Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1100
Views
0
Helpful
1
Replies

Basic understanding of IPsec VPN for WRVS4400N (3 ways)

elapointe
Level 1
Level 1

‎04-17-2012 08:20 AM

Hello.

I am working for a small compagny that bought last year 3x WRVS4400N for communicating between the office and the président house.

So far, we were using 2 of the 3 wireless routers and will eventually plug the 3rd one into the house of the vice-président.

Just recently, we changed our system and also changed the OS of our server (we switch from a SBS2003 to SBS2011).  At the same time, I decide to change the subnet so it will not be different that the usual 192.168.0.x or 192.168.1.x.

I was to reconfigure the 2 existing routers for this configuration when I realise that some point of my setup is unclear and I need to clarify those points.

Facts:

The router into the compagny has this  local IP adress:           192.168.73.1 /24

The router into the président home has this local IP adress:     192.168.0.1 /24

The router into the Vice-président will have this local IP adress: 192.168.2.1 /24

Now, If I want to configure the router of the compagny side, I had to configure this paramaters:

==================================================================

== For connecting to the président side ==

Local Group Setup:

Local Security Gareway Tyoe:     IP only

IP address:                                1.2.3.4 (The IP adress of our compagny (WAN side)

Local Security Group Type          Subnet

IP Adress                                  192.168.73.3

Subnet Mask:                             255.255.255.0

Question #1:     Is the IP adress (see below in BOLD) should be:

a)     The IP Adress of the router itself (192.168.73.1)  ??

b)     The reserve IP adress of the router (given into the Setup section) (192.168.73.2) ??

c)     Any IP adress that is available into the range between (between 192.168.73.3 - 192.168.73.254) ??

b)     192.168.73.0

Remote Group Setup

Remote Security Gateway Type:      IP only

IP by DNS Resolved:                      president_name.hopto.org

Remote Security Group Type:          Subnet

IP Adress:                                     192.168.1.0

Subnet mask:                                255.255.255.0

Question #2     Is the IP adress on the Remote Group (BOLD) should be:

a)     192.168.1.0

b)     192.168.1.1  (IP adress on his router)

c)     Reverved IP on this side (I do not remember, but I could check)

d)     Any IP adress available on his side (192.168.1.2 - 192.168.1.254)

The rest of the configuration will not change anyway (IKE with Preshared Key)

==================================================================

Assuming that we will connect another router (Vice Président) into our setup, the settings into our router will be:

==================================================================

== For connecting to the Vice-président side ==

Local Group Setup:

Local Security Gareway Tyoe:     IP only

IP address:                                1.2.3.4 (The IP adress of our compagny (WAN side)

Local Security Group Type          Subnet

IP Adress                                  192.168.73.3

Subnet Mask:                             255.255.255.0

Question #3    The IP adress (in BOLD) should be:

a)     Same as the Président (192.168.73.3)  ??

b)     Completely different (ex: 192.168.73.4) ??

Remote Group Setup

Remote Security Gateway Type:      IP only

IP by DNS Resolved:                      VP_president_name.hopto.org

Remote Security Group Type:          Subnet

IP Adress:                                     192.168.2.0

Subnet mask:                                255.255.255.0

Question #4     Is the IP adress on the Remote Group (BOLD) should be:

a)     192.168.2.0

b)     192.168.2.1  (IP adress on his router)

c)     Reverved IP (not define yet)

d)     Any IP adress available on his side (192.168.2.2 - 192.168.2.254)

==================================================================

Ok, there a lot of questions.  Some of my setup might work like this, but I want to know the CORRECT way to do it.

Many thanks...

Eric

Labels:
0 Helpful
1 Reply 1

blwright
Level 1
Level 1

‎04-24-2012 12:13 PM

Eric,

when setting up a VPN tunnel you have to think of the connection in terms of where the router is and where it is connecting to. In all cases the local ip address will be that of the router you are logged into and the remote ip address will be that of the router you are wanting to connect to.

At each location A, B, and C you will have two tunnels:

     Site A router is always the local when configuring a tunnel to a remote site

          1. Tunnel from A to B

          2. Tunnel from A to C

     Site B router is always the local when configuring a tunnel to a remote site

          1. Tunnel from B to A

          2. Tunnel from B to C

     Site C router is always the local when configuring a tunnel to a remote site

          1. Tunnel from C to A

          2. Tunnel from C to B

Hope this helps,

Blake Wright

Cisco SBSC Network Engineer

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents