Solved

Setting Up a VPN

Posted on 2006-06-15
7
605 Views
Last Modified: 2012-05-05
I need to setup a VPN. I was looking at the Linksys RV082 since tom's hardware guide gave it good reviews but was going to downgrade to the RV042 since it looks like it supports more tunnels than I could use in the immediate future and is a bit cheaper. I have read mixed reviews on the RV042 though.

Basically I have a warehouse with a central infrastructure. The satellite stores around town need to be able to talk to a server I have at the warehouse. I want to accomplish this by going over VPN. One thing I like about the Linksys is that it provides dual WAN. This is good since I have 5 static dynamic business DSL IPs at each building. I will have to call AT&T but do the business dsl lines usually share the bandwidth between all IPs or does each IP get its own bandwidth?

Now, the question is, how do I want the satellite stores to connect to the internet, do I want to have them do everything over the VPN, or do I just want a pass through tunnel for them to talk to the central server and have them do everything else over the IPs at their location.

If I were to do everything over the VPN then I think it would be easier to get a hardware (firewall or router)/client. Do these exist? So the actual hardware box will act as a client to the RV042 VPN server and then NAT IPs to all the computers behind it.

Or, would it be better to get a "vpn router" that will allow vpn passthrough and use the built in PPTP client that XP Pro has? This way there won't be a bottleneck on the warehouse, which has a 1.5Mbps download and 512kbps upload.

0
Comment
Question by:dignified
7 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 16917436
>but do the business dsl lines usually share the bandwidth between all IPs or does each IP get its own bandwidth?
1 DSL shares total bandwidth with all 5 IP addresses.

I like the idea of using an RV042 at each remote site and even at the central site.
Let each site have their own Internet access and only cross the VPN to get to the central server(s). The only way not to do that would be to have a proxy server at the central site. Then all remote Internet access comes through your bottleneck not once, not twice, but FOUR times
The RV042 is a perfect hardare client/server. They are actually "peers" and pass whatever traffic you define through the VPN tunnel.
It will simultaneously NAT and provide Stateful Packet Inspection firewall for all computers behind it.
The RV042 *is* a "vpn router". No passthrough required, don't use the PPTP client. No need for it at all.
Be like Nike and just do it!

0
 

Author Comment

by:dignified
ID: 16917864
Thank you, I do need to just do it hehe... I'm the same poster who was asking about segmenting the network with vlans (http://www.experts-exchange.com/Networking/Q_21882823.html) I just have never used any of this high end hardware before so I am a little hesitant to go out and spend a thousand dollars before I fully understand my needs. I'm getting there though. I think I will definitely go out and go pick an RV042 up tomorrow so I can at least play with that for a day or two. I like the fact especially that it provides SPI.

So for my setup I'm still unsure about one thing and I will try my best to explain it.

So if I have WAN ip addresses at the warehouses of 1.1.1.[1-5]. I can get an L3 switch and plug the WAN into one port and assign a vlan of 1.1.1.0. Then I plug the RV042 into a port assigned the same VLAN, let's say the VPN has WAN ip 1.1.1.1. Then I plug in the server into the RV042 and any other computers at the warehouse that need to be on the VPN.

Then, remember, I have a second VLAN that needs to be completely isolated from the internet minus one computer, I'll put those computers on 192.168.2.0. So then, would I just make a VLAN for 192.168.2.0 and assign another IP, lets say 1.1.1.2, to a port on the switch and then use an access list to pass through the one computer? Would I not need to put another firewall up in front of that? If I used another firewall, could I settle for an L2 switch?



0
 
LVL 6

Expert Comment

by:Booda2us
ID: 16918180
>but do the business dsl lines usually share the bandwidth between all IPs or does each IP get its own bandwidth?>  Each static IP should be guaranteed to have it's own bandwidth size, otherwise what's the point? You're paying for it, you should get it. Call tech support at AT&T: 1-800-219-9786 and confirm this. It's been a few years since I was a dsl tech for SBC, but even tho AT&T bought them out, it should be the same..Booda2us
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:dignified
ID: 16918186
I don't think they do actually, but I will call to make sure. Because it is just one line being run to your building. You'd need 5 separate lines.
0
 
LVL 2

Expert Comment

by:Mrkaras
ID: 16919758
I would say you are generaly better off with the winxp VPN server, it is normaly more flexable and can be more easily integrated into the rest of your system (paswords etc).
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 16920204
dignified, that is not exactly what I had in mind....

WAN link ---> RV042
                           | ----> LAN Port -----> Switch
                                                             VLAN xyz
                                                               |
                                                             VLAN abc

You don't really need to use any more than 1 public IP on the WAN link of the RV042 and use Private IP addresses on the servers (192.168.178.x)  Let's say your server is 192.168.178.22
Do the same thing at each store where the LAN IP's are in different IP subnets.
Store1 = 192.168.191.0
Store2 = 192.168.192.0
Store3 = 192.168.193.0
<etc>
Point the default gateway of the servers and other systems that need Internet access to the LAN IP of the RV042
There will be a permanent VPN connection between Store1's private ip and the Warehouse Private IP subnet. No need for anything else like a WinXP VPN server anywhere.
0
 

Author Comment

by:dignified
ID: 16920491
So that diagram *is* what you have in mind? That switch should be an L3 switch also?
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now