|
Home > Archive > VPN > December 2006 > VPN routing....
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| miketop1@gmail.com 2006-12-12, 1:13 pm |
| Please,
I just want to have the picture of how they're linked to each other
(using IP addressing).
The thing is; I am trying to set up a VPN connection between two LANs
located far from each other; in two different cities (each has about 50
users).
The thing is I am not sure if what I have in planning is right.
I plan to get 2 Class C addresses from an ISP, on for each LAN. I will
apply subnetting to each, by making use of a router (VPN,cisco branded)
on each LAN. This routers will have 5 switches connected to them, then
inturn 10 PCs will be connected to each of the switches, to make a
total of 50 PCs on each LAN; so far is this setting ok?
Now,
The thing is, I am not sure how I will configure each router to speak
to each other over the internet. I know it can't be as straight forward
as I plan on doing it; i.e. by me somehow including in the router (LAN
A) the Public IP address of router (LAN B) and Vice-Versa.
Please, what I have just said, is it in anyway right? or am I missing
something?
Basically, just want to have a sort of picture of how everything will
be linked via. IP addresses.
Thank you.
N.B.
If you need to know, I plan on implementing a Remote Access VPN (SSL),
which I believe will be web-based.
Thank you so much.
| |
|
|
I think you need to start by googling for beginner tutorials. use:
cisco router basics primer
vpn primer
cisco.com: site-to-site vpn
This will get you enough reading material to keep you busy through the
weekend.
<miketop1@gmail.com> wrote in message
news:1165944411.029728.104600@f1g2000cwa.googlegroups.com...
> Please,
> I just want to have the picture of how they're linked to each other
> (using IP addressing).
>
> The thing is; I am trying to set up a VPN connection between two LANs
> located far from each other; in two different cities (each has about 50
> users).
>
> The thing is I am not sure if what I have in planning is right.
>
> I plan to get 2 Class C addresses from an ISP, on for each LAN. I will
> apply subnetting to each, by making use of a router (VPN,cisco branded)
> on each LAN. This routers will have 5 switches connected to them, then
> inturn 10 PCs will be connected to each of the switches, to make a
> total of 50 PCs on each LAN; so far is this setting ok?
>
> Now,
> The thing is, I am not sure how I will configure each router to speak
> to each other over the internet. I know it can't be as straight forward
> as I plan on doing it; i.e. by me somehow including in the router (LAN
> A) the Public IP address of router (LAN B) and Vice-Versa.
> Please, what I have just said, is it in anyway right? or am I missing
> something?
>
> Basically, just want to have a sort of picture of how everything will
> be linked via. IP addresses.
>
> Thank you.
>
> N.B.
>
> If you need to know, I plan on implementing a Remote Access VPN (SSL),
> which I believe will be web-based.
>
> Thank you so much.
>
--
Posted via a free Usenet account from http://www.teranews.com
| |
|
| Which router are you planning?
Specify according to which the VPN Config wil be laid..
But the concept will be same.
CK
miketop1@gmail.com wrote:
> Please,
> I just want to have the picture of how they're linked to each other
> (using IP addressing).
>
> The thing is; I am trying to set up a VPN connection between two LANs
> located far from each other; in two different cities (each has about 50
> users).
>
> The thing is I am not sure if what I have in planning is right.
>
> I plan to get 2 Class C addresses from an ISP, on for each LAN. I will
> apply subnetting to each, by making use of a router (VPN,cisco branded)
> on each LAN. This routers will have 5 switches connected to them, then
> inturn 10 PCs will be connected to each of the switches, to make a
> total of 50 PCs on each LAN; so far is this setting ok?
>
> Now,
> The thing is, I am not sure how I will configure each router to speak
> to each other over the internet. I know it can't be as straight forward
> as I plan on doing it; i.e. by me somehow including in the router (LAN
> A) the Public IP address of router (LAN B) and Vice-Versa.
> Please, what I have just said, is it in anyway right? or am I missing
> something?
>
> Basically, just want to have a sort of picture of how everything will
> be linked via. IP addresses.
>
> Thank you.
>
> N.B.
>
> If you need to know, I plan on implementing a Remote Access VPN (SSL),
> which I believe will be web-based.
>
> Thank you so much.
| |
|
| miketop1@gmail.com wrote:
> Please,
> I just want to have the picture of how they're linked to each other
> (using IP addressing).
>
> The thing is; I am trying to set up a VPN connection between two LANs
> located far from each other; in two different cities (each has about 50
> users).
>
> The thing is I am not sure if what I have in planning is right.
>
> I plan to get 2 Class C addresses from an ISP, on for each LAN. I will
> apply subnetting to each, by making use of a router (VPN,cisco branded)
> on each LAN. This routers will have 5 switches connected to them, then
> inturn 10 PCs will be connected to each of the switches, to make a
> total of 50 PCs on each LAN; so far is this setting ok?
>
> Now,
> The thing is, I am not sure how I will configure each router to speak
> to each other over the internet. I know it can't be as straight forward
> as I plan on doing it; i.e. by me somehow including in the router (LAN
> A) the Public IP address of router (LAN B) and Vice-Versa.
