• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1271
  • Last Modified:

Linksys RV042 at home office / split tunnel

I'm looking at installing a Linksys RV042 router at my house and then setup a VPN tunnel to my office which has a Watchguard XTM 23 firewall/vpn.  I'm doing this mainly because I need to install an IP phone at the house which connects to the office pbx - i know there are softphones that can do this but I want to use an IP phone.

I also need the home office network setup in such a way so that only the IP phone and a dedicated workstation has access to the VPN tunnel and other family computers at the house should not have access to the VPN tunnel.

What is the best way to accomplish this?  Can I restrict access to the VPN tunnel based on MAC addresses with the RV042?

I have managed to setup the RV042 so that the tunnel comes up but i'm not sure how to restrict access to the tunnel.
0
Medrx
Asked:
Medrx
  • 3
1 Solution
 
JohnBusiness Consultant (Owner)Commented:
In the RV042, in the VPN setup, under Local Group Setup for the specific tunnel, you can set the local IP to be just the single IP of the machine you want. People can spoof IP's and MAC address, so the security is about the same. Since it is in your home, it should work.  See the example below. ... Thinkpads_User

RV042-Example.png
0
 
MedrxAuthor Commented:
So do I then have to setup another Subnet on the RV042 that will be used for local 'family' pcs which will not be allowed access to the vpn tunnel?  
How do i setup DHCP on the router to assign the correct ips for the appropriate pcs - for example I would like to have my work PC get an IP in the range of 192.168.190.x  and family PCs get 192.168.2.x
Do I have to add rules to the RV042 firewall so that the 192.168.2.x network can't access the vpn tunnel OR that is already implied since its a different network?
0
 
JohnBusiness Consultant (Owner)Commented:
You can look at rules in the RV042. You can also bridge a wireless router to the RV042 because wireless routers often have MAC address control.

The IP for the device is set in the Local Security Group Type above. Use IP instead of Subnet and pick the IP you will allow. If the IP were a wireless router, then you have that flexibility as well.

So to your question above, if you allow only IP 192.1568.1.13, then only that device and none others will have acces to the tunnel. Set the RV042 to hand out addresses from 100-200 and set the one device to be static. .... Thinkpads_User
0
 
JohnBusiness Consultant (Owner)Commented:
Thank you. I was pleased to assist you. ... Thinkpads_User
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now