?
Solved

Set Up 2 Subnets

Posted on 2010-01-09
15
Medium Priority
?
306 Views
Last Modified: 2012-05-08
Hi,  We use the At&T Global Network VPN, and by the design, this software shuts down all other connections on our lan when in use.  A tech guy at At&T suggested we try running this software on a "different subnet".   We have a standard issue Linksys router.  How would we set this up?  Would we need also need new IP address from our ISP?  
0
Comment
Question by:cnsguy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
  • 3
15 Comments
 
LVL 9

Expert Comment

by:jfer0x01
ID: 26274414
I noticed you asked this question before.

Removing the "default gateway" on your LAN Card should work.

What model Linksys? I do not think a regular Linksys will be able to do this.

I any case, what he means is to have a another set of "internal" ip subnets, not through the ISP.

You may have to set up a different DHCP subnet to push out the new ip subnet.

This could require additional equipment purchase, such as another router or a dhcp server to push out new, you may want to reconsider using another VPN client application that does not cause this.

Jfer

0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 26274538
Hi,

According to this old post

http://www.dslreports.com/forum/remark,7866589

supposedly disabling upnp on the router helped someone established vpn connection and maintain lan connection simultaneously

It's at least worth a shot

Jfer
0
 

Author Comment

by:cnsguy
ID: 26274588
Yes, I did ask this question before and i have not received the answer I am looking for.    What do you mean "remove the default gateway on my lan card" ?

I think it is the very common linksys router than sells fro about $60.  Sorry not in office to get model number.  It has two attenea on it.

If my router would support an set of internal IP subnets,  what settings in the router would I change?

If I simply purchase another router, how would I configure it?

I do not have the option of using a different VPN client

Thanks
0
ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

 

Author Comment

by:cnsguy
ID: 26274716
Jfer, I appreciate the idea, but what I am really looking for is directions on how to set up a different subnet for the AT&T VPN, either by making a change in my Linksys router or by purchasing an additional router.  Can you tell me that please?
0
 
LVL 10

Expert Comment

by:lanboyo
ID: 26274875
When you say it shuts down all other connections, do you mean that it makes it impossible for that workstation to connect to other devices on the local network when it is connected to the corporate network via the vpn client? If so, this is a deliberate feature of the vpn configuration. If you want to connect to both the VPN and local subnet resources, you will likely need to have a feature called split tunneling enabled.

If you have been workiing with tech support and the particular IP subnet is causing problems with the split tunneling you are trying to configure, then you would need to connect to the local router via the web interface and change the current LAN address from 192.168.1.0 to something else.

We don't have enough info to say any more however.
0
 

Author Comment

by:cnsguy
ID: 26274930
Lanboyo,

We have a small business with Windows XP and 6 PC's on the network.  When a PC connects to the AT&T VPN, all other PC's lose network connection..internet. printers etc.   Yes, this is deliberate feature, and the AT&T VPN client that we use with our Medicare systems does NOT allow split tunneling...it is disable...for maxiumum security.

So I am looking for a solution that would either:

1.  Allow any PC on the network to connect to the ATT VPN without disrupting other PC's on the network

2.  Have a dedicated PC in the office that would be used to run the ATT VPN

Thanks!
0
 
LVL 9

Accepted Solution

by:
jfer0x01 earned 1000 total points
ID: 26275118
Ok, use a Virtual Machine Then.

Get VMWare and install Vista on a VM drive and run the VPN software of the Virtual Machine.

Sounds intimidating, but, should work.

Jfer
0
 

Author Comment

by:cnsguy
ID: 26275225
Why would a VPC work if the traffic goes over the same subnet on the network?  I question that.
0
 
LVL 10

Assisted Solution

by:lanboyo
lanboyo earned 1000 total points
ID: 26275285
Just to make sure I understand....


