VPN with Linsys Routers

I have two offices that I would like to connect with a VPN.

Each office has a cayman Netopia DSL modem/router. Each office also has a Linksys firewall router behind the cayman.

Office 1

Cayman public IP  1
Cayman Private IP  2
Linksys public(ish) IP 3
Linksys Private IP  4

Office 2

Cayman public IP  5
Cayman Private IP  6
Linksys public(ish) IP 7
Linksys Private IP  8

I am having trouble getting this to work.

What IPs should go in the office 2 linksys router VPN setup?

Local secure - an IP range that includes IP 8?
Remote secure -  an IP range that includes IP 4 ?
Remote Security Gateway - IP 1?

What IPs should go in the office 2 linksys router VPN setup?

Local secure - an IP range that includes IP 4?
Remote secure -  an IP range that includes IP 8 ?
Remote Security Gateway - IP 5?

Many thanks


LVL 2
hgj1357Asked:
Who is Participating?
 
Hypercat (Deb)Commented:
Local secure group would be your local private IP range - 10.0.x.x
Remote secure group would be the private IP range at the remote site - 10.0.x.x
The gateways would be the public IP addresses at each end.  From Office 1, the remote gateway would be the public IP address of Office 2, and vice versa.

Since you have a private subnet that you're passing through (the theoretical 192.168.x.x subnet) to get to the remote network that you are tunnelling into, you will need to make sure that you have the port forwarding on each end set to forward incoming packets to the 10.0.x.x subnet.
0
 
Hypercat (Deb)Commented:
Your VPN connections have to be from the IP address of the local Linksys router (private) to the public IP address of the remote Linksys router.  It would be easier to explain using actual IP addresses, so let's assume:

Office 1:
1 = 1.2.3.1
2 = 192.168.1.1
3 = 192.168.1.2
4 = 10.0.0.1

Office 2:
5 = 1.2.4.1
6 = 192.168.101.1
7 = 192.168.101.2
8 = 10.0.1.1

NOTE first that I have used different IP address subnets on every separate network.  This is important as otherwise your IP routing will not work properly.

The VPN from Office 1 to Office 2 would be from the local Office 1 client router address of 10.0.0.1 to the remote Office 2 public router address of 1.2.4.1.  The VPN tunnel from Office 2 to Office 1 would be from the local Office 2 client router address of 10.0.1.1 to the remote Office 1 router public address of 1.2.3.1.

If your subnets and routing are set up properly, this should work.
0
 
hgj1357Author Commented:
What IP range do use for 'remote secure group'?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
hgj1357Author Commented:
These are the three things the Linksys needs:

Local Secure Group: (Range)
Remote Secure Group: (Range)
Remote Security Gateway: (IP Address
0
 
hgj1357Author Commented:
THe cayman allows me to 'pinhole'

For example I can take public IP port 1723 and pinhole it to private IP port 1723.

For office 1, would this be a pinhole from 1 to 2 or from 1 to 3?-
0
 
getzjdCommented:
Good luck getting those pinholes to work.  Tried and tried.. never worked for me.  Your best bet is to take the cayman out of the picture by setting it to transparent and assigning an IP to your WAN interface of the Linksys.  Once that is done, your VPN setup should be textbook.

http://www.netopia.com/support/hardware/technotes/CQG_015.html

http://netopia.com/support/hardware/technotes/CQG_022.html 
0
 
hgj1357Author Commented:
The fact that AT&T's static IPs were actually dynamic until this afternoon may have something to do with the trouble I was having!!

I'd rather not disable NAT as I don't want to lose the protection.
0
 
getzjdCommented:
If you have a linksys router, you can do your NAT through that, no major difference between that and the netopia.   Let me know if you actually get it working correctly.  Static and dynamic IPs should not have made a difference during your setup (assuming they did not change right after you configured the VPN)
0
 
hgj1357Author Commented:
Yes, the dynamic IPs changed and I thought I had static.

I used IP map at each end and it now works. (At least my Linksys router says "connected"!

Next question. Now that I am 'connected', how do I actually access resources from the other end?

I can not ping any servers over there.
0
 
hgj1357Author Commented:
Hang on!

Yes I can. I can ping them. But I still can't access resources there.

How do I map a drive?
0
 
getzjdCommented:
What gateway do you have the servers pointing at?
Try pointing them at the linkys routers and see what happens
0
 
Hypercat (Deb)Commented:
Accessing resources involves connecting to and authenticating with whatever network OS you have at the opposite end of the tunnel.  It would probably be best to post further questions in the appropriate zone for your OS, with details on the VPN setup and your network software configuration.
0
 
hgj1357Author Commented:
WHo gets the points for this?

I had it setup right to start with. AT+T ruined me!!

0
 
getzjdCommented:
Oh just split them up... doesnt matter to me
0
 
getzjdCommented:
what was the prolbem with accessing the resources?
0
 
hgj1357Author Commented:
My main office SBS 2003 server has two NICS, one connects to the Cayman Netopia using IMAP and exchange uses that public-ed IP. Also my remote email access. The second NIC connect to the Linksys but no gateway is defined on this NIC as Windows warned me not use two gateways on disparate networks.

Can I safely set the gateway on this NIC to be the Linksys without monkeying up the mail service?


From the remote site I can ping IPs but not netbios names. I can't NET USE X: \\SVR1\DATA to access resources.
0
 
hgj1357Author Commented:
I should post this on the SBS forum.

Thanks chaps`!
0
 
hgj1357Author Commented:
When AT&T gives you a static IP - always check to see if it is actually dynamic!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.