Solved

Wireless, VPN, router

Posted on 2014-03-03
5
846 Views
Last Modified: 2014-03-26
I have two main routers, probably not idea, but let me explain.

I have a technocolor something or nother from comcast, which is a cable modem/router and has VOip.. unfortuntelly I can not configure too much on this device. So while wireless is enabled, I do not use it.. I cant even disable it.  I cant switch to bridge mode or anything.

So I connected a linksys e4200 wireless router... this is on a different subnet, and is configured for wireless, and etc. This is our main device we connect to and all forwards from this device accordingly.

My question, is somehow I want to enable and have the ability to VPN into home...
I dont think natively I can do this, and would have to add to dmz port forward... not sure... To test, I have a Linksys wrt54gs v 5.0.  I flashed with DDRT but not sure what to do now, and how to add to infrastructure.... I think adding it as a repeat bridge with same SID and passwords and authentication, but i need thoughts are corerect setup and how to enable and use vpn so i can connect from external
0
Comment
Question by:Indyrb
  • 3
  • 2
5 Comments
 
LVL 25

Expert Comment

by:Fred Marshall
Comment Utility
It seems most odd that you can't disable wireless on any router in your facility.  That would not really be acceptable.  How do you maintain wireless security and, thus, network security?

Presumably if the Comcast router has wireless then it's providing NAT and a private subnet.  And, if it's on a LAN subnet then you should be able to access it - if you can log in.  The access address is likely the same as the gateway address one would use to connect to it.

If all you are doing is using the e4200 for wireless then I would connect it LAN port to LAN port.  There is a diagram attached for that.

What do you intend to use for terminating the VPN in the office?  That's rather key in this discussion.
Wireless-Router-as-a-Simple-Swit.pdf
0
 

Author Comment

by:Indyrb
Comment Utility
I know what the comcast router is.. its the 10.x.x.1 I can even login, however I can not disable Wireless or advance rules or features... and it is connected LAN to LAN.. e4200 is 192.168.x.x
0
 

Author Comment

by:Indyrb
Comment Utility
What do you intend to use for terminating the VPN in the office?  That's rather key in this discussion.

What do you mean by terminating VPN?
Like when the session is closed?  I am new to this, I know what I need, just dont know how to get there, while utilizing the most secure, least amount of effort, and maintaining best practices and guidliness.
Hardware:
-Techno (Comcast)
-LinkSys e4200
-Linksys Switch

-LinkSys Wrt54GS - DDRT-WRT
0
 
LVL 25

Accepted Solution

by:
Fred Marshall earned 500 total points
Comment Utility
There needs to be a device in the office that is the "end" of the VPN.  It has all the VPN settings, etc.  Usually this is an edge device like a router or firewall.  

With your lack of control over the Technicolor (which seems odd if you can get into it) then all this may be for naught.  I'm going to assume that it won't support the VPN functionality.  In that case, it has to support VPN passthrough which is usually a setting.  What model is it?

The Linksys e4200 doesn't support VPN functionality unless you install DD-WRT.  But I wouldn't do that to this one.  At present, you don't have this set up LAN-toLAN but, rather LAN-to-WAN which is obvious from the IP addresses .. there are two subnets and not just one.

The Linksys WRT54G with DD-WRT does support VPN functionality.  So that's your best bet.  I would set things up like this:

- Technicolor with VPN passthrough enabled    connected to:
- WRT54G with DD-WRT with VPN configured. <<<< so this terminates the VPN.
- WRT54G LAN connected to e4200 LAN port.
- e4200 DHCP server turned OFF.
- e4200 LAN address set to be in the same subnet as the WRT54G LAN and outside the WRT54G DHCP range.  You will have to enter the IP, subnet mask, gateway (WRT54G address), DNS (the same) manually here.

If you plan to use a split VPN in the remote sites then it's a good idea to make your WRT54G subnet some odd number like 172.16.99.0   255.255.255.0.  This way, no matter the garden variety subnet you happen to be on in the field, they won't conflict.
The split VPN is handy because then you can get to the internet all the time whether the VPN tunnel is established or not.
0
 

Author Comment

by:Indyrb
Comment Utility
I also have an ASA 5505, but it seems to loose its config all the time, and then I cant get anything to work... But it also could be a rookie user error. Which is perfered. DDRT or ASA 5505. I have 80MB download speed. subscribed to 105+
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now