4 edits |
RV042 to RV042 VPN behind a NAT routerThe trick seems to be setting Advanced-->Agressive Mode on the RV042 behind the NAT router, and NAT Traversal on both. Two BEFVP41's or RV042's will work in this configuration, but the two cannot be mixed. Note: I did not test with the BEFVP41 on the public IP address side. The RV042 log shows errors using Agressive Mode, but the VPN works reliably! Without Agressive Mode enabled, the VPN does NOT work, though Status shows Connected! The VPN over RV042s' seems faster, but I can't benchmark it.
PC-->RV042-->DSL-->Internet-->T1-->RV042-->PC
PC ...192.168.2.101 ...192.168.2.1 gateway
RV042 Aggressive mode enabled (BEFVP41 will NOT work here) ... 192.168.2.1 LAN ... 192.168.254.1 WAN
DSL Speedstream - IPSec Pass Through: Enabled ... 192.168.254.1 DMZ ... 192.168.254.254 LAN ... 73.22.15.5 WAN
~~Internet~~
T1 - w/public IP's ...63.75.3.30
RV042 ... 63.75.3.29 public IP ... 192.168.1.1 LAN
PC ... 192.168.1.102 ... 192.168.1.1 gateway |
|
I'm glad you got this to work -- I still haven't been able to do the same thing. . . and I've been trying for a couple days now using everything I can think of.
I am unable to give some of my routers public IPs, so I have to put them inline behind DSL connection points. . . hoping I'm overlooking something simple/small.
Are you willing to share your configuration settings in more detail? |
3 edits |
Sure, I'd be happy to help. First, make sure your DSL or Cable modems are set to allow VPN pass-through. Second, if your DSL or Cable modems have a DMZ setting, set the IP address to your Linksys router. RV042-to-RV042 or BEFVP41-to-BEFVP41 will work behind your NAT enabled DSL or Cable modems. RV042 to BEFVP41 will NOT. RV042-to-RV042, one must be set to aggressive mode. BEFVP41-to-BEFVP41, do not require any special settings, they just work.
Use two different subnets, one for each network. Example: 192.168.1.1-255 on the first network, 192.168.2.1-255 on the second network. VPN will automatically take care of all the routing.
Use static IP addresses on all your workstations. This is NOT required, but it will help you keep your sanity. If you do this, add entries to your HOSTS file. 192.168.1.101 Dick 192.168.1.102 Jane 192.168.2.101 Jack 192.168.2.102 Frost or always use the IP address when trying to connect to remote pc's. Example \\192.168.1.101\Share instead of \\Dick\Share
Even better!! If you are running a file server and install the WINS service, set all workstations WINS setting. This is totally slick. |