Setting Up a VPN

Posted on 2006-06-15
Last Modified: 2012-05-05
I need to setup a VPN. I was looking at the Linksys RV082 since tom's hardware guide gave it good reviews but was going to downgrade to the RV042 since it looks like it supports more tunnels than I could use in the immediate future and is a bit cheaper. I have read mixed reviews on the RV042 though.

Basically I have a warehouse with a central infrastructure. The satellite stores around town need to be able to talk to a server I have at the warehouse. I want to accomplish this by going over VPN. One thing I like about the Linksys is that it provides dual WAN. This is good since I have 5 static dynamic business DSL IPs at each building. I will have to call AT&T but do the business dsl lines usually share the bandwidth between all IPs or does each IP get its own bandwidth?

Now, the question is, how do I want the satellite stores to connect to the internet, do I want to have them do everything over the VPN, or do I just want a pass through tunnel for them to talk to the central server and have them do everything else over the IPs at their location.

If I were to do everything over the VPN then I think it would be easier to get a hardware (firewall or router)/client. Do these exist? So the actual hardware box will act as a client to the RV042 VPN server and then NAT IPs to all the computers behind it.

Or, would it be better to get a "vpn router" that will allow vpn passthrough and use the built in PPTP client that XP Pro has? This way there won't be a bottleneck on the warehouse, which has a 1.5Mbps download and 512kbps upload.

Question by:dignified
LVL 79

Expert Comment

ID: 16917436
>but do the business dsl lines usually share the bandwidth between all IPs or does each IP get its own bandwidth?
1 DSL shares total bandwidth with all 5 IP addresses.

I like the idea of using an RV042 at each remote site and even at the central site.
Let each site have their own Internet access and only cross the VPN to get to the central server(s). The only way not to do that would be to have a proxy server at the central site. Then all remote Internet access comes through your bottleneck not once, not twice, but FOUR times
The RV042 is a perfect hardare client/server. They are actually "peers" and pass whatever traffic you define through the VPN tunnel.
It will simultaneously NAT and provide Stateful Packet Inspection firewall for all computers behind it.
The RV042 *is* a "vpn router". No passthrough required, don't use the PPTP client. No need for it at all.
Be like Nike and just do it!


Author Comment

ID: 16917864
Thank you, I do need to just do it hehe... I'm the same poster who was asking about segmenting the network with vlans ( I just have never used any of this high end hardware before so I am a little hesitant to go out and spend a thousand dollars before I fully understand my needs. I'm getting there though. I think I will definitely go out and go pick an RV042 up tomorrow so I can at least play with that for a day or two. I like the fact especially that it provides SPI.

So for my setup I'm still unsure about one thing and I will try my best to explain it.

So if I have WAN ip addresses at the warehouses of 1.1.1.[1-5]. I can get an L3 switch and plug the WAN into one port and assign a vlan of Then I plug the RV042 into a port assigned the same VLAN, let's say the VPN has WAN ip Then I plug in the server into the RV042 and any other computers at the warehouse that need to be on the VPN.

Then, remember, I have a second VLAN that needs to be completely isolated from the internet minus one computer, I'll put those computers on So then, would I just make a VLAN for and assign another IP, lets say, to a port on the switch and then use an access list to pass through the one computer? Would I not need to put another firewall up in front of that? If I used another firewall, could I settle for an L2 switch?


Expert Comment

ID: 16918180
>but do the business dsl lines usually share the bandwidth between all IPs or does each IP get its own bandwidth?>  Each static IP should be guaranteed to have it's own bandwidth size, otherwise what's the point? You're paying for it, you should get it. Call tech support at AT&T: 1-800-219-9786 and confirm this. It's been a few years since I was a dsl tech for SBC, but even tho AT&T bought them out, it should be the same..Booda2us
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.


Author Comment

ID: 16918186
I don't think they do actually, but I will call to make sure. Because it is just one line being run to your building. You'd need 5 separate lines.

Expert Comment

ID: 16919758
I would say you are generaly better off with the winxp VPN server, it is normaly more flexable and can be more easily integrated into the rest of your system (paswords etc).
LVL 79

Accepted Solution

lrmoore earned 250 total points
ID: 16920204
dignified, that is not exactly what I had in mind....

WAN link ---> RV042
                           | ----> LAN Port -----> Switch
                                                             VLAN xyz
                                                             VLAN abc

You don't really need to use any more than 1 public IP on the WAN link of the RV042 and use Private IP addresses on the servers (192.168.178.x)  Let's say your server is
Do the same thing at each store where the LAN IP's are in different IP subnets.
Store1 =
Store2 =
Store3 =
Point the default gateway of the servers and other systems that need Internet access to the LAN IP of the RV042
There will be a permanent VPN connection between Store1's private ip and the Warehouse Private IP subnet. No need for anything else like a WinXP VPN server anywhere.

Author Comment

ID: 16920491
So that diagram *is* what you have in mind? That switch should be an L3 switch also?

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Guest Wireless in a Business Environment 6 91
Vyos VLANs 14 33
Solar Winds can't see SQL Server Express 17 32
Connection Dropouts to Database on Windows Server 2008 R2 DFS 12 18
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Internet Business Fax to Email Made Easy - With  eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question