                        cable/dsl/otherinternet
                                       |
                                    Linksys
                                       |
       -----------------------------------------------------------
        |                 |         |          |       |      |             |
     PC1            PC2     PC3     PC4   PC5   PC6   Printer


Are you saying that when PC1 connects to the ATT VPN with a client software VPN client, PCs 2-6 can no longer surf the internet or print to thier local printer? Because that would be really wierd unless PC1 is doing internet  connection sharing that the other workstations need.

If  only one workstation at a time can connect to the VPN, I have seen that before, and it is a problem involving NAT translation that usually requires a firmware upgrade to the router, or a newer router.

If the VPN is a site to site VPN that connects from your router, then you will need to do something like this....


            cable/dsl/otherinternet
               |                           |
            Linksys1             Linksys2
               |                           |
       ---------        --------------------------------------------------
        |                 |         |          |       |      |             |
     PC1            PC2     PC3     PC4   PC5   PC6   Printer

Which may require a switch and communication with your ISP to get two IP addresses at the local site

or this


            cable/dsl/otherinternet
                            |
                        Linksys1
                            |
                -----------------------
               |                           |
            Linksys2             Linksys3
               |                           |
       ---------        ------------------------------------------
        |                 |         |          |       |      |             |
     PC1            PC2     PC3     PC4   PC5   PC6   Printer
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 26275789
Easy,

it wont disable the communications of the PC that run the VM, only the Virtual Lan inside the VM

Your VPN is not disabling ALL communications, just the communication of the LAN card of the machine that runs.

0
 

Author Comment

by:cnsguy
ID: 26276020
lanboyo

Thanks for taking the time to provide the diagram!    I appreciate that alot!

"Are you saying that when PC1 connects to the ATT VPN with a client software VPN client, PCs 2-6 can no longer surf the internet or print to thier local printer?"   Per your top diagram, PC1 is the server for an NComputing thin terminal system.  This server runs XP Pro and has the NComputing VSpace software.  Each of the NComputing workstations connect to the network via an ethernet connection.   There are five thin client workstations that connect to PC 1 (the NComputing server).    

We have tried installing the the AT&T Globel Network client softare on PC (the NComputing Server) and also on PC 2 ( another PC that is connected to the network but does not have VSpace software on it).  In both cases, when we connect the AT&T VPN alll internet and printing connections are lost for the five N Computing thin clients that are connected to PC 1.  I should have been more clear on this in my first post.

"If  only one workstation at a time can connect to the VPN, I have seen that before, and it is a problem involving NAT translation that usually requires a firmware upgrade to the router, or a newer router."  
Now that I have explained the configuration, do you think it still could be a router issue?

"If the VPN is a site to site VPN that connects from your router, then you will need to do something like this...."

The AT&T does appear to be a site to VPN per this product brochure....

http://www.business.att.com/content/productbrochures/EM-AGNCProductBrief.pdf

I did trade Emails with my tech guy today and he was thinking that we may need to get another static IP from our ISP...so you have confirmed that approach for me.    However, by the time I pay him for a few hours of time, the cost of the  new hardware, and the cost of the new static IP,  this could get to be a bit spendy

Jfer is recommending a Virtual PC  that would run the VPN.  Do you think that would work, given everything I have explained?   Is the VPC software free?  I have an unused XP license.

Thanks for the excellent response,.  I look forward to your reply!




 Because that would be really wierd unless PC1 is doing internet  connection sharing that the other workstations need.



0
 
LVL 10

Expert Comment

by:lanboyo
ID: 26276535
I think the problem is that the thin clients are depending on the xp server, and lose connection to the server when it connects to the vpn since there is no split tunneling.

I think that the virtual pc is probably the way to go.

I don't understand why running the client on the second pc breaks things, it shouldn't with this type of client.
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 26277516
Hi, I have never used VPC personally, but I have done similar work with
VM Ware, cost less than $100 dollars for a Workstation License.

You can try it for free for 30 days

http://www.vmware.com/go/tryworkstation

Let me know if you need  help setting up, preferably, in another separate question.

Jfer

0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 26277527
Correction, cost $189.
0
 

Author Closing Comment

by:cnsguy
ID: 31675031
great help!
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question