Two routers at the same time?
Hi guys,
we just bought Cisco 1841-T1 router to replace Netgear FVS318 V3. I was wondering if it is possible to use Cisco router as a main router and Netgear just for VPN connection?
Thank you.
we just bought Cisco 1841-T1 router to replace Netgear FVS318 V3. I was wondering if it is possible to use Cisco router as a main router and Netgear just for VPN connection?
Thank you.
ASKER
I kinda understand what you are saying.
What we have now is two Netgear routers. One in the main office, the other one is across the road. The VPN location right now has only one pc but will have 5 more in the near future. VPN users have their own subnet (192.168.0.xxx). Main office is 192.168.1.xxx. So, basically yes, I do have a fixed list of IPs. Let's say they are 192.168.0.1 - 192.168.0.5.
What we have now is two Netgear routers. One in the main office, the other one is across the road. The VPN location right now has only one pc but will have 5 more in the near future. VPN users have their own subnet (192.168.0.xxx). Main office is 192.168.1.xxx. So, basically yes, I do have a fixed list of IPs. Let's say they are 192.168.0.1 - 192.168.0.5.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Perfect solution for me. Thank you very much.
How are the VPNs setup at the moment? Do the remote users get IPs in your subnet or are they on a seperate subnet? Do you have a fixed list of IPs that will be "VPNed" people connecting in?
What you need to overcome here is how do computers on your LAN know where to route packets to? Normal behaviour is if a computer wants to talk to another computer on the local LAN (decided by considering it's own IP address and subnet mask) it broadcasts it on the LAN, if it wants to talk to a computer it has decided is NOT on the LAN (again considering it's own IP and subnet mask) it sends the packets to its default gateway.
Again without knowing your setup I'm guessing a bit here, but basically you'll need to modify this behaviour to say: If on the LAN broadcast as normal, if trying to talk to an IP used by a VPN user send packets to the Netgear, otherwise send it to the default gateway (Cisco). You can do this with the route command on any computers that may need to talk to VPNed clients as follows -
Assume VPNed users have IPs 192.168.2.x and your LAN has IPs 192.168.1.x. The internal IP of the Cisco is 192.168.1.253 and the internal IP of the Netgear is 192.168.1.254.
Set the default gateway on all internal computers to 192.168.1.253. Now issue the command
'route -p add 192.168.2.0 mask 255.255.255.0 192.168.1.254'
This tells the computer to route all traffic for 192.168.2.x addresses to 192.168.1.254 (the Netgear).
Another option, if your Cisco allows it, is to have it send traffic destined for 192.168.2.x over to the Netgear. Only certain Ciscos support sending traffic back out the interface it came in like this. This would save the route command on the LAN PCs but puts more load on the Cisco.