Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Setting Up a VPN

Posted on 2006-06-15
Medium Priority
Last Modified: 2012-05-05
I need to setup a VPN. I was looking at the Linksys RV082 since tom's hardware guide gave it good reviews but was going to downgrade to the RV042 since it looks like it supports more tunnels than I could use in the immediate future and is a bit cheaper. I have read mixed reviews on the RV042 though.

Basically I have a warehouse with a central infrastructure. The satellite stores around town need to be able to talk to a server I have at the warehouse. I want to accomplish this by going over VPN. One thing I like about the Linksys is that it provides dual WAN. This is good since I have 5 static dynamic business DSL IPs at each building. I will have to call AT&T but do the business dsl lines usually share the bandwidth between all IPs or does each IP get its own bandwidth?

Now, the question is, how do I want the satellite stores to connect to the internet, do I want to have them do everything over the VPN, or do I just want a pass through tunnel for them to talk to the central server and have them do everything else over the IPs at their location.

If I were to do everything over the VPN then I think it would be easier to get a hardware (firewall or router)/client. Do these exist? So the actual hardware box will act as a client to the RV042 VPN server and then NAT IPs to all the computers behind it.

Or, would it be better to get a "vpn router" that will allow vpn passthrough and use the built in PPTP client that XP Pro has? This way there won't be a bottleneck on the warehouse, which has a 1.5Mbps download and 512kbps upload.

Question by:dignified
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 79

Expert Comment

ID: 16917436
>but do the business dsl lines usually share the bandwidth between all IPs or does each IP get its own bandwidth?
1 DSL shares total bandwidth with all 5 IP addresses.

I like the idea of using an RV042 at each remote site and even at the central site.
Let each site have their own Internet access and only cross the VPN to get to the central server(s). The only way not to do that would be to have a proxy server at the central site. Then all remote Internet access comes through your bottleneck not once, not twice, but FOUR times
The RV042 is a perfect hardare client/server. They are actually "peers" and pass whatever traffic you define through the VPN tunnel.
It will simultaneously NAT and provide Stateful Packet Inspection firewall for all computers behind it.
The RV042 *is* a "vpn router". No passthrough required, don't use the PPTP client. No need for it at all.
Be like Nike and just do it!


Author Comment

ID: 16917864
Thank you, I do need to just do it hehe... I'm the same poster who was asking about segmenting the network with vlans (http://www.experts-exchange.com/Networking/Q_21882823.html) I just have never used any of this high end hardware before so I am a little hesitant to go out and spend a thousand dollars before I fully understand my needs. I'm getting there though. I think I will definitely go out and go pick an RV042 up tomorrow so I can at least play with that for a day or two. I like the fact especially that it provides SPI.

So for my setup I'm still unsure about one thing and I will try my best to explain it.

So if I have WAN ip addresses at the warehouses of 1.1.1.[1-5]. I can get an L3 switch and plug the WAN into one port and assign a vlan of Then I plug the RV042 into a port assigned the same VLAN, let's say the VPN has WAN ip Then I plug in the server into the RV042 and any other computers at the warehouse that need to be on the VPN.

Then, remember, I have a second VLAN that needs to be completely isolated from the internet minus one computer, I'll put those computers on So then, would I just make a VLAN for and assign another IP, lets say, to a port on the switch and then use an access list to pass through the one computer? Would I not need to put another firewall up in front of that? If I used another firewall, could I settle for an L2 switch?


Expert Comment

ID: 16918180
>but do the business dsl lines usually share the bandwidth between all IPs or does each IP get its own bandwidth?>  Each static IP should be guaranteed to have it's own bandwidth size, otherwise what's the point? You're paying for it, you should get it. Call tech support at AT&T: 1-800-219-9786 and confirm this. It's been a few years since I was a dsl tech for SBC, but even tho AT&T bought them out, it should be the same..Booda2us
Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control


Author Comment

ID: 16918186
I don't think they do actually, but I will call to make sure. Because it is just one line being run to your building. You'd need 5 separate lines.

Expert Comment

ID: 16919758
I would say you are generaly better off with the winxp VPN server, it is normaly more flexable and can be more easily integrated into the rest of your system (paswords etc).
LVL 79

Accepted Solution

lrmoore earned 1000 total points
ID: 16920204
dignified, that is not exactly what I had in mind....

WAN link ---> RV042
                           | ----> LAN Port -----> Switch
                                                             VLAN xyz
                                                             VLAN abc

You don't really need to use any more than 1 public IP on the WAN link of the RV042 and use Private IP addresses on the servers (192.168.178.x)  Let's say your server is
Do the same thing at each store where the LAN IP's are in different IP subnets.
Store1 =
Store2 =
Store3 =
Point the default gateway of the servers and other systems that need Internet access to the LAN IP of the RV042
There will be a permanent VPN connection between Store1's private ip and the Warehouse Private IP subnet. No need for anything else like a WinXP VPN server anywhere.

Author Comment

ID: 16920491
So that diagram *is* what you have in mind? That switch should be an L3 switch also?

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
This program is used to assist in finding and resolving common problems with wireless connections.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

596 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question