> Please, what I have just said, is it in anyway right? or am I missing
> something?
>
> Basically, just want to have a sort of picture of how everything will
> be linked via. IP addresses.
>
> Thank you.
>
> N.B.
>
> If you need to know, I plan on implementing a Remote Access VPN (SSL),
> which I believe will be web-based.
>
> Thank you so much.
>
You don't need class C's for each site, private address ranges will work
as long as they are different each end and you use nat. A static IP for
the wan address of the router should be enough.
simon
| |
|
| Simon wrote:
> miketop1@gmail.com wrote:
> You don't need class C's for each site, private address ranges will work
> as long as they are different each end and you use nat. A static IP for
> the wan address of the router should be enough.
> simon
I mean't you don't need public class Cs for the lans 
| |
| miketop1@gmail.com 2006-12-13, 1:12 pm |
| @ Simon
> Simon wrote:
Please Simon,
Please check if I get your logic;
That is;
The private address is to be issued to the workstations in tha LAN;
The NAT is just to include an element of Security into the whole
'equation'
are what I'm saying according to your point (trying to get the picture,
with respect to IP addressing)
but
based on what you said above, shouldn't 2 static IP be issued for the
two routers?
and how will the workstations communicate with each other, when the
whole network has been protected by a NAT,
which will block the ip address of the internal network?
@ CK
[vbcol=seagreen]
> CK wrote:
[vbcol=seagreen]
I'm planning on making use of any router that support VPN conections.
(If I'm not doing
something right, please let me know)
I also plan on making use of a Remote-Access VPN connection, that will
enable the LANs
to interact with each other.
Simon wrote:
[vbcol=seagreen]
> Simon wrote:
> I mean't you don't need public class Cs for the lans
| |
|
| miketop1@gmail.com wrote:
> @ Simon
>
>
> Please Simon,
> Please check if I get your logic;
>
> That is;
> The private address is to be issued to the workstations in tha LAN;
> The NAT is just to include an element of Security into the whole
> 'equation'
> are what I'm saying according to your point (trying to get the picture,
> with respect to IP addressing)
>
> but
> based on what you said above, shouldn't 2 static IP be issued for the
> two routers?
> and how will the workstations communicate with each other, when the
> whole network has been protected by a NAT,
> which will block the ip address of the internal network?
>
>
>
> @ CK
>
>
>
> I'm planning on making use of any router that support VPN conections.
> (If I'm not doing
> something right, please let me know)
>
> I also plan on making use of a Remote-Access VPN connection, that will
> enable the LANs
> to interact with each other.
>
>
>
> Simon wrote:
>
>
Hi,
yes 2 static public IPs for the routers, the routers nat the 2 different
lan subnets to their own wan address to allow each site internet access.
Then you create a vpn tunnel between the 2 routers with routes to each
lan across the tunnel. I've done this with 25+ sites connecting back
into a central hub with no problems.
simon
| |
| miketop1@gmail.com 2006-12-13, 1:12 pm |
| wow! at last met someone who has done this practically.
Please,
I don't mean to be a 'prick', but you made a statement that I kinda
couldn't see the picture, "the routers nat the 2 different lan subnets
to their own wan address to allow each site internet access"
When you meant 'the routers nat the 2 different subnet to their own
wan address' did you mean the routers 'hides' the subnet (i.e.
255.255.255.0 not the IP addresses) and replaces it with their IP
address?
Because I've always thought when NAT occurs, it hides the IP addrss
of the workstations accessing the internet, not the subnet. (got it all
twisted).
And just to be specific, so if we're going to get a static IP address
from the ISP for the two routers, is that it doesn't matter what class
it is?
Thanks.
N.B.
Just so you know;
I'm really glad, because you really are making things look clearer now,
been wandering the whole Internet for answers like yours.
Simon wrote:
> miketop1@gmail.com wrote:
>
> Hi,
> yes 2 static public IPs for the routers, the routers nat the 2 different
> lan subnets to their own wan address to allow each site internet access.
> Then you create a vpn tunnel between the 2 routers with routes to each
> lan across the tunnel. I've done this with 25+ sites connecting back
> into a central hub with no problems.
> simon
| |
|
| Hi,
right nat can be 1 to 1 - so for that you need a public class c on the
outside to match each of the internal class c addresses. Then there is
one to many which I am referring to, this nats the whole internal subnet
- can be bigger than a class c if the router is up to the job, to a
single external public wan address.
And yes the address from the ISP can be as subnetted down as far as you
like, you only need one so a 255.255.255.252 mask is preferred, that
give's their router the other address in that subnet.
simon
miketop1@gmail.com wrote:
> wow! at last met someone who has done this practically.
> Please,
> I don't mean to be a 'prick', but you made a statement that I kinda
> couldn't see the picture, "the routers nat the 2 different lan subnets
> to their own wan address to allow each site internet access"
> When you meant 'the routers nat the 2 different subnet to their own
> wan address' did you mean the routers 'hides' the subnet (i.e.
> 255.255.255.0 not the IP addresses) and replaces it with their IP
> address?
