Example RV082 VPNs via WiFI-WAN

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by pablito, Sep 1, 2007.

  1. pablito

    pablito Network Guru Member

    This is an example setup of an RV082 behind a WiFI link.

    I live downstairs and for now can't run a cable to the upstairs router. I've tried a number of ways to route, firewall, and VPN my room. I have a need for VPNs to various locations. The remote VPNs are on a combo of other RVs and a generic linux firewall w/IPSEC VPN. I use a WiFI phone that registers to a PBX at my office. Right now the cleanest and most stable config is to use an RV082 (with or without NAT) to a WRT in client&router mode (no NAT) to the upstairs AP and internet.

    Currently I run::
    my_LAN--->RV082--WAN--->WRT54G(client)------>WRT54G(AP)--->WAN-10MB/s. Only the last AP runs with NAT.

    I run a 3rd AP (any brand) behind the RV to increase roaming area. I use the same SSID & WPA but on different channels to create a large area for laptop and phone.

    I run RIP on the RV's WAN, the 1st WRT's WAN & LAN, and the 2nd WRT's LAN. Routing and firewalling works very well. The WiFI phone picks up the strongest AP and transparently finds the PBX over VPN or internet depending on which AP. No fancy QOS setup but WMM is activated and the phone always works great. No problem getting the full 10MB/s internet speed from any of the locations. I enable frameburst but not afterburner. I don't enable NetBIOS over the WANs or VPNs but set WINs to the office Samba server for devices behind the RV; other locations can run a PPTP VPN as needed. File sharing with the laptop is seemless from home, work, or soccer field. Normally I transfer files with SFTP which is even better than MS networking and is more intuitive to/from linux. The WiFI phone connects from either location with WPA or from any random open AP (common in the burbs).

    The RV and 1st WRT run in router mode so only a single NAT is used. The 2nd WRT sets DMZ to the WAN port of the RV082. The 2nd WRT runs dynamic DNS to keep IP current for the VPN endpoints. I run normal 3DES tunnels with NAT-T, PFS, compression, and use keep alive on tunnels that must stay up otherwise they connect on demand.

    also tested as working:
    These setups were fine but can be a little trickier keep the VPNs stable without using aggressive mode.

    And I've tried various combos with and without NAT. Using double or even triple NAT doesn't affect the internet speed. VPNs get a lot tricker with multiple NATs. Using single NAT and DMZ on the final AP makes the RV the primary firewall and works very well.

    Attached Files:

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice