newb to wireless vpn - general info

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by mcmark, Jan 21, 2006.

  1. mcmark

    mcmark Network Guru Member

    Hi all,

    Just joined forum and have a question regarding the Linksys WRV54G and how a laptop w/wireless connects with it. I am very new to wireless and have some security concerns about broadcasting data into the AZ-osphere.

    I have a laptop that I would like to connect wirelessly to my home network. I want this to be very secure because I am a paranoid type person. I currently have a firewall router to the external world and a home network behind it. I would like to set up a WRV54G behind my current router to have a wireless subnet.

    Does the user start a VPN client on the laptop to connect to the WRV54G or is the only VPN connection allowed from the external world?

    If the user doesn't open a VPN client connection to the WRV54G, how secure are the transmissions?

    Thanks very much for your patience and help with me. :???:
  2. DocLarge

    DocLarge Super Moderator Staff Member Member

    The best thing to do is make sure your intial internet connected router is just a "wired" router (no wireless); if is, just turn the wireless off. Make sure you use WPA/TKIP with a password "minimum" of 26 characters for strong integrity. A
    strong password is a good start.

    A vpn connection doesn't "just connect" unless:

    1) A client makes a request to connect to an endpoint vpn router/server
    2) A "router-to-router" configuration is already in place. In this example, a hardware vpn solution between two sites is already in place, thus sharing information between the two sides "via the routers;" the end result is nothing is required of the users to see the other side (I'm strictly speaking in general terms without getting into permissions, scripts, authentication, security privileges for all the "nitpickers" who may read this... :) ).

    Next, run straight-thru CAT5 from LAN port of your first routet to the "WAN" port of your WRV54G. Also, make sure you configure your first router with DHCP to hand out "one" ip address which will go to your WRV.

    Next, connect to the WRV via wireless or via a CAT5 cable running from on of its LAN ports to your laptop. Log in, and configure the local subnet address with an address that's "differen" from your first router. If your first router uses, use (as an example) for your WRV's segment. Again, use WPA/TKIP (because AES has been missing for some time) for your security; additionally, change the defauly SSID "AND" disable SSID broadcast. Since you have a small network, I personally would use static ip addresses for everything and disable DHCP. If you do disable DHCP and use static, make sure the ip addresses you assign fall into the same subnet as what the router is using.

    Once you've done all of this, you'll need to forward ports 443 and 500 from your first router to the ip address that your WRV pulls; the ip address the WRV pulls is going to be assigned to its WAN port (effectively putting it on the same segment as your border router); now you'll be able to pass information to/from the internet, to include having two separate subnets for routing traffic.

    This should get you started...

  3. mcmark

    mcmark Network Guru Member

    Thanks for the informative response. This will help a great deal.

    My question though is can the laptop user connect to the WRV54G via a wireless VPN connection? This would provide one more level of security on the transmissions.

    I don't know if the VPN part of the WRV54G is ONLY on the WAN port or if it is associated with each LAN port as well.

  4. DocLarge

    DocLarge Super Moderator Staff Member Member

    Yes, you can connect via a wireless vpn connection. This was a big debate amongst the WRV54G communitiy initially because of the difficulty quickvpn posed when it first came out. I use quickvpn from a wireless hotspot "all of the time," so you'll be able to do it...

    If "I'm" interpreting your second question correctly, the vpn functionality is assigned to the WAN port, so you won't get this if you just have the WRV54G connected to a modem or another router by it's LAN ports.

  5. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    I think he's looking for the "VPN Wireless" funcationality on the LAN side...similar to what Sonicwall does. The wireless clients on a Sonicwall network...VPN to the LAN side...hence super secure transmission of network traffic on the LAN side.

    Which is far as I know is not available in any home grade wireless products.
  6. mcmark

    mcmark Network Guru Member

    Thanks for the great info. I was trying to find out about VPN on the LAN side and it looks like I'm not going to get that.

    Oh well, now I have to figure out if my security paranoia can be satisfied with WPA.

    Thanks Again
  7. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    WPA is pretty good, change it often if you're that worried. Also you can add....mac filtering. That way you have 2x layers of protection. And make sure you change the default Admin password for the routers web admin.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice