1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Site-to-Site VPN

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by soslink, Jan 31, 2007.

  1. soslink

    soslink LI Guru Member

    We are going to purchase (2) Linksys RV042 routers and setup a Site-to-Site VPN between our main location(MO) & branch office(BO). Each of those sites has a Static IP. We also need the ability for our remote users who are traveling or working at home to get access to the main location's network. We have a couple questions:

    1. When we create the tunnel between the MO & BO, do we start with the router at the MO, create a tunnel to BO....then do we go to the BO and create the same tunnel to the MO--using different Static IP? Confused on the tunnel endpoints.

    2. For our other remote users, do we create a separate tunnel for each of them on the MO router using the "Client-to-Gateway" setup? Or is it best to use the "Group VPN" option.

    Basically, we were not sure if we could use the router for both a "Gateway-to-Gateway" AND "Client-to-Gateway"???

    Thanks
     
  2. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    1. It doesn't matter in what order you create the site-to-site tunnel in as long as the rules are symmetric. For example, if on the MO RV042 you are protecting network a.a.a.a/24 when connecting to remote network b.b.b.b/24, then the BO router will need to be configured for local network b.b.b.b/24, remote network a.a.a.a/24. Clearly other things have to match....pre-shared key, encryption algorithm, hash, etc. The MO router will use the BO router's IP address for the remote gateway and vice versa.

    2. The Client-to-Gateway function will allow you to configure users for QuickVPN client access to your MO router.

    Finally, yes you can do gateway-to-gateway and client-gateway VPNs simultaneously.

    /Eric
     
  3. soslink

    soslink LI Guru Member

    Thanks you so much...I think we are just making it harder than it seems before actually trying to set it up first.
     

Share This Page