> Because I've always thought when NAT occurs, it hides the IP addrss
> of the workstations accessing the internet, not the subnet. (got it all
> twisted).
>
> And just to be specific, so if we're going to get a static IP address
> from the ISP for the two routers, is that it doesn't matter what class
> it is?
>
> Thanks.
>
> N.B.
> Just so you know;
> I'm really glad, because you really are making things look clearer now,
> been wandering the whole Internet for answers like yours.
>
>
> Simon wrote:
>
>
| |
| miketop1@gmail.com 2006-12-13, 7:12 pm |
| So, am I right by saying..
For instance, you assinged an Ip address to the router,
You subnet the Ip address to produce 2 more,
can you allocate the 2 Ip addess to 2 switches individualy on the
network, just like you assign an IP to a router?
and you can keep on going creating more branches, right?
Simon wrote:
[vbcol=seagreen]
> Hi,
> right nat can be 1 to 1 - so for that you need a public class c on the
> outside to match each of the internal class c addresses. Then there is
> one to many which I am referring to, this nats the whole internal subnet
> - can be bigger than a class c if the router is up to the job, to a
> single external public wan address.
> And yes the address from the ISP can be as subnetted down as far as you
> like, you only need one so a 255.255.255.252 mask is preferred, that
> give's their router the other address in that subnet.
> simon
>
>
> miketop1@gmail.com wrote:
| |
|
| Not quite sure what you mean, do a google on ip subnetting, it might help.
simon
miketop1@gmail.com wrote:
> So, am I right by saying..
> For instance, you assinged an Ip address to the router,
> You subnet the Ip address to produce 2 more,
> can you allocate the 2 Ip addess to 2 switches individualy on the
> network, just like you assign an IP to a router?
> and you can keep on going creating more branches, right?
>
>
>
> Simon wrote:
>
>
| |
| miketop1@gmail.com 2006-12-14, 1:14 am |
| Yea, confirmed the issue with the subnet. It's right, was just
verifying.
So overall, would you say it's still of a necessity to have a VPN
implemented in this project? or alternatively one can route the routers
through a firewall for security purposes?
And if you think the latter is a possibilty, What sort of routers
should I aim at (will it be as high range as the VPN cisco type)?
The reason i'm asking this is because I came across an article saying
buying equipment relating to VPN could be costly (please say if I'm
right), and this project is meant to be for a small business with 50
users on each site. Budget is kinda' a factor.
Please,
Can I ask in your case, what sort of router did you make use of? did
it require you to enter commands to connect across the WAN?
Thanks.
Simon wrote:
[vbcol=seagreen]
> Not quite sure what you mean, do a google on ip subnetting, it might help.
> simon
> miketop1@gmail.com wrote:
| |
|
| I've done this with 3com superstack firewalls - rebadged sonicwall -
check out their website. These offer a decent firewall to protect the
local PCs from the internet as well as making an encrypted tunnel
between the sites to safely carry the data between them. Any router/VPN
device is going to require configuration to get it working. Sonicwalls
with a web interface are certainly easier to configure unless you are up
to speed on the cisco cli.
simon
miketop1@gmail.com wrote:
> Yea, confirmed the issue with the subnet. It's right, was just
> verifying.
>
> So overall, would you say it's still of a necessity to have a VPN
> implemented in this project? or alternatively one can route the routers
> through a firewall for security purposes?
>
> And if you think the latter is a possibilty, What sort of routers
> should I aim at (will it be as high range as the VPN cisco type)?
>
> The reason i'm asking this is because I came across an article saying
> buying equipment relating to VPN could be costly (please say if I'm
> right), and this project is meant to be for a small business with 50
> users on each site. Budget is kinda' a factor.
>
> Please,
> Can I ask in your case, what sort of router did you make use of? did
> it require you to enter commands to connect across the WAN?
> Thanks.
>
> Simon wrote:
>
>
I
| |
|
| I assume now you have the idea how its going to work.
If you are looking for VPN, there are several firewalls and vpn boxes
in market.
You have to prioritize the budjet and then look in the market.I beileve
in cisco routers and firewalls.
But currenlty we have lots of diffrent vendors for the similiar
activity.
You can have Sonicwall TZ-170 sp or this project
Thanks
Chetan Kamra
miketop1@gmail.com wrote:[vbcol=seagreen]
> Yea, confirmed the issue with the subnet. It's right, was just
> verifying.
>
> So overall, would you say it's still of a necessity to have a VPN
> implemented in this project? or alternatively one can route the routers
> through a firewall for security purposes?
>
> And if you think the latter is a possibilty, What sort of routers
> should I aim at (will it be as high range as the VPN cisco type)?
>
> The reason i'm asking this is because I came across an article saying
> buying equipment relating to VPN could be costly (please say if I'm
> right), and this project is meant to be for a small business with 50
> users on each site. Budget is kinda' a factor.
>
> Please,
> Can I ask in your case, what sort of router did you make use of? did
> it require you to enter commands to connect across the WAN?
> Thanks.
>
> Simon wrote:
>
|
|
|
|
|