?
Solved

VPN behind a residential gateway

Posted on 2011-10-27
13
Medium Priority
?
1,279 Views
Last Modified: 2012-06-27
I had a fully functional VPN between two Netgear routers at home and office. Recently I switched to ATT Uvers service at home and they removed my old DSL modem and put a 2WIRE residential gateway. .Now I am having difficulty establishing VPN connection between the two Netgear routers.
My setup is    
At home---   Netgear SRXN 3205 wireless router( all the home computers connect to this through wireless connection, before the installation of 2WIRE gateway this used to be the DHCP server but now it is the 2WIRE gateway that is the DHCP server for home computers). CONNECTD to 2WIRE residential gateway through RJ45 wire.

At Office-- Netgear FVS336G router working as DHCP server with no other firewalls between it and DSL modem or office computers.

I have been trying to make some changes in the 2WIRE gateway by putting my home Netgear router in a DMZ but it does not let me do it because Netgear router has a fixed IP address that is not assigned by the residential gateway.
0
Comment
Question by:MohammadKhan
  • 5
  • 5
  • 3
13 Comments
 
LVL 12

Expert Comment

by:Gary Coltharp
ID: 37037543
You need to get back to having your Netgear as the DHCP server. Your problem is the age old issue of double NAT.

Get in to the 2-wire and put it in "Pass Through" or "Bridge" mode. The terminology varies by DSL router.

This should put the public IP of your DSL on the WAN port of your Netgear again.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 37039341
I fully agree with gcoltharp, so thought the following link may be helpful in doing so:
http://www.tek-tips.com/viewthread.cfm?qid=1212752
For the record there are numerous posts on EE where users could not get the 2-wire to support VPN taffic, though they were all PPTP VPNs, your IPsec VPN may be fine.
0
 

Author Comment

by:MohammadKhan
ID: 37048390
I have 2WIRE 3801 HVG gateway that has no option of putting it in bridge mode. In the past 2 days I have researched this but did not find any suggestions about putting it in the bridge mode. At the same time my Netgear router does not have an option of obtaining IP through DHCP. It has to have a fixed IP.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 78

Expert Comment

by:Rob Williams
ID: 37049854
Does the link I provided not provide any insight as to how to put your 2-wire in bridge mode? I appreciate the models may be different but often the process is similar. However as mentioned many folk say they couldn't get the 2-wire to work with VPN's.

The Netgear will obtain a DHCP address. I have never heard of a router under $500 that will not. See page 2-3 of the manual:
ftp://downloads.netgear.com/files/SRXN3205_RM_Oct08.pdf

0
 

Author Comment

by:MohammadKhan
ID: 37052936
It seems that I can disable DHCP role for Netgear SRXN router but I can not tell it to get its own IP address through another DHCP server, I have to assign it a fixed IP address.
The procedure to put 2WIRE router in a bridge mode works for model 2701 but does not work for model 3801. surprisingly 2WIRE does not have a manual for this model.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 37053071
It may be that your 2-wire doesn't support bridging, but as for the Netgear I am quite sure it can get a DHCP address from the WAN side, otherwise it couldn't be used on any residentai account in the world. As mentionein in my previous poat see: page 2-3 of the manual: ftp://downloads.netgear.com/files/SRXN3205_RM_Oct08.pdf  under "Automatically Detecting and Connecting"

If putting it in the DMZ zone of the 2-wire you can use a static IP if you like, and really should when using incoming connections like a VPN.

Ideally you want to change the the 2-wire for a standard modem only unit.
0
 
LVL 12

Expert Comment

by:Gary Coltharp
ID: 37057314
Have you neglected to tell us that you are on AT&T Uverse or a similare integrated services plan?

0
 

Author Comment

by:MohammadKhan
ID: 37060250
I am on ATT Uverse. I think I can not use a standard modem in place  of 2WIRE gateway.
0
 
LVL 12

Accepted Solution

by:
Gary Coltharp earned 500 total points
ID: 37062463
Correct.. and you cant put it in bridge mode because it has integrated services.

So...they accepted practice seems to be to enable DMZ and forward it to the IP of your VPN router. DMZPlus, I believe is the exact tech..

Your Netgear doesnt have to be in DHCP mode for it to work, but it would certainly simplify things. If you cant figure out how to set the internet or WAN port to DHCP or Dynamic IP, then just set it to an open IP on the same subnet as the LAN address of the 2WIRE.... go in to the 2WIRE settings and point the DMZ to the address you set. Just make sure to use the gateway on the Netgear as the IP of the 2WIRE.

Double NAT may still cause you problems but this is the best solution you have without changing your ISP.

0
 

Author Comment

by:MohammadKhan
ID: 37110760
I was out of town for a few days hence the delay in response. I was able to set the WAN port of Netgear to get IP from 2WIRE and was then able to set that IP(WAN port of the netgear) on DMZ zone. I was also able to establish a VPN connection between my home Netgear router and my office Netgear router and I can see that connection has been established. Now the problem I am having is that I can not ping my office router from a PC that is connected to 2WIRE gateway. I am also not able to RDP to my office computer from home computer.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 37111213
Is there any chance the office network and the home network use the same subnet locally? They must be different,. For example if the office uses 192.168.1.x the home network must use something like 192.168.2.x. If not you will be able to connect but not access resources.
0
 

Author Comment

by:MohammadKhan
ID: 37111840
My office subnet and home subnet are different. In the meantime I think I have solved the problem, of course with your help. Here is what I have done,
2WIRE gateway is DHCP server with IP range of 192.168.1.150 to 254.
Home based Netgear router is DHCP server with IP range of 192.168.1.1 to 40
Home Netgear router is connected to the 2WIRE gateway through Netgear's WAN socket and is getting IP address through the 2WIRE gateway( it has been assigned IP address 192.168.1.165 ).
On 2WIRE router IP 192.168.1.165 has been put in DM Zone. ( this can be done as this IP address is assigned by the 2WIRE Gateway).

On Home Netgear router and office Netgear router I have IPSEC policy with local home) subnet 192.168.1.0.

With this setup I am able to RDP from home to office, my home computer is connected to the Netgear router through the wireless adapter.

I would like to know if there can be any potential problems with this setup? If not then this issue has been resolved and I will accept this solution.
0
 
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 500 total points
ID: 37111865
If it connects it is fine but I am surprised you don't have issues. Routing relies on each network segment having a different subnet. Though it does sometimes work, you really should be using a different subnet on the LAN and WAN side of the Netgear. You could leave the 2wire alone and set the Netgear LAN to something like 192.168.100.x

Also "just" a security concern. VPN's are very secure that they are an isolated encrypted tunnel, but they are also a wide open door between the remote and corporate site. If the remote site is hacked, the corporate office is easily reached. Using a wireless connection increases the chances of being hacked.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question