Solved

VPN with Linsys Routers

Posted on 2007-11-26
18
249 Views
Last Modified: 2010-04-21
I have two offices that I would like to connect with a VPN.

Each office has a cayman Netopia DSL modem/router. Each office also has a Linksys firewall router behind the cayman.

Office 1

Cayman public IP  1
Cayman Private IP  2
Linksys public(ish) IP 3
Linksys Private IP  4

Office 2

Cayman public IP  5
Cayman Private IP  6
Linksys public(ish) IP 7
Linksys Private IP  8

I am having trouble getting this to work.

What IPs should go in the office 2 linksys router VPN setup?

Local secure - an IP range that includes IP 8?
Remote secure -  an IP range that includes IP 4 ?
Remote Security Gateway - IP 1?

What IPs should go in the office 2 linksys router VPN setup?

Local secure - an IP range that includes IP 4?
Remote secure -  an IP range that includes IP 8 ?
Remote Security Gateway - IP 5?

Many thanks


0
Comment
Question by:hgj1357
  • 10
  • 5
  • 3
18 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 20353624
Your VPN connections have to be from the IP address of the local Linksys router (private) to the public IP address of the remote Linksys router.  It would be easier to explain using actual IP addresses, so let's assume:

Office 1:
1 = 1.2.3.1
2 = 192.168.1.1
3 = 192.168.1.2
4 = 10.0.0.1

Office 2:
5 = 1.2.4.1
6 = 192.168.101.1
7 = 192.168.101.2
8 = 10.0.1.1

NOTE first that I have used different IP address subnets on every separate network.  This is important as otherwise your IP routing will not work properly.

The VPN from Office 1 to Office 2 would be from the local Office 1 client router address of 10.0.0.1 to the remote Office 2 public router address of 1.2.4.1.  The VPN tunnel from Office 2 to Office 1 would be from the local Office 2 client router address of 10.0.1.1 to the remote Office 1 router public address of 1.2.3.1.

If your subnets and routing are set up properly, this should work.
0
 
LVL 2

Author Comment

by:hgj1357
ID: 20353916
What IP range do use for 'remote secure group'?
0
 
LVL 2

Author Comment

by:hgj1357
ID: 20353976
These are the three things the Linksys needs:

Local Secure Group: (Range)
Remote Secure Group: (Range)
Remote Security Gateway: (IP Address
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 400 total points
ID: 20358781
Local secure group would be your local private IP range - 10.0.x.x
Remote secure group would be the private IP range at the remote site - 10.0.x.x
The gateways would be the public IP addresses at each end.  From Office 1, the remote gateway would be the public IP address of Office 2, and vice versa.

Since you have a private subnet that you're passing through (the theoretical 192.168.x.x subnet) to get to the remote network that you are tunnelling into, you will need to make sure that you have the port forwarding on each end set to forward incoming packets to the 10.0.x.x subnet.
0
 
LVL 2

Author Comment

by:hgj1357
ID: 20358878
THe cayman allows me to 'pinhole'

For example I can take public IP port 1723 and pinhole it to private IP port 1723.

For office 1, would this be a pinhole from 1 to 2 or from 1 to 3?-
0
 
LVL 15

Expert Comment

by:getzjd
ID: 20362687
Good luck getting those pinholes to work.  Tried and tried.. never worked for me.  Your best bet is to take the cayman out of the picture by setting it to transparent and assigning an IP to your WAN interface of the Linksys.  Once that is done, your VPN setup should be textbook.

http://www.netopia.com/support/hardware/technotes/CQG_015.html

http://netopia.com/support/hardware/technotes/CQG_022.html 
0
 
LVL 2

Author Comment

by:hgj1357
ID: 20362753
The fact that AT&T's static IPs were actually dynamic until this afternoon may have something to do with the trouble I was having!!

I'd rather not disable NAT as I don't want to lose the protection.
0
 
LVL 15

Expert Comment

by:getzjd
ID: 20365214
If you have a linksys router, you can do your NAT through that, no major difference between that and the netopia.   Let me know if you actually get it working correctly.  Static and dynamic IPs should not have made a difference during your setup (assuming they did not change right after you configured the VPN)
0
 
LVL 2

Author Comment

by:hgj1357
ID: 20370507
Yes, the dynamic IPs changed and I thought I had static.

I used IP map at each end and it now works. (At least my Linksys router says "connected"!

Next question. Now that I am 'connected', how do I actually access resources from the other end?

I can not ping any servers over there.
0
 
LVL 2

Author Comment

by:hgj1357
ID: 20370531
Hang on!

Yes I can. I can ping them. But I still can't access resources there.

How do I map a drive?
0
 
LVL 15

Assisted Solution

by:getzjd
getzjd earned 100 total points
ID: 20370659
What gateway do you have the servers pointing at?
Try pointing them at the linkys routers and see what happens
0
 
LVL 38

Assisted Solution

by:Hypercat (Deb)
Hypercat (Deb) earned 400 total points
ID: 20374018
Accessing resources involves connecting to and authenticating with whatever network OS you have at the opposite end of the tunnel.  It would probably be best to post further questions in the appropriate zone for your OS, with details on the VPN setup and your network software configuration.
0
 
LVL 2

Author Comment

by:hgj1357
ID: 20375107
WHo gets the points for this?

I had it setup right to start with. AT+T ruined me!!

0
 
LVL 15

Expert Comment

by:getzjd
ID: 20375197
Oh just split them up... doesnt matter to me
0
 
LVL 15

Expert Comment

by:getzjd
ID: 20375230
what was the prolbem with accessing the resources?
0
 
LVL 2

Author Comment

by:hgj1357
ID: 20375506
My main office SBS 2003 server has two NICS, one connects to the Cayman Netopia using IMAP and exchange uses that public-ed IP. Also my remote email access. The second NIC connect to the Linksys but no gateway is defined on this NIC as Windows warned me not use two gateways on disparate networks.

Can I safely set the gateway on this NIC to be the Linksys without monkeying up the mail service?


From the remote site I can ping IPs but not netbios names. I can't NET USE X: \\SVR1\DATA to access resources.
0
 
LVL 2

Author Comment

by:hgj1357
ID: 20376584
I should post this on the SBS forum.

Thanks chaps`!
0
 
LVL 2

Author Closing Comment

by:hgj1357
ID: 31411088
When AT&T gives you a static IP - always check to see if it is actually dynamic!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hi there, This article summarizes what you need if you are going to set up your home or small business Network Attached Storage (NAS) to be accessible from the internet. Of course there are configuration differences based on your NAS or router ma…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now