Need VPN help [Archive] - Glock Talk

PDA

View Full Version : Need VPN help


Drjones
09-27-2011, 14:18
My lead tech is out, so I'm turning to you guys for some help. :)

I have a client who has the following setup:

- D-Link DIR-130 VPN Broadband Router
- Netgear N600 Wireless Router
- Windows Server 2003
- VOIP phone system.


Both the d-link and netgear were configured to give DHCP, and obviously the results weren't pretty. I tried configuring the netgear as a pure access point, but the d-link doesn't support the protocals & configurations needed for their VOIP phones to work. But when I disconnect the d-link and only use the netgear, the VPN doesn't work, because the D-link provides the VPN access. :upeyes:

So, what I need to do is simply configure the D-Link to still provide VPN, but on the same network as the Netgear.

They are just using the built-in windows VPN connection client on the remote PC's. Obviously they have a static IP, too.

The netgear is 192.168.1.1, I changed the dlink local IP to 192.168.1.2.

Also the external IP is confusing me: the IP shows (and is configured in the netgear) as xxx.218, but the Dlink is configured as xxx.220. :dunno:


Does that make sense?

Oh, better yet, the guys probably don't have the admin login for the server. :upeyes: They're looking for it, as I type this....

Thank you!!!

kc8ykd
09-27-2011, 15:06
need more info about their voip phones and what they require for the router configuration if you want to be able to configure the dlink to allow that traffic through.

the setup you had is a bit different, but would work as long as only one of the devices was setup to serve dhcp, otherwise they'd conflict and confuse the machines on the local network.

the external ip setup could be anything, again, hard to tell without any subnet information.

they could have had the voip phones gateway address directed to the netgear and had the dlink doing routing for the rest of the network.


it wouldn't be my ideal setup but it could work.

what i would do is similar to what you tried, with configuring the dlink as the router, nat, dhcp provider (since it's the only one that really needs an external ip address) and the netgear as just a wap.

remember, if you change the external ip address of the dlink, you're going to have to reconfigure all the vpn clients to point to the new address.

if you provide more info about the voip phones and their requirements, it shouldn't be too difficult to get the dlink setup properly.

Drjones
09-27-2011, 15:48
http://support.vocalocity.com/routersettings.php

That's a link to the settings that need to be entered.

Ok, I think what would be a band-aid for now until we can get them ONE unit to do VPN and routing that will work with their phones, is to setup two networks; can I do this? Have both the Netgear & D-Link giving DHCP?

Would I keep the d-link 192.168.1.1 and change the netgear to 192.168.2.1 or something like that?

What a pain...

kc8ykd
09-27-2011, 16:30
you can setup their phones on a separate network based on a different subnet than that of the vpn router's network.

this won't be a problem, unless those vpn resources need to access wireless devices, or wireless devices need to access resources on the the other network.



you can try this to see if it will allow the voip traffic through:

this assumes dlink/vpn as the only device having an external ip and the netgear configured as wap only. and, that the phones have been configured with the dlink as their gateway address.

in the dlink, you should be able to go into it's configuration and click the advanced header, then the firewall settings on the left.


about 1/2 way down the page, click on one of the check boxes to enable the entry for editing.
fill in something useful for the name, like voip
select lan for the source int
select wan for the destination int

for source, enter 192.168.1.0/24 (this assumes your private network is on that subnet, as well as the phones)
for was enter

for destination enter 205.139.46.1/24

you shouldn't have to enter the port numbers.

hit enable for that rule and hit save, then test.

if that doesn't do it, you might try adding the reverse rule as well

wan for source, lan for desination

205.139.46.1/24 for source
192.168.1.0/24 for destination


this should allow the traffic to/from the /24 for vocalocity to pass unmolested.