matine
asked on
VPN on 2nd router - how does it work?
I need some advice about setting up an inter-office VPN.
My client has 2 offices: (office-a) with a straight ADSL the other (office-b )with a dedicated internet link (supplied by Kingston).
(Office-b) has a Cisco router owned by Kingston which delivers internet access via an ethernet port to the server network card. The server's 2nd network card is then connected to the LAN. Kingston will not do any changes to their router and say that if I want VPN then I need to install a 2nd router and configure it accordingly.
Will any ethernet router (with VPN) work and if so, will it work plugged into the LAN side? I assume VPN-passthru is enabled on the Kingston router and if so will the 2nd router on the LAN side just pick up any VPN traffic and set a link accordingly?
Any help/advice much appreciated.
My client has 2 offices: (office-a) with a straight ADSL the other (office-b )with a dedicated internet link (supplied by Kingston).
(Office-b) has a Cisco router owned by Kingston which delivers internet access via an ethernet port to the server network card. The server's 2nd network card is then connected to the LAN. Kingston will not do any changes to their router and say that if I want VPN then I need to install a 2nd router and configure it accordingly.
Will any ethernet router (with VPN) work and if so, will it work plugged into the LAN side? I assume VPN-passthru is enabled on the Kingston router and if so will the 2nd router on the LAN side just pick up any VPN traffic and set a link accordingly?
Any help/advice much appreciated.
My advice would first be not to assume that VPN passthrough is enabled on the Kingston cisco router, simply because it's easier for someone not to have done it than the other way around. Once you have verified that, the second router should be placed behind the first one and programmed to only accept the VPN requests.
ASKER
Thanks rtelson.
So just to be clear are you suggesting my router goes between the Kingston one and the server? Does VPN passthrough actually specify an i/p address or is it just forwarded untouched?
Last question: does my router need to have a seperate fixed external i/p address or will the VPN access it by using the Kingston i/p (and thereby forwarded to mine)?
So just to be clear are you suggesting my router goes between the Kingston one and the server? Does VPN passthrough actually specify an i/p address or is it just forwarded untouched?
Last question: does my router need to have a seperate fixed external i/p address or will the VPN access it by using the Kingston i/p (and thereby forwarded to mine)?
What model Cisco unit did Kingston supply?
Also does the server currently have a public IP assigned to it, or is it a private IP assigned by the Kingston /Cisco unit?
Also does the server currently have a public IP assigned to it, or is it a private IP assigned by the Kingston /Cisco unit?
ASKER
It's a Cisco 1700 but I don't think that's relevent as it's theirs and I can't do any changes to it's configuration.
The server does have a public i/p (for smtp).
The server does have a public i/p (for smtp).
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
rtelson: thanks for your advice so far.
RobWill: can you explain a bit more about the i/p settings. The public i/p at the moment is the WAN interface of the server. Why does my router, when it's installed, have to take this over? If it does, what do I set the WAN interface to on the Server?
RobWill: can you explain a bit more about the i/p settings. The public i/p at the moment is the WAN interface of the server. Why does my router, when it's installed, have to take this over? If it does, what do I set the WAN interface to on the Server?
If you install a router, it's WAN interface will assume the public IP as it will be 'facing' the Internet. Since 2 devices cannot have the same IP, you will then use NAT (Network Address Translation) to assign a private IP to the server, and then just forward the appropriate traffic, usually port 25/SMTP, to the server. This is very common.
If you have multiple Public IP's you may be able to assign different Public IP's to both and assuming the router has the capability, pass all traffic for that IP directly to the server.
If you have multiple Public IP's you may be able to assign different Public IP's to both and assuming the router has the capability, pass all traffic for that IP directly to the server.
ASKER
Thanks chaps - you've clarified the setup and I will give it a go. I've split the points between you. It's my first question here and I'm impressed.
Thanks matine. Good luck with it.
Cheers !
--Rob
Cheers !
--Rob