1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WRV200 + QuickVPN + NAT

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by anchiang, Sep 18, 2006.

  1. anchiang

    anchiang LI Guru Member

    Hi

    i have this setup
    Internet <--> (218.x.x.x) ADSL Modem (192.168.2.1) <--> (192.168.2.2) WRV200 (192.168.1.1) <--> LAN

    I want to be able to connect remotely from internet using vpn then i want to assign local ip to the computer connected via vpn it able to browse the network and browse the internet using "router" ip

    remote (210.x.x.x) <--> Internet <--> (218.x.x.x) ADSL Modem (192.168.2.1) <--> (192.168.2.2) WRV200 (192.168.1.1) <--> LAN

    I want the remote computer to be able to browse the internet using 218.x.x.x instead of 210.x.x.x because of the security concern, anyone got idea how to achive this?
     
  2. agarian

    agarian Guest

    Blocking mode

    Hi anchiang,

    In 'big boy' VPNs like Nortel and Cisco you would be turning on something called "blocking mode" or turning off something called 'split tunnelling' (sp?). Essentially you want to force all traffic through the VPN and out through your network's def gateway. Essentially you are changing the routing table in your VPN stack to be "0.0.0.0/0 -> VPN tunnel" such that no unencapsulated packets make it to your normal stack. If nobody posts the correct way of doing this before I get my new router I'll post and let you know how it's done ...

    My WRV200 is on order - it was supposed to be in today but alas alack it was not...

    Ciao,
    Agarian
     
  3. ifican

    ifican Network Guru Member

    The way quickvpn works is quite confusing for most, it confused me at first as well. With quickvpn and from my understanding with ssl vpns in general they do not install a virtual adapter so you dont get an assigned ip that you can see on the remote machine. The quickvpn application intercepts all packet request and knows which are suppose to go to through the tunnel via the "network registration phase" and which is not. The traffic not destined for the lan goes out your normal wan connection.

    As far as agarian states, yes i have to agree on an enterprise security conscious environment you would want to make sure that all traffic goes across the tunnel so you dont have a back door into the network. However for what you and most of us use vpn for, without splint tunneling your internet sufring will become non existant while connecting to your vpn.

    I know this stuff can be confusing, if you are having a hard time comming to grips with this, post your questions and ill figure out another way to explain it.
     
  4. DocLarge

    DocLarge Super Moderator Staff Member Member

    Anchiang,

    I see 218.x.x.x and 210.x.x.x . Are you using static ip's?

    Jay
     
  5. SoonerAl

    SoonerAl LI Guru Member

    ifican...

    Just an FYI, but I use OpenVPN and quite easily configure that on the server side, ie. configure the OpenVPN server to force all client traffic through the VPN tunnel. See this section in the OpenVPN How-To for an explanation...

    http://openvpn.net/howto.html#redirect

    Note that doing this does NOT cause me to lose internet connectivity. All my client traffic to the public internet simply is routed through my OpenVPN server and on to the public internet via my personal ISP...

    Now, back to the original thread...

    My apologies for breaking in...:cool:
     
  6. anchiang

    anchiang LI Guru Member


    We are running in ADSL connection with dynamic IP, the 218.x.x.x and 210.x.x.x is just for example.

    I will try to look for the website mentioned first.
    Anw, is it okay to have "double NAT" (please see my figure below)
    (218.x.x.x) ADSL Modem (192.168.2.1) <--> (192.168.2.2) WRV200 (192.168.1.1)
     
  7. anchiang

    anchiang LI Guru Member

    thanks for the info, but this is using openvpn, do you have any solution using WRV200 instead?
     

Share This Page