Home » Forums » Community Edition » Open Discussion

2 Locations - how to setup VPN? (Cisco RV042?)

marcuso
Posts: 8
 Member Since:
2009-04-12
Submitted by marcuso on Sun, 05/10/2009 - 8:56pm.

We are using a Trixbox Pro and we are moving into an office space where we will have to share resources (including the T1).

We will not have control over the Internet connection. Therefore, we are not going to be able to setup a VPN on the gateway device. The gateway probably puts us behind NAT.... I am wondering if we can run a firewall device (namely the Cisco RV042) behind the NAT and statically assign IPs (set the gateway address to the Cisco RV042)? I noticed that under "Advanced Routing" we can switch the configuration from "Gateway" to "Router". Is there anything else that I am going to have to keep in mind or do? Can this be accomplished without having to open ports?

If not possible with the RV042, how would the Pix 501 handle this scenario? Any other devices or options?

‹ Maintain User/Password Authentication for SIP extention account. Errors while opening maint website ›

&nbsp

catelco
Posts: 19
 Member Since:
2006-10-29
VPN Specs
Mon, 05/11/2009 - 8:17am

You can use the RV042 with a private IP but first your main Router will need to have a DMZ pointing to your RV042 private IP.
Then you can stablish a VPN to the other point configuring the necesary option at the Linksys to accomplish that.
Remeber to use the Public IP of the main router when configuring the remote site, never use the private IP.


&nbsp

adabbas
Posts: 191
 Member Since:
2008-11-19
Your post's title says "2
Mon, 05/11/2009 - 1:12pm

Your post's title says "2 Locations"; are you trying to create a VPN tunnel between 2 locations?? What about the 2nd locations? is its gateway controlled by you? if So then problem solved, you get location 1 to establish the tunnel to the real IP address of Location 2.

catelco answer is great, but assuming they have one public IP address to share with you they will be less likely to put your router as the DMZ. But luckily you do not really need to; you can ask them to port forward “Publish” some ports to your gateway. If this ports already in use by them then do not wary much about it as you can easily change standard ports for almost everything, and you will get the added benefit that hackers will not easily find your standard services.

Of course this would be much easier if they have more than one public IP address and forward all traffic distained to one of those IP addresses to your RV042 gateway as catelco suggested.


&nbsp

marcuso
Posts: 8
 Member Since:
2009-04-12
Our primary location is
Mon, 05/11/2009 - 1:30pm

Our primary location is controlled by us; static IP, etc. The primary location has our Trixbox.

The secondary location is not controlled by us. We can probably get them to port-forward (and hopefully do QOS), I think you are right that DMZ is out of the question. There will be multiple phones as the second location, so I don't think that we can avoid using a VPN for each subnet. I just wonder if we can expose a subnet with the VPN device (RV042) without using it as a gateway.... From your answer, I think yes. Any tips on how to get it configured? Is there a way to avoid mixing networks between the two organizations (assuming a simple router is used)?


&nbsp

marcuso
Posts: 8
 Member Since:
2009-04-12
Another question: We may be
Mon, 05/11/2009 - 1:54pm

Another question:

We may be able to get the ISP to issue another IP in which case, we could probably run our own router. My concern is that we wouldn't be able to do QOS and prioritize VOIP packets. Do ISPs typically offer QOS service to the IP addresses so that we wouldn't have to bother with inserting an extra router? If they do not, what is the simplest router that we could put in front of the other network's gateway? Could we insert a PIX 501 before their gateway and use it as our own gateway and VPN device? Could we effectively prioritize traffic for VOIP? I assume that if we were to go this route, we would want to hire someone to configure the router? How much does this typically cost? Anybody on here want to do it?


&nbsp

adabbas
Posts: 191
 Member Since:
2008-11-19
You’ve lost me somewhere
Wed, 05/13/2009 - 1:58am

You’ve lost me somewhere with this answer.

Anyway, if the primary location is controlled by you then have no problem at all: Run a VPN server on it.
In the secondary location configure the RV042 to act as a gateway for your own subnet (the part that you control). It will have two IPs one in your subnet, and the other in the subnet of the people that control you (in normal situations this would be a WAN IP on the Internet, but in your case it will be an IP on their subnet). After that you configure the RV042 to be a VPN client connected to your VPN server at the primary location. This way you do not need any body to forward any ports to you as your router will be initiating the connection to your primary location.


&nbsp

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.