cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
807
Views
15
Helpful
6
Replies

VPN Basic information about IPs

amh4y0001
Level 3
Level 3

I have a LAB scenario to discuss with you if you can assist me to figure it out the correct IPs to uses.

Environment:
Site A (LAN 1) ==> Connected with a Switch (Running MS Server 2012 R2)
Site B (LAN 2) ==> Connected with a Switch. (Running MS Server 2012 R2)

Target:

Connect these two LANs (Site to Site VPN) and encrypt the data transfer (PPTP /IPSEC VPN)

Problem /Question

I am not sure when configuring the LANs IPs, which default gateway should be used.
!!! When configuring WAN port, am I supposed to set the dedicated IP? If yes how to specify the gate way?

!!! When configuring the LAN port shall we use the LAN's Server IP Address (machine where MS Server 2012 R2 is installed and DHCP is enabled so clients can get IPs from this server). OR something else?

Router I am using in LAB is CISCO 871.


----------------------Here is sample configuration ------------------

Dedicated IP Address 1 • IP : xx.yy.zz.165 , • Subnet: 255.255.255.240 , • Gateway: xx.xy.zz.161

Dedicated IP Address 2 • IP : xx.yy.zz.166 , • Subnet: 255.255.255.240 , • Gateway: xx.xy.zz.161

LAN 1 IP Address /class: 10.0.0.1 /24 • LAN 1 SERVER Computer‘s configuration • IP Address: 10.0.0.1 • Subnet Mask: 255.0.0.0 • Default Gateway: 10.0.0.1 ====> or should be something else? • Switch is connected with this server running server 2012 R2 and DHCP role. • Clients are connected to Switch and receiving IPs like 10.0.0.2, etc

LAN 2 IP Address /class: 192.168.1.1 /24 • LAN 2 SERVER Computer‘s configuration • IP Address: 192.168.1.1 • Subnet Mask: 255.255.255.0 • Default Gateway: 192.168.1.1 ====> or should be something else? • Switch is connected with this server running server 2012 R2 and DHCP role. • Clients are connected to Switch and receiving IPs like 192.168.1.2, etc

6 Replies 6

ryancisco01
Level 1
Level 1

LAN:

interface vlan 1

ip address 192.168.1.1 255.255.255.0

no shut

 

(by default all ports are in vlan 1)

 

Now for the servers, they should all be within 192.168.1.1-255 range. and their default gateway should be 192.168.1.1. Do the same for your other side but using 10.0.0.1

 

WAN:

interface vlan 2

desc INTERNET

ip add  xx.yy.zz.165 255.255.255.240

no shut

interface gi0/1 (whatever your outside port is)

switchport mode access

switchport access vlan 2

 

ip route 0.0.0.0 0.0.0.0 xx.xy.zz.161

 

once you do that on both sides, you should be able to ping from LAN subnet to LAN subnet - I assume you arent using a real WAN link in your lab so just be sure to use a x-over cable between the two switches. If you are using a WAN link you wont be able to ping until VPN is setup

 

 

Thanks ryancisco01

1. I have two dedicated IPs form ISP this is what you meant by real WAN link?

2. This configuration should be on LAN switch or on Router? I mean there is no configuration required on LAN Switches?

LAN:

interface vlan 1

ip address 192.168.1.1 255.255.255.0

no shut

(by default all ports are in vlan 1)

 

3. Shall we configure Default Gateway for the dedicated IP to use internet on WAN link?

 

Thanks in advance!

1) Yes correct, so you have two real WAN links coming into your LAN with two dedicated Ip addresses? If yes then use these IP's on your outside interface

 

2) If you have two routers, then yes use this config on your router rather than switch. 

 

3) Default gateway should be pointing to the internet via the WAN link. usually your ISP will supply the gateway Ip address to use.

 

Thanks again for your reply.

regarding default gateway, there would be tow gateways in that case? One for the LAN and other for WAN?

(a)Now for the servers, they should all be within 192.168.1.1-255 range. and their default gateway should be 192.168.1.1. Do the same for your other side but using 10.0.0.1

(b) Default gateway should be pointing to the internet via the WAN link. usually your ISP will supply the gateway Ip address to use.

Correct, The LAN pc's need to use the IP address on the LAN/inside interface of the router as their default gateway (192.168.1.1). The WAN/outside interface of the router needs to use the ISP as its default gateway (lets say 4.2.2.2- a public/routable Ip address). 

 

The LAN pc's do not need to know anything about the WAN default route. That is the job of the router to manage, the Router knows how to get to the internet, and it knows how to get to the local LAN so it will provide the route between the LAN and the Internet. 

Bundle of thanks !

In this case there would be ONE default gateway and that would be ISPs provided.

And I can connect LAN Switch to router's LAN ports (vlan1) directly or Fe0 /Fe1 etc.

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: