Setting Up a VPN

I need to setup a VPN. I was looking at the Linksys RV082 since tom's hardware guide gave it good reviews but was going to downgrade to the RV042 since it looks like it supports more tunnels than I could use in the immediate future and is a bit cheaper. I have read mixed reviews on the RV042 though.

Basically I have a warehouse with a central infrastructure. The satellite stores around town need to be able to talk to a server I have at the warehouse. I want to accomplish this by going over VPN. One thing I like about the Linksys is that it provides dual WAN. This is good since I have 5 static dynamic business DSL IPs at each building. I will have to call AT&T but do the business dsl lines usually share the bandwidth between all IPs or does each IP get its own bandwidth?

Now, the question is, how do I want the satellite stores to connect to the internet, do I want to have them do everything over the VPN, or do I just want a pass through tunnel for them to talk to the central server and have them do everything else over the IPs at their location.

If I were to do everything over the VPN then I think it would be easier to get a hardware (firewall or router)/client. Do these exist? So the actual hardware box will act as a client to the RV042 VPN server and then NAT IPs to all the computers behind it.

Or, would it be better to get a "vpn router" that will allow vpn passthrough and use the built in PPTP client that XP Pro has? This way there won't be a bottleneck on the warehouse, which has a 1.5Mbps download and 512kbps upload.

Who is Participating?
lrmooreConnect With a Mentor Commented:
dignified, that is not exactly what I had in mind....

WAN link ---> RV042
                           | ----> LAN Port -----> Switch
                                                             VLAN xyz
                                                             VLAN abc

You don't really need to use any more than 1 public IP on the WAN link of the RV042 and use Private IP addresses on the servers (192.168.178.x)  Let's say your server is
Do the same thing at each store where the LAN IP's are in different IP subnets.
Store1 =
Store2 =
Store3 =
Point the default gateway of the servers and other systems that need Internet access to the LAN IP of the RV042
There will be a permanent VPN connection between Store1's private ip and the Warehouse Private IP subnet. No need for anything else like a WinXP VPN server anywhere.
>but do the business dsl lines usually share the bandwidth between all IPs or does each IP get its own bandwidth?
1 DSL shares total bandwidth with all 5 IP addresses.

I like the idea of using an RV042 at each remote site and even at the central site.
Let each site have their own Internet access and only cross the VPN to get to the central server(s). The only way not to do that would be to have a proxy server at the central site. Then all remote Internet access comes through your bottleneck not once, not twice, but FOUR times
The RV042 is a perfect hardare client/server. They are actually "peers" and pass whatever traffic you define through the VPN tunnel.
It will simultaneously NAT and provide Stateful Packet Inspection firewall for all computers behind it.
The RV042 *is* a "vpn router". No passthrough required, don't use the PPTP client. No need for it at all.
Be like Nike and just do it!

dignifiedAuthor Commented:
Thank you, I do need to just do it hehe... I'm the same poster who was asking about segmenting the network with vlans ( I just have never used any of this high end hardware before so I am a little hesitant to go out and spend a thousand dollars before I fully understand my needs. I'm getting there though. I think I will definitely go out and go pick an RV042 up tomorrow so I can at least play with that for a day or two. I like the fact especially that it provides SPI.

So for my setup I'm still unsure about one thing and I will try my best to explain it.

So if I have WAN ip addresses at the warehouses of 1.1.1.[1-5]. I can get an L3 switch and plug the WAN into one port and assign a vlan of Then I plug the RV042 into a port assigned the same VLAN, let's say the VPN has WAN ip Then I plug in the server into the RV042 and any other computers at the warehouse that need to be on the VPN.

Then, remember, I have a second VLAN that needs to be completely isolated from the internet minus one computer, I'll put those computers on So then, would I just make a VLAN for and assign another IP, lets say, to a port on the switch and then use an access list to pass through the one computer? Would I not need to put another firewall up in front of that? If I used another firewall, could I settle for an L2 switch?

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

>but do the business dsl lines usually share the bandwidth between all IPs or does each IP get its own bandwidth?>  Each static IP should be guaranteed to have it's own bandwidth size, otherwise what's the point? You're paying for it, you should get it. Call tech support at AT&T: 1-800-219-9786 and confirm this. It's been a few years since I was a dsl tech for SBC, but even tho AT&T bought them out, it should be the same..Booda2us
dignifiedAuthor Commented:
I don't think they do actually, but I will call to make sure. Because it is just one line being run to your building. You'd need 5 separate lines.
I would say you are generaly better off with the winxp VPN server, it is normaly more flexable and can be more easily integrated into the rest of your system (paswords etc).
dignifiedAuthor Commented:
So that diagram *is* what you have in mind? That switch should be an L3 switch also?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.