Skip to comments.
Need help with a VPN Through Two Routers
Posted on 03/13/2003 8:59:56 AM PST by lafroste
I am looking for technical assistance for a computer networking problem, to wit:
I set up a wireless network in my home to share internet access with family computers without running wires all over creation. My wife's office uses wireless connections. She needs to set up a Virtual private network (VPN) to her employer, but her employer only supports VPN using a Linksys router (not wireless). Her company supplied the Linksys router, apparently pre-configured to access the comapny's system.
Here is the problem: She must access the internet through the wireless router we already have (Seimens Datastream), but the Linksys router must also be present. We connected the Linksys router to the cable modem and were able to access the VPN. However, when we added the Siemens wireless router after the Linksys, she was able to access the internet from her computer, but not the VPN. Additionally, my computer (which doesn't need the VPN but was set up to test the interface) also now does not function. I may be able to work around the problem, but I cannot figure out how to access the configuration utility of the Linksys router (no documentation was supplied by her employer), and I cannot determine the IP address of the Linksys router, but do know the IP address of the Seimans wireless router (which, curiously, does not seem to have changed after the Seimans router was disconnected from the cable modem and connected to the Linksys router). I know this can be made to work and any suggestions on how to proceed are most welcome.
posted on 03/13/2003 8:59:56 AM PST
BTW: The VPN is a Cisco VPN Client, if that is of any help to you.
posted on 03/13/2003 9:01:10 AM PST
You access the linksys config via a web browser.
The typcial address of the linksys server is 192.168.1.1 but this could change depending on the siemens config. To find out
go to one of ur PC's that is using the linksys and do a ipconfig from a dos prompt. Look for the default gateway. This is the ip address of the web accessible linksys config.
The next step is most likely the config will require a password to get into it via the browser. I forget what the default. If siemens changed it u r SOL unless u reset the linksys rerouter back to its factory settings which u can do however then u cannot see what siemens as configured.
posted on 03/13/2003 9:09:17 AM PST
If I remember correctly, the default login for the linksys router is username (leave blank) and password=admin. The IP address you gave is correct. Linksys has PDF docs for the router on their website.
.....what I would do.....
.....would be to replace "your" router.....
.....with a Wireless Access Point.....
.....Linksys makes a nice one.....
posted on 03/13/2003 9:14:34 AM PST
((.....does this mean I'm kewl now?.....))
The default lan ip for the linksys 192.168.1.1 is the default as set by the factory. Siemens may have changed this because the PC's on the LAN get their ip dynamically from the linksys.
So u verify which ip to use for from the web browser u need to verify the default gateway by using the DOS prompt ipconfig.
I beleive u r correct on the default password.
Just as a side, there is an option to disable linksys admininistration from the WAN side. So dont worry about getting hacked, assuming Siemens did set this value correctly.
posted on 03/13/2003 9:17:33 AM PST
Your using a VPN client on the wife's computer right? If so, you may not need the Linksys router. What you need to look into is if the WAP supports VPN passthrough. The WAP may be doing packet mangling as it's NAT. Unless there is default reverse port mapping, the WAP will be useless (Check for a firmware update for VPN usage). Also, you may need to open tcp and udp port 500 on the WAP.
Is your wife using the Cisco VPN client software or does the linksys router establish the tunnel? If she is using the Cisco VPN client software the router should be immaterial. It only establishes the physical/network connections.
If the linksys router establishes the tunnel then the easiest (depending on the company she works for) is to have them replace it with a wireless router. Then you have everything you need. If they are not willing to do that and you have to make what you have work, then I need to know how you "connected" the two routers. Are they direct connected or connected through a switch port? Direct connections may require a different cable than what you are using. The routers have to be "aware" of each other by using the same routing protocols or by having static route(s) defined on one or both of the routers.
I cannot help you with the specific configuration tasks as I am "do" Cisco and have no experience with Linksys or Siemens.
posted on 03/13/2003 9:25:20 AM PST
"I am "do"" = I "do"
posted on 03/13/2003 9:26:19 AM PST
When I called Siemens for help on my router, they were very helpful and even made a follow up call to me and asked if I needed additional support.
posted on 03/13/2003 9:29:48 AM PST
Let me take a guess without having the devices in front of me: I think the problem might be that your routers need to be on two different subnets. If you want to use cascaded routers you should leave the Linksys configured as your wife's employer left it, because you already know that works. Change YOUR router to a different subnet.
For example, if your present subnet Id is 192.168.1.x change it to 192.168.2.x. If your inhouse machines are set for DHCP they shouldn't have to be touched, maybe only rebooted to pick up the new address.
Set your inhouse router's Gateway/NextHop to point to the Linksys (probably 192.168.1.1). Once you've made the changes PING each device in turn until you're sure you can get thru both devices. Once that's working try your VPN again.
Sounds like you don't really need the extra linksys router in the mix. The Cisco client should work. That's what I'm doing right now, as a matter of fact.
Sounds to me like both the new linksys and the old wireless router are BOTH set up to do DHCP and provide NAT. That's gonna choke the LAN and anything connected to it. There can be only one DHCP/NAT box.
posted on 03/13/2003 9:32:57 AM PST
You need to make sure your router supports PPTP protocol(VPN) passthrough. I know the Linksys have it by default, but I don't know about Seimens.
posted on 03/13/2003 9:34:42 AM PST
Boy, you guys are just amazing! I can't slog through the posts now, but I think this will make a fine project this evening (and really impress my wife since I am not a computer guy, but she is a computer scientist working for a large software company)
posted on 03/13/2003 10:25:31 AM PST
We have the exact same setup where I work. VPN, Cisco... all of it. Her employer *should* be willing to configure the wireless router to work with the VPN. My employer is willing to do this.
posted on 03/13/2003 10:29:18 AM PST
(Go Get 'Em Dubya!)
>I am not a computer guy, but she is a computer scientist working for a large software company
Small steps will get you where you need to be. Remember the lesson of "The Tortoise And The Hare".
There is no magic.
I take it that your IP guys know what they're doing, but isn't it a security breach to have a wireless connection to someone outside the company firewall? NYU wouldn't let me bring a laptop with a linksys wireless card anywhere near them.
posted on 03/13/2003 11:09:43 AM PST
Great advice from all hands. Although you don't hace to reboot to pick up a nnew net config or DHCP prodived address. Just do an IPCONFIG /RELEASE followed by an IPCONFIG /RENEW from a command window.
posted on 03/13/2003 11:30:21 AM PST
BTW, I'm using a linksys WRT54Gg with great success. It's the DHCP server and firewall between my Starband gateaway PC and the rest of my internal net.
posted on 03/13/2003 11:31:41 AM PST
Well we use wireless at our company. They provide a standard linksys box and VPN software for home use. But, if you have a wireless network, they will not pay for the hardware- but will update the wiresless box to work with VPN. How they do it, I have no idea.
posted on 03/13/2003 12:38:49 PM PST
(Go Get 'Em Dubya!)
>Although you don't hace to reboot to pick up a nnew net config or DHCP prodived address. Just do an IPCONFIG /RELEASE followed by an IPCONFIG /RENEW from a command window.
I hear ya, but this is one of those cases where I'd rather be a tortoise than a hare. Rebooting forces a rebuild of all the control blocks so there can't be any issues about crap being left behind.
In spite of what Big M says about not needing to reboot for this change or that (specifically under W2K and XP) subtle problems seem to go away when a full reboot is done.
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson