Solved

VPN with Linsys Routers

Posted on 2007-11-26
18
245 Views
Last Modified: 2010-04-21
I have two offices that I would like to connect with a VPN.

Each office has a cayman Netopia DSL modem/router. Each office also has a Linksys firewall router behind the cayman.

Office 1

Cayman public IP  1
Cayman Private IP  2
Linksys public(ish) IP 3
Linksys Private IP  4

Office 2

Cayman public IP  5
Cayman Private IP  6
Linksys public(ish) IP 7
Linksys Private IP  8

I am having trouble getting this to work.

What IPs should go in the office 2 linksys router VPN setup?

Local secure - an IP range that includes IP 8?
Remote secure -  an IP range that includes IP 4 ?
Remote Security Gateway - IP 1?

What IPs should go in the office 2 linksys router VPN setup?

Local secure - an IP range that includes IP 4?
Remote secure -  an IP range that includes IP 8 ?
Remote Security Gateway - IP 5?

Many thanks


0
Comment
Question by:hgj1357
  • 10
  • 5
  • 3
18 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
Comment Utility
Your VPN connections have to be from the IP address of the local Linksys router (private) to the public IP address of the remote Linksys router.  It would be easier to explain using actual IP addresses, so let's assume:

Office 1:
1 = 1.2.3.1
2 = 192.168.1.1
3 = 192.168.1.2
4 = 10.0.0.1

Office 2:
5 = 1.2.4.1
6 = 192.168.101.1
7 = 192.168.101.2
8 = 10.0.1.1

NOTE first that I have used different IP address subnets on every separate network.  This is important as otherwise your IP routing will not work properly.

The VPN from Office 1 to Office 2 would be from the local Office 1 client router address of 10.0.0.1 to the remote Office 2 public router address of 1.2.4.1.  The VPN tunnel from Office 2 to Office 1 would be from the local Office 2 client router address of 10.0.1.1 to the remote Office 1 router public address of 1.2.3.1.

If your subnets and routing are set up properly, this should work.
0
 
LVL 2

Author Comment

by:hgj1357
Comment Utility
What IP range do use for 'remote secure group'?
0
 
LVL 2

Author Comment

by:hgj1357
Comment Utility
These are the three things the Linksys needs:

Local Secure Group: (Range)
Remote Secure Group: (Range)
Remote Security Gateway: (IP Address
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 400 total points
Comment Utility
Local secure group would be your local private IP range - 10.0.x.x
Remote secure group would be the private IP range at the remote site - 10.0.x.x
The gateways would be the public IP addresses at each end.  From Office 1, the remote gateway would be the public IP address of Office 2, and vice versa.

Since you have a private subnet that you're passing through (the theoretical 192.168.x.x subnet) to get to the remote network that you are tunnelling into, you will need to make sure that you have the port forwarding on each end set to forward incoming packets to the 10.0.x.x subnet.
0
 
LVL 2

Author Comment

by:hgj1357
Comment Utility
THe cayman allows me to 'pinhole'

For example I can take public IP port 1723 and pinhole it to private IP port 1723.

For office 1, would this be a pinhole from 1 to 2 or from 1 to 3?-
0
 
LVL 15

Expert Comment

by:getzjd
Comment Utility
Good luck getting those pinholes to work.  Tried and tried.. never worked for me.  Your best bet is to take the cayman out of the picture by setting it to transparent and assigning an IP to your WAN interface of the Linksys.  Once that is done, your VPN setup should be textbook.

http://www.netopia.com/support/hardware/technotes/CQG_015.html

http://netopia.com/support/hardware/technotes/CQG_022.html  
0
 
LVL 2

Author Comment

by:hgj1357
Comment Utility
The fact that AT&T's static IPs were actually dynamic until this afternoon may have something to do with the trouble I was having!!

I'd rather not disable NAT as I don't want to lose the protection.
0
 
LVL 15

Expert Comment

by:getzjd
Comment Utility
If you have a linksys router, you can do your NAT through that, no major difference between that and the netopia.   Let me know if you actually get it working correctly.  Static and dynamic IPs should not have made a difference during your setup (assuming they did not change right after you configured the VPN)
0
 
LVL 2

Author Comment

by:hgj1357
Comment Utility
Yes, the dynamic IPs changed and I thought I had static.

I used IP map at each end and it now works. (At least my Linksys router says "connected"!

Next question. Now that I am 'connected', how do I actually access resources from the other end?

I can not ping any servers over there.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 2

Author Comment

by:hgj1357
Comment Utility
Hang on!

Yes I can. I can ping them. But I still can't access resources there.

How do I map a drive?
0
 
LVL 15

Assisted Solution

by:getzjd
getzjd earned 100 total points
Comment Utility
What gateway do you have the servers pointing at?
Try pointing them at the linkys routers and see what happens
0
 
LVL 38

Assisted Solution

by:Hypercat (Deb)
Hypercat (Deb) earned 400 total points
Comment Utility
Accessing resources involves connecting to and authenticating with whatever network OS you have at the opposite end of the tunnel.  It would probably be best to post further questions in the appropriate zone for your OS, with details on the VPN setup and your network software configuration.
0
 
LVL 2

Author Comment

by:hgj1357
Comment Utility
WHo gets the points for this?

I had it setup right to start with. AT+T ruined me!!

0
 
LVL 15

Expert Comment

by:getzjd
Comment Utility
Oh just split them up... doesnt matter to me
0
 
LVL 15

Expert Comment

by:getzjd
Comment Utility
what was the prolbem with accessing the resources?
0
 
LVL 2

Author Comment

by:hgj1357
Comment Utility
My main office SBS 2003 server has two NICS, one connects to the Cayman Netopia using IMAP and exchange uses that public-ed IP. Also my remote email access. The second NIC connect to the Linksys but no gateway is defined on this NIC as Windows warned me not use two gateways on disparate networks.

Can I safely set the gateway on this NIC to be the Linksys without monkeying up the mail service?


From the remote site I can ping IPs but not netbios names. I can't NET USE X: \\SVR1\DATA to access resources.
0
 
LVL 2

Author Comment

by:hgj1357
Comment Utility
I should post this on the SBS forum.

Thanks chaps`!
0
 
LVL 2

Author Closing Comment

by:hgj1357
Comment Utility
When AT&T gives you a static IP - always check to see if it is actually dynamic!
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
EIGRP  router failure 14 28
Cisco Sup720 Migrate to Sup2T 5 35
clean-up rule netscreen firewall 3 54
server plus 2 43
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now