Setting up VPN using 1861 behind an Actiontec Router

Unanswered Question
Feb 8th, 2008

I need to setup a vpn between our main office and a remote user using his verizon fios internet connection,

he uses this service for both data and TV. Verizon provided him an actiontech MI-424-WR router.

* Can I setup gre/ipsec tunnel behind the actiontec router using a Cisco a 1861 router?

* Will there be any configuration changes done on the actiontec router?

* any caveat?

The router in the main office will have a static external IP.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Richard Burts Fri, 02/08/2008 - 10:32


A customer that I work with has set up lots of VPN connections to remote sites where the remote site is behind a cable network connection including actiontech routers. We are using the 1841 router but I would think that the 1861 would be able to do this without much problem.

As to the specific questions that you ask:

- We use GRE/IPSec tunnels and it works well.

- there should not be any configuration changes on the actiontech router.

- as far as caveats:

+ make sure that the image on the 1861 is the advanced security feature set or the advanced services feature set so that you get support for the encryption needed for VPN.

+ in our implementation we require that the remote site have a fixed IP address which allows each end of the VPN to uniquely specify its peer and allows either end of the VPN to initiate the connection. I assume that your user is getting an address via DHCP from the actiontech. This will mean that your head end will have to accept connection requests from anyone and authenticate to verify that it is an authorized request. And it will mean that the remote must initiate the connection.

If it is a single user at this remote location would it be feasible to set it up as a remote access VPN rather than a site to site VPN and to have the user use the VPN client which would eliminate the requirement for a router at the remote site?



abknoc Mon, 02/11/2008 - 06:27


Thank you, your post is very helpful. To answer your questions:

* static ip is not possible, because the remote site is using fios tv.

* the site will have a single user but multiple devices, including a tandberg codec which we'll use for videoconferencing.

Richard Burts Mon, 02/11/2008 - 08:28


I expected that static ip might not be possible in your case. This just means that the head end will not be able to specifically identify the remote peer and must accept connection requests from anyone and use authentication to determine whether this is a legitimate peer.

If there are multiple devices at the remote then a site to site VPN certainly makes sense.




This Discussion