RV082 VPN and VLAN problems, need help!

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by brothertu, Nov 16, 2006.

  1. brothertu

    brothertu LI Guru Member

    Hi everyone,
    I am configuring a Linksys RV082 VPN router in our office and I can build VPN connection from outside with no problem.

    But I got a problem when I tried to prevent the VPN user from accessing some LAN resources. The issue is, we've got 10 PCs in the office LAN and I just want the VPN user be able to access 6 of them. I don't know what should I do with the RV082 router.

    At the moment, the 10 PCs are in a workgroup under same sub network 192.168.1.XXX.
    The RV082 router is the default gateway, with IP on the LAN interface.

    I am thinking of configuring VLAN from the RV082 router but I got no idea on how to do it.

    Is there anyone got similar experience before?
    Any advice would be much appreciated.
    Thanks inadvance.
  2. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    It's going to be a matter of user accounts within Windows for those resources. If you have just a peer to peer network at the office...you're seeing one of the drawbacks of that. For a business network..if you wish to control access/resources...you should have a domain controller, create groups, and control access to resources based on those groups and/or just users.
  3. brothertu

    brothertu LI Guru Member

    Hi YeOldeStonecat,
    Thanks for your reply.
    I am just wondering if there is a way I can implement this from the router side as RV082 got built-in VLAN feature and a firewall which can create access rule , instead of apply user previlege management on the local computers just like you suggested.

    One thing I forgot to mention is that there are some other network equipments in the LAN which I don't want VPN user to access, eg, network printer stuff like that.

    Does it make sense?
    Thanks a lot any way.


  4. vpnuser

    vpnuser LI Guru Member

    You could try assigning your LAN resources to an IP Range that goes into the remote security group of the VPN tunnel.
  5. heidnerd

    heidnerd LI Guru Member

    The VLAN feature of the RV082 lets you break up the switch ports into multiple lans... for exampel ports 1-4 could be on VLAN1 and ports 5,6,7 and 8 could be on VLAN2, VLAN3, VLAN4 and VLAN5. All of the VLAN's would have access to the outside WAN ports BUT only ports 1-4 could see each other and ports 5,6,7 and 8 could only see the outside world -- not any other local port on the switch.

    You could use an IP range or a combination of IP and subnets to allow access to the six. Or use a VLAN to allow the VPN to connect to six... but that means the other two ports would be isolated from the six as well as the VPN session... so IP range or subnetting would probably work better in your case.
  6. brothertu

    brothertu LI Guru Member

    Hi Heidnerd,
    Thanks you very much.
    That sounds like what I am looking for.
    Were you be able to give a example of IP range or subnetting setup for this case?
    For example: I got 3 PCs in the LAN, I want the VPN user be able to access PC1 and PC2, but not PC3. I also want PC3 be able to access PC1 and PC2.
    So, I guess PC1, PC2 and VPN user must be in the same subnet, PC3 must be in a different subnet.
    I am thinking of subnetting as below:
    PC1: /
    VPN user:

    Do you think this will work or not?

    Many thanks.

  7. brothertu

    brothertu LI Guru Member

    Hi Vpnuser:
    Thanks for your reply but don't know how to implement your solution. Were you be able to give some more details?

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice