM9MCZwX2NhdHM9JnBfcHY9JnBfY3Y9JnBfc2VhcmNoX3R5cGU9YW5zd2Vycy5zZWFyY2hfbmwmcF9zY2ZfbGFuZz0xJnBfcGFnZT0xJnBfc2VhcmNoX3RleHQ9UlYwODI*&p_li=&p_topview=1
0
 
caniniaAuthor Commented:
I moved the RV082 to a wired DSL line with static IP and it worked without a problem. Therefore, the problem has to be with my wireless ISP's use of NAT to my router. The Linksys VPN won't work under these conditions. I tried to explain this to Linksys' tech support but they just shot me back a link to a worthless support document on their site explaining how to set up the router to use VPN.
No point in continuing this discussion. Thanks all for trying.
0
 
meverestCommented:
Yes, like i suggested, give their tech support an experiment result that proves that their network is the problem.  at least that may get them thinking.

Cheers.
0
 
LyndonJECommented:
I have no experience with Linksys, however NAT does break IPSEC VPNs unless you are using NAT-T devices (NAT Traversal).

Does the linksys support NAT-T (if infact you are using an IPSEC VPN). Don't think NAT will cause a problem with PPTP but I could be wrong.

I'd go down the NAT-T route and elliminate this as as it sounds like the route of the problem to me.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now