VPN Question

I recently bought two linksys routers which claim to have VPN capability.  They are at two locations.  Each location has a single, static IP address, and several computers behind each router.

I was hoping to learn more about how a VPN should work.  Can both sides remain under the same subnet (192.168.1.1), or will one need to be 192.168.2.1.

It is asking for three fields which I am not completely sure I understand.

Local Secure Group, which accepts a host, and netmask; OR ip address; OR ip range
Remote Secure Group, which accepts a host, and netmask; or ip address; OR ip range
Remote Security Gateway, which accepts an IP address or FQDN

I'm assuming that Local Secure Group would be 192.168.x.x for whatever is behind the router it is configured on,  and Remote Secure Group would be 192.168.x.x for whatever is behind the remote router, but can they be equal?

Remote Security Gateway i am nearly positive refers to the WAN IP address of the remote router.

Somebody, please clear all of this up for me.
LVL 2
WKalataAsked:
Who is Participating?
 
minmeiConnect With a Mentor Commented:
WKalata,

Your reasoning is good on the terms and what they mean. Although with some VPN gear you can NAT your way around the duplicate IP ranges, I would strongly recommend you changing a range to 192.168.2.x .

Good luck!
0
 
xrokConnect With a Mentor Commented:
VPN - You must have two different subnet.
One location - 192.168.1.x and other location - 192.168.2.x
There is no other way, Once VPN Tunnel is made, then you should able to access either side using IP.
If you want to access by computer name, you must use DNS
0
 
xrokCommented:
One more thing, VPN setup on Router when it ask for subnet for other side use x to 0
0
 
minmeiConnect With a Mentor Commented:
About how the VPN thing works...

VPN is usally a tunneled, encrypted stream, from one host to another, mostly connecting one or more networks, sometimes just hosts.

If you are on host 192.168.1.4, and you want to get to host 192.168.2.8 (another site thru VPN, this is how it goes.

Packet comes from 192.168.1.4 -> to default gateway, usually the VPN end device, or the gateway sends all traffic to 192.168.2.x to the VPN end device.

Packet gets to end VPN device. VPN device encrypts packet, adds new header (source is VPN outside address, destination is outside address of other end VPN device (this is why the Linksys asked for this address - called it remote security gateway).

Packet goes over Internet to other VPN device (remote security gateway).

VPN device gets packet, strips header, unencrypts packet, puts on local network, sends to 192.168.2.8.

The local range is needed to specify which source address can get sent thru the VPN, and the remote range is needed to determine whether the traffic needs to go thru the VPN or not.

Maybe this will help.


0
 
magicommincCommented:
To avoid confusion:
Site-to-Site VPN: duplicate internal IP range should be avoid.
Remote-access VPN: client IP address should not be matter since VPN ataptor will overwrite it with VPN assigned IP.
WKalata, your assumption is correct: Local Secure Group would be whatever is behind the router and Remote Secure Group would be whatever behind the remote router. In your case, you want to Site-to-site VPN, and the internal IP range should be different.
Remote Security Gateway should be the WAN IP address of the remote router (peer).
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.