04-17-2012 08:20 AM
Hello.
I am working for a small compagny that bought last year 3x WRVS4400N for communicating between the office and the président house.
So far, we were using 2 of the 3 wireless routers and will eventually plug the 3rd one into the house of the vice-président.
Just recently, we changed our system and also changed the OS of our server (we switch from a SBS2003 to SBS2011). At the same time, I decide to change the subnet so it will not be different that the usual 192.168.0.x or 192.168.1.x.
I was to reconfigure the 2 existing routers for this configuration when I realise that some point of my setup is unclear and I need to clarify those points.
Facts:
The router into the compagny has this local IP adress: 192.168.73.1 /24
The router into the président home has this local IP adress: 192.168.0.1 /24
The router into the Vice-président will have this local IP adress: 192.168.2.1 /24
Now, If I want to configure the router of the compagny side, I had to configure this paramaters:
==================================================================
== For connecting to the président side ==
Local Group Setup:
Local Security Gareway Tyoe: IP only
IP address: 1.2.3.4 (The IP adress of our compagny (WAN side)
Local Security Group Type Subnet
IP Adress 192.168.73.3
Subnet Mask: 255.255.255.0
Question #1: Is the IP adress (see below in BOLD) should be:
a) The IP Adress of the router itself (192.168.73.1) ??
b) The reserve IP adress of the router (given into the Setup section) (192.168.73.2) ??
c) Any IP adress that is available into the range between (between 192.168.73.3 - 192.168.73.254) ??
b) 192.168.73.0
Remote Group Setup
Remote Security Gateway Type: IP only
IP by DNS Resolved: president_name.hopto.org
Remote Security Group Type: Subnet
IP Adress: 192.168.1.0
Subnet mask: 255.255.255.0
Question #2 Is the IP adress on the Remote Group (BOLD) should be:
a) 192.168.1.0
b) 192.168.1.1 (IP adress on his router)
c) Reverved IP on this side (I do not remember, but I could check)
d) Any IP adress available on his side (192.168.1.2 - 192.168.1.254)
The rest of the configuration will not change anyway (IKE with Preshared Key)
==================================================================
Assuming that we will connect another router (Vice Président) into our setup, the settings into our router will be:
==================================================================
== For connecting to the Vice-président side ==
Local Group Setup:
Local Security Gareway Tyoe: IP only
IP address: 1.2.3.4 (The IP adress of our compagny (WAN side)
Local Security Group Type Subnet
IP Adress 192.168.73.3
Subnet Mask: 255.255.255.0
Question #3 The IP adress (in BOLD) should be:
a) Same as the Président (192.168.73.3) ??
b) Completely different (ex: 192.168.73.4) ??
Remote Group Setup
Remote Security Gateway Type: IP only
IP by DNS Resolved: VP_president_name.hopto.org
Remote Security Group Type: Subnet
IP Adress: 192.168.2.0
Subnet mask: 255.255.255.0
Question #4 Is the IP adress on the Remote Group (BOLD) should be:
a) 192.168.2.0
b) 192.168.2.1 (IP adress on his router)
c) Reverved IP (not define yet)
d) Any IP adress available on his side (192.168.2.2 - 192.168.2.254)
==================================================================
Ok, there a lot of questions. Some of my setup might work like this, but I want to know the CORRECT way to do it.
Many thanks...
Eric
04-24-2012 12:13 PM
Eric,
when setting up a VPN tunnel you have to think of the connection in terms of where the router is and where it is connecting to. In all cases the local ip address will be that of the router you are logged into and the remote ip address will be that of the router you are wanting to connect to.
At each location A, B, and C you will have two tunnels:
Site A router is always the local when configuring a tunnel to a remote site
1. Tunnel from A to B
2. Tunnel from A to C
Site B router is always the local when configuring a tunnel to a remote site
1. Tunnel from B to A
2. Tunnel from B to C
Site C router is always the local when configuring a tunnel to a remote site
1. Tunnel from C to A
2. Tunnel from C to B
Hope this helps,
Blake Wright
Cisco SBSC Network Engineer
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide