VPN Question

Posted on 2005-04-26
Medium Priority
Last Modified: 2010-04-10
I recently bought two linksys routers which claim to have VPN capability.  They are at two locations.  Each location has a single, static IP address, and several computers behind each router.

I was hoping to learn more about how a VPN should work.  Can both sides remain under the same subnet (, or will one need to be

It is asking for three fields which I am not completely sure I understand.

Local Secure Group, which accepts a host, and netmask; OR ip address; OR ip range
Remote Secure Group, which accepts a host, and netmask; or ip address; OR ip range
Remote Security Gateway, which accepts an IP address or FQDN

I'm assuming that Local Secure Group would be 192.168.x.x for whatever is behind the router it is configured on,  and Remote Secure Group would be 192.168.x.x for whatever is behind the remote router, but can they be equal?

Remote Security Gateway i am nearly positive refers to the WAN IP address of the remote router.

Somebody, please clear all of this up for me.
Question by:WKalata
  • 2
  • 2

Accepted Solution

minmei earned 900 total points
ID: 13869798

Your reasoning is good on the terms and what they mean. Although with some VPN gear you can NAT your way around the duplicate IP ranges, I would strongly recommend you changing a range to 192.168.2.x .

Good luck!

Assisted Solution

xrok earned 100 total points
ID: 13870823
VPN - You must have two different subnet.
One location - 192.168.1.x and other location - 192.168.2.x
There is no other way, Once VPN Tunnel is made, then you should able to access either side using IP.
If you want to access by computer name, you must use DNS

Expert Comment

ID: 13870847
One more thing, VPN setup on Router when it ask for subnet for other side use x to 0

Assisted Solution

minmei earned 900 total points
ID: 13871137
About how the VPN thing works...

VPN is usally a tunneled, encrypted stream, from one host to another, mostly connecting one or more networks, sometimes just hosts.

If you are on host, and you want to get to host (another site thru VPN, this is how it goes.

Packet comes from -> to default gateway, usually the VPN end device, or the gateway sends all traffic to 192.168.2.x to the VPN end device.

Packet gets to end VPN device. VPN device encrypts packet, adds new header (source is VPN outside address, destination is outside address of other end VPN device (this is why the Linksys asked for this address - called it remote security gateway).

Packet goes over Internet to other VPN device (remote security gateway).

VPN device gets packet, strips header, unencrypts packet, puts on local network, sends to

The local range is needed to specify which source address can get sent thru the VPN, and the remote range is needed to determine whether the traffic needs to go thru the VPN or not.

Maybe this will help.


Expert Comment

ID: 13871251
To avoid confusion:
Site-to-Site VPN: duplicate internal IP range should be avoid.
Remote-access VPN: client IP address should not be matter since VPN ataptor will overwrite it with VPN assigned IP.
WKalata, your assumption is correct: Local Secure Group would be whatever is behind the router and Remote Secure Group would be whatever behind the remote router. In your case, you want to Site-to-site VPN, and the internal IP range should be different.
Remote Security Gateway should be the WAN IP address of the remote router (peer).

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question