AG241 & VPN's

Discussion in 'Other Linksys Equipment' started by vjapu, Jun 1, 2005.

  1. vjapu

    vjapu Network Guru Member

    Just organised a AG241 for a client to replace an ageing Watchguard SOHO6 and ADSL Router. We figured the single box approach would make VPN setup a lot easier.

    According to NZ distributor and what I can find in the manual etc. The AG241 should work fine as a "VPN Termination Device"

    What the client wants is to access their SBS server behind the AG241 from home etc. OWA is the main focus.

    So the documentation had info about secpol.msc modifications but there must be a nice user freindly VPN client that will work with AG241's. Yes??

    Tried secpol.msc methods without success. Found a free VPN/Firewall Client called Securepoint. It seemed to establish a tunnel OK. Certainly now flashing errors or anything.

    But could not browse the www server on the inside.

    Setup is something like this

    server>AG241>internet<modem<home client

    office lan is using 192.168.16.x/24

    So from the home client do I browse to 192.168.16.x or the WAN IP of the AG241? I am not sure on that one for a start. My educated guess is to browse to 192.168 address as the IPSEC policy is set to form a tunnell to the remote gateway for the remote 192.168 subnet.

    I am looking to hear from anyone with tips n tricks for the AG241 and VPN's in general.

    Temporaraly I also enabled remote support on the router so I could check settings from home. That doesn't work even!

    I disable all IPSEC policy and personal firewall and try to browse to the WAN IP address using the port specified and nothing. NADA.
  2. Andyrew

    Andyrew Network Guru Member

    If the client has another router at home which has endpoint functionality then you are better off not using any VPN client software to pass-through the AG241 but instead setting up an IPSec tunnel from gateway to gateway.

    More information on this is available from:

    If however the customer does not have a router capable of this then you only need to enable pass-through on the router and setup your SBS server for Routing and Remote Access etc.

    More information on this including test labs etc are available from:

    Once you have established the VPN tunnel using either methods you can access the SBS server using its internal address ( or if you have NetBios broadcast enabled you could just use the network browser.

    Q: When you are using the SecurePoint VPN software can you ping any internal addresses on the remote Lan?

    Hope this helps
  3. vjapu

    vjapu Network Guru Member

    I am recommending that they use the same modems from home to avoid combatibility issues.

    I will read the links you posted and go from there.

    So you dont recommend using AG241 as tunnel endpoint with VPN client by the sound of it.

    Thanks :)
  4. Andyrew

    Andyrew Network Guru Member

    It doesn't really matter which method you use, the AG241 will support and cope well with both.

    Personally I prefer using a gateway to gateway VPN but it all depends on the requirements of the client.

    There are pros and cons associated with both setups but the bonus with setting up a couple of endpoints using the router(s) is that there is no server software required as the router handles everything nor is the VPN client software required either.

    Another reason for using the endpoint functionality of the router is that if your clients are pretty "dense" when it comes to computers, putting a nice application on their desktop may start off all well and good but in the computing industry the end user always finds a way to break it (whether their fault or not). Having the VPN endpoints configured in the router itself keeps this out of the reach of average Joe Bloggs from tinkering with the system and causing more work for your technical support :)

    Another good link which you may find a good read is an article on TomNetworking:
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice