VPN Question

Posted on 2005-04-26
Last Modified: 2010-04-10
I recently bought two linksys routers which claim to have VPN capability.  They are at two locations.  Each location has a single, static IP address, and several computers behind each router.

I was hoping to learn more about how a VPN should work.  Can both sides remain under the same subnet (, or will one need to be

It is asking for three fields which I am not completely sure I understand.

Local Secure Group, which accepts a host, and netmask; OR ip address; OR ip range
Remote Secure Group, which accepts a host, and netmask; or ip address; OR ip range
Remote Security Gateway, which accepts an IP address or FQDN

I'm assuming that Local Secure Group would be 192.168.x.x for whatever is behind the router it is configured on,  and Remote Secure Group would be 192.168.x.x for whatever is behind the remote router, but can they be equal?

Remote Security Gateway i am nearly positive refers to the WAN IP address of the remote router.

Somebody, please clear all of this up for me.
Question by:WKalata
    LVL 7

    Accepted Solution


    Your reasoning is good on the terms and what they mean. Although with some VPN gear you can NAT your way around the duplicate IP ranges, I would strongly recommend you changing a range to 192.168.2.x .

    Good luck!
    LVL 3

    Assisted Solution

    VPN - You must have two different subnet.
    One location - 192.168.1.x and other location - 192.168.2.x
    There is no other way, Once VPN Tunnel is made, then you should able to access either side using IP.
    If you want to access by computer name, you must use DNS
    LVL 3

    Expert Comment

    One more thing, VPN setup on Router when it ask for subnet for other side use x to 0
    LVL 7

    Assisted Solution

    About how the VPN thing works...

    VPN is usally a tunneled, encrypted stream, from one host to another, mostly connecting one or more networks, sometimes just hosts.

    If you are on host, and you want to get to host (another site thru VPN, this is how it goes.

    Packet comes from -> to default gateway, usually the VPN end device, or the gateway sends all traffic to 192.168.2.x to the VPN end device.

    Packet gets to end VPN device. VPN device encrypts packet, adds new header (source is VPN outside address, destination is outside address of other end VPN device (this is why the Linksys asked for this address - called it remote security gateway).

    Packet goes over Internet to other VPN device (remote security gateway).

    VPN device gets packet, strips header, unencrypts packet, puts on local network, sends to

    The local range is needed to specify which source address can get sent thru the VPN, and the remote range is needed to determine whether the traffic needs to go thru the VPN or not.

    Maybe this will help.

    LVL 6

    Expert Comment

    To avoid confusion:
    Site-to-Site VPN: duplicate internal IP range should be avoid.
    Remote-access VPN: client IP address should not be matter since VPN ataptor will overwrite it with VPN assigned IP.
    WKalata, your assumption is correct: Local Secure Group would be whatever is behind the router and Remote Secure Group would be whatever behind the remote router. In your case, you want to Site-to-site VPN, and the internal IP range should be different.
    Remote Security Gateway should be the WAN IP address of the remote router (peer).

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
    #Citrix #Citrix Netscaler #HTTP Compression #Load Balance
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now