1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Linking 2 BEFVP41 v2

Discussion in 'Networking Issues' started by mbescher, Sep 25, 2005.

  1. mbescher

    mbescher Network Guru Member

    I have two different locations, joined by an E1 leased circuit. I have bought 2 BEFVP41 v2 to create a VPN tunnel between the two locations.

    Location A:
    SUBNET: 192.168.1.0
    WIN2003 Server w/ internet access: 192.168.1.1
    BEFVP41 LAN: 192.168.1.211
    BEFVP41 WAN: 192.168.10.1
    Static route:
    192.168.2.0
    255.255.255.0
    192.168.1.210

    Location B:
    SUNBET: 192.168.2.0
    WRT54G LAN: 192.168.2.1
    WRT54G WAN: 192.168.1.210
    BEFVP41 LAN: 192.168.2.5
    BEFVP41 WAN: 192.168.10.2

    Location A has internet access, location B does NOT.

    I've managed to connect the two BEFVP41s using their WAN ports. Computers in both locations can see ping etc., eachother.

    PROBLEM: computers in location B can not access the internet.

    Any ideas?
     
  2. BlueSkye

    BlueSkye Network Guru Member

    This is very interesting, mbescher.

    You indicated in my post, that you are attempting to accomplish essentially the same goal I am trying to accomplish with my post of 9/21/05 entitled:

    BEFSX41's: VPN across a wireless intranet - then to internet

    But, if I am reading your network architecture correctly, you have turned around your BEFVP41 router in Location A by reversing the LAN/WAN nodes in your architecture. My equivalent router (BEF#2 in my architecture).

    I describe my architecture as follows:

    client1---lan.BEF1.wan---(linux router to linux router wireless link)---wan.BEF2.lan---client2---internet

    If I understand your architecture correctly, I would describe it, below. I have placed your subnet numbers in [] brackets. Example: 192.168.10.0 subnet = [10].

    LocationB-LAN--[10]--wan.BEF-B.lan--[2]--lan.WRT-B.wan--[1 (the wireless link)]--lan.BEF-A.wan--[10?]
    ............................................................................................|
    ............................................................................................|(attached to the [1] subnet)
    ............................................................................................|
    .............................................................................................--WIN2003 Server--internet

    Actually, after having sketched out what I believe to be your network architecture, I am totally confused. I don't even understand how this could work. I think I must have misunderstood your architecture from the data you provided.

    Could you perhaps explain in more detail what your architecture is? Is my above sketch even close? What device(s) are cabled on the WAN side of your BEF at Location A? As I have sketched it (which must be wrong) you have two physically different subnets identified as subnet .10.0. If that is the case, you must have some powerful routing tables in these devices, it seems to me. Could you describe your routing tables in these devices? What are your default gateway addresses in each of the devices?

    Could you also describe in more detail what your connectivity testing has been and the results. Who can ping whom? What do your tracert's look like from various nodes to other nodes in your net?

    I believe we are attempting to accomplish similar overall goals, but it appears to me we have taken quite different network architecture approaches, and I don't think I even understand your approach. I am also puzzled that you are able to direct a VPN connection out your LAN side of the LocationB BEF router. I am also puzzled why you would configure the architecture I have attempted to sketch if you were trying to utilize VPN tunnels to secure the wireless link.

    Therefore, I must have something wrong in my sketch of your network architecture, and would love to hear more about what you have set up and what you have done with it.


    BlueSkye :eek:
     
  3. mbescher

    mbescher Network Guru Member

    Actually I didn't really explain well enough and I combined two different schemes in one. It should be:


    clientB---LANbefvpWAN---(ADC_HDSL_Modem_E1_Leased_Circuit)---WANbefvpLAN---clientA

    in IP format:

    [2.1]---[2.5]bef[10.2]---[10.1]bef[1.211]---[1.1]

    It's pretty much the same as you. I can only get the BEF to VPN on WAN to WAN. It's my leased circuit I want to encrypt. And like you, the internet access is on 1 side only.

    Would the bef on the A side allow me to enter a default gateway on the lan side I think it would work.

    I actually use a WRT54G as [2.1].
     

Share This Page