Just got the RVS4000 vpn router and have some problems making it work. The RVS4000 router is behind another wireless dsl router. I want to achieve the following things:
1) make PCs connected to RVS4000 have an access to internet
2) make PCs connected to RVS4000 access PCs from wireless router network
3) make PCs connected to wireless network access PCs connected to RSV4000 PCs.
I've tried to change the operating mode from Gateway to Router but it does not help. Also addling static entries to routing table does not work out. Please help. In attached image you can see my network topology.
I defined 2 networks 192.168.1.0/255.255.255.0 for wireless router network and 192.168.2.0/255.255.255.0 for RVS4000 network. If its possible to combine these two networks to one it would be better, if not no problem.
Please help making the router work.
Thanks in advance,
If you are not going to use the VPN function of RVS4000, you could add a static router on the wireless router, pointing all traffic destinied to the192.168.2.0 subnet to the WAN IP of RVS4000. If you do want to use the VPN function of RVS4000, it might be easier to use RVS4000 as your internet gateway and add a static route on RVS4000 to route all traffic destinied to the 192.168.1.0 to the WAN IP of the wireless router.
Thanks guys for quick reply. I managed to make computers behind RVS4000 access the ones behind wireless router. But opposite doesn't work. I'm using 2Wire 2701 HG-B which comes with AT&T by default. Couldn't find any routing configuration there. Do you know how to do that?
I have one more question related to VPN configuration. Currently I connect to remote network thru Cisco VPN Client, which has already preconfigred PCF profile. How can I based on that profile configure my RVS4000 to do the same thing which Cisco VPN Client does - connect to remove VPN server?
What you see is normal as long as the router operates with NAT enabled (Operation mode "Gateway Mode" on the advanced routing page). It is the same thing that protects any gateway router LAN from the internet. With NAT enabled any traffic into the LAN must be initated before from inside the LAN unless you configure port forwarding (which only works for a single LAN IP address).
If you want a fully routed LAN with the RVS as router you must switch the RVS to router mode.
In addition, you must configure static routing on your wireless router to route 192.168.2.0/255.255.255.0 to the WAN IP address of the RVS (something 192.168.1.*).
Ideally, you should configure the same route on any computer connected to the wireless router in 192.168.1.* or at least accept ICMP redirects in the firewalls of all these computers. Otherwise any traffic from a computer in 192.168.1.* will go to the wireless router, then to the RVS and then to the RVS LAN. With direct static routing on the computers or ICMP redirects the computers will learns to sent traffic for the RVS LAN directly to the RVS.
I don't know the 2wire. You should check the user guide.
Please remember, that you have two seperated broadcast domains: standard windows workgroup browsing won't work across a router. If you want to access file shares on a workgroup computer in the other LAN you must enter the IP address instead, e.g. \\192.168.1.123\share If you run your own WINS or DNS server and everything is correctly set up you won't have a problem.
There may be one problem, however, with this kind of setup depending on the capabilities of the 2wire: you may not have internet access from the RVS LAN. Your 2wire route does NAT to map your private IP addresses to your public IP address. Many routers, however, only do NAT for source IP addresses inside their own LAN IP subnet. This would mean the router only translates source IP addresses 192.168.1.* to your public IP address but not any other source IP address including 192.168.2.*. Of course, if your 2wire routes packets with source IP addresses 192.168.2.* without translation into the internet it will go nowhere.
You have to test how your 2wire behaves. If you have successfully created the fully routed LAN (i.e. both sides can access each other) but only have internet in the 2wire LAN but no in the RVS LAN you run into this issue.
The Cisco VPN Client uses IPSec XAUTH extensions to authenticate users. The RVS4000 only supports plain IPSec with XAUTH. You cannot use the Cisco VPN Client to connect to a RVS4000 nor can you configure the RVS4000 to connect to a VPN server configured for connections from the Cisco VPN Client.
gerald_vogt, You're right. My 2Wire router routes the packets to internet and it seems to be impossible to modify its routing tables. Concerning -
"The Cisco VPN Client uses IPSec XAUTH extensions to authenticate users. The RVS4000 only supports plain IPSec with XAUTH. You cannot use the Cisco VPN Client to connect to a RVS4000 nor can you configure the RVS4000 to connect to a VPN server configured for connections from the Cisco VPN Client."
It means that there is no use for me to have RVS4000 router. Is there any VPN router which allows connecting to remote VPN server which is configured to be used from the Cisco VPN Client?
You should be able to configure static routes on the 2wire. The user guide is here. On page 109, paragraph "Advanced - Static Routes" describes how to do it. According to the user guide the feature can be disabled. If you don't find this option in your router you probably have to ask your ISP (or whoever provided the 2wire).
I think you are looking for the feature "Easy VPN Remote". You find it in the bigger Cisco routers, e.g. the 800, 1800 series etc. I think the SR520 should support it as well. I don't know about the other small biz routers from Cisco. I think all the routers which came from Linksys do not support it.
The RVS4000 VPN can be configured for IPSec gateway-gateway tunnels which only requires a shared secret or certificate for authentication. That works with other RVS4000 and should also work with many other plain IPSec routers.
And you connect from remote with the QuickVPN client to the RVS4000.
The RVS4000 is designed for the office end and not for the telework end who wants to connect to the office.
The simple solution: replace the RVS4000 with a simple switch. That's basically what you want to do as computers on either side of the RVS should have access to the other side.
You can use the RVS4000 as switching device if you set up the RVS as follows:
1. you configure the LAN IP address of the RVS to 192.168.1.253.
2. you disable the DHCP server on the RVS.
3. you wire one of the LAN ports of the RVS to your existing LAN. The internet port of the RVS remains unused.
Now you pretty much use the RVS as hardware switch. You won't be able to use any internet related function of the router, in particular you cannot use the VPN server.