Wireless, VPN, router

I have two main routers, probably not idea, but let me explain.

I have a technocolor something or nother from comcast, which is a cable modem/router and has VOip.. unfortuntelly I can not configure too much on this device. So while wireless is enabled, I do not use it.. I cant even disable it.  I cant switch to bridge mode or anything.

So I connected a linksys e4200 wireless router... this is on a different subnet, and is configured for wireless, and etc. This is our main device we connect to and all forwards from this device accordingly.

My question, is somehow I want to enable and have the ability to VPN into home...
I dont think natively I can do this, and would have to add to dmz port forward... not sure... To test, I have a Linksys wrt54gs v 5.0.  I flashed with DDRT but not sure what to do now, and how to add to infrastructure.... I think adding it as a repeat bridge with same SID and passwords and authentication, but i need thoughts are corerect setup and how to enable and use vpn so i can connect from external
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Fred MarshallPrincipalCommented:
It seems most odd that you can't disable wireless on any router in your facility.  That would not really be acceptable.  How do you maintain wireless security and, thus, network security?

Presumably if the Comcast router has wireless then it's providing NAT and a private subnet.  And, if it's on a LAN subnet then you should be able to access it - if you can log in.  The access address is likely the same as the gateway address one would use to connect to it.

If all you are doing is using the e4200 for wireless then I would connect it LAN port to LAN port.  There is a diagram attached for that.

What do you intend to use for terminating the VPN in the office?  That's rather key in this discussion.
IndyrbAuthor Commented:
I know what the comcast router is.. its the 10.x.x.1 I can even login, however I can not disable Wireless or advance rules or features... and it is connected LAN to LAN.. e4200 is 192.168.x.x
IndyrbAuthor Commented:
What do you intend to use for terminating the VPN in the office?  That's rather key in this discussion.

What do you mean by terminating VPN?
Like when the session is closed?  I am new to this, I know what I need, just dont know how to get there, while utilizing the most secure, least amount of effort, and maintaining best practices and guidliness.
-Techno (Comcast)
-LinkSys e4200
-Linksys Switch

-LinkSys Wrt54GS - DDRT-WRT
Fred MarshallPrincipalCommented:
There needs to be a device in the office that is the "end" of the VPN.  It has all the VPN settings, etc.  Usually this is an edge device like a router or firewall.  

With your lack of control over the Technicolor (which seems odd if you can get into it) then all this may be for naught.  I'm going to assume that it won't support the VPN functionality.  In that case, it has to support VPN passthrough which is usually a setting.  What model is it?

The Linksys e4200 doesn't support VPN functionality unless you install DD-WRT.  But I wouldn't do that to this one.  At present, you don't have this set up LAN-toLAN but, rather LAN-to-WAN which is obvious from the IP addresses .. there are two subnets and not just one.

The Linksys WRT54G with DD-WRT does support VPN functionality.  So that's your best bet.  I would set things up like this:

- Technicolor with VPN passthrough enabled    connected to:
- WRT54G with DD-WRT with VPN configured. <<<< so this terminates the VPN.
- WRT54G LAN connected to e4200 LAN port.
- e4200 DHCP server turned OFF.
- e4200 LAN address set to be in the same subnet as the WRT54G LAN and outside the WRT54G DHCP range.  You will have to enter the IP, subnet mask, gateway (WRT54G address), DNS (the same) manually here.

If you plan to use a split VPN in the remote sites then it's a good idea to make your WRT54G subnet some odd number like  This way, no matter the garden variety subnet you happen to be on in the field, they won't conflict.
The split VPN is handy because then you can get to the internet all the time whether the VPN tunnel is established or not.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
IndyrbAuthor Commented:
I also have an ASA 5505, but it seems to loose its config all the time, and then I cant get anything to work... But it also could be a rookie user error. Which is perfered. DDRT or ASA 5505. I have 80MB download speed. subscribed to 105+
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.