Solved

Linksys RV042 at home office / split tunnel

Posted on 2010-11-18
4
1,246 Views
Last Modified: 2012-05-10
I'm looking at installing a Linksys RV042 router at my house and then setup a VPN tunnel to my office which has a Watchguard XTM 23 firewall/vpn.  I'm doing this mainly because I need to install an IP phone at the house which connects to the office pbx - i know there are softphones that can do this but I want to use an IP phone.

I also need the home office network setup in such a way so that only the IP phone and a dedicated workstation has access to the VPN tunnel and other family computers at the house should not have access to the VPN tunnel.

What is the best way to accomplish this?  Can I restrict access to the VPN tunnel based on MAC addresses with the RV042?

I have managed to setup the RV042 so that the tunnel comes up but i'm not sure how to restrict access to the tunnel.
0
Comment
Question by:Medrx
  • 3
4 Comments
 
LVL 90

Accepted Solution

by:
John Hurst earned 125 total points
ID: 34170252
In the RV042, in the VPN setup, under Local Group Setup for the specific tunnel, you can set the local IP to be just the single IP of the machine you want. People can spoof IP's and MAC address, so the security is about the same. Since it is in your home, it should work.  See the example below. ... Thinkpads_User

RV042-Example.png
0
 

Author Comment

by:Medrx
ID: 34170311
So do I then have to setup another Subnet on the RV042 that will be used for local 'family' pcs which will not be allowed access to the vpn tunnel?  
How do i setup DHCP on the router to assign the correct ips for the appropriate pcs - for example I would like to have my work PC get an IP in the range of 192.168.190.x  and family PCs get 192.168.2.x
Do I have to add rules to the RV042 firewall so that the 192.168.2.x network can't access the vpn tunnel OR that is already implied since its a different network?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 34170355
You can look at rules in the RV042. You can also bridge a wireless router to the RV042 because wireless routers often have MAC address control.

The IP for the device is set in the Local Security Group Type above. Use IP instead of Subnet and pick the IP you will allow. If the IP were a wireless router, then you have that flexibility as well.

So to your question above, if you allow only IP 192.1568.1.13, then only that device and none others will have acces to the tunnel. Set the RV042 to hand out addresses from 100-200 and set the one device to be static. .... Thinkpads_User
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 34269673
Thank you. I was pleased to assist you. ... Thinkpads_User
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now