VPN problem

[mikeleahy]

hi
i have two static ips on my dsl line 83.71.210.217 and 83.71.210.218

i have a dsl router that is 83.71.210.217

a user is working from home via satelite broadband and has purchased a solution from usa to speed up the link etc

They have a pc with two cards. i.e. one which is on the internal LAN and one which has the ip 83.71.210.218

How do i set it up so i will be able to ping 83.71.210.217 and .218 from outside the network. I have a standard

netopia router... which doesnt have a firewall.. They want me to turn of NAT but the only way i could get a reply from 83.71.210.218 is by configuring a NAT map from 83.71.210.218 to 1.0.0.199 (internal Ip of usa pc)

does anyone know anything about this kind of thing

 

[dberg35]

What are you trying to accomplish exactly?

 

[mikeleahy]

hi
there is a user living in a remote location who has satelitte broadband and wants to run an accounting app over the vpn connection. the guys in the states have this setup that will supposedly help the speed etc. they have a device at the remote site that will be one point of a tunnel (the other poing being 83.71.210.218) which is the second ip we have gotten for the HQ. they want to establish a tunnel between the two ips so the 83.71.210.218 has to be visible to the internet. they want no nat on and no firewall or filtering as their device can do that.what way should i do the cabling. the router has an rj 11 connector and four lan ports. their device in HQ has a lan card which is ok and a wan card that is assigned 83.71.210.218. how do i get that ip seen unhindered to the internt????

 

[dberg35]

Well if I am understanding this correctly the VPN box ending in 217 need to get the internet to that PC. Well for that to happen it needs to do NAT otherwise you should eliminate that box and set up that pc with that IP address info. If you do that then you would have to use Windows built in VPN. What is the the equipment you have at both locations?

 

[mikeleahy]

sorry. the 217 is the dsl router wan ip. mask is /30 so 218 is also a valid ip which the usa dudes want for their device. its a netopia router with no firewall. their devices are dell pcs. they say that i need to get 217 and 218 totally pingable from the internet with nat turned off. their device will do the nat for the internal pc and internet after....

 

[dberg35]

Ok I can ping 217 but not 218, so there must be a setting in that router keeping it hidden. I know on my routers if I want them to respond to a ping I have to enable it.

 

[mikeleahy]

ok. but i dont understand how the cabling should be. if i connect their wan card into a switch or to the lan port on the router , how cud it work when the ip scheme is different etc. should it be just a striaght through cable from the wan card to the lan port on the router. i have to assign an ip to the lan port as it defaults to 192.168.1.254.

 

[dberg35]

Well if you are just connecting the pc to the router then yes all you need is a straight thru cable. Does that router do DHCP or are you staticly assigning an IP to that pc?

 

[mikeleahy]

there is no dhcp. its all static. what should i assign the lan port of the dsl router that the usa pc wan card (83.71.210.218) will be connecting to

 

[dberg35]

Ok is the DSL router doing the VPN also? What is the IP settings of the PC

IP
Subnet
Gateway
DNS

 

[mikeleahy]

no the dsl router is just the gateway to the internet. the vpn is being done by the usa box .218 so thats why they need that ip to be seen on the internet and pingable. the usa box is 1.0.0.199 , 255.0.0.0, dont know what the gateway is or dns. but dns shouldnt matter as all we are looking for at the moment is a ping.

 

[dberg35]

Ok the usa vpn box needs to have the 218 ip staticly assigned as follows
IP
Subnet
Gateway
DNS

What make is the usa box?

 

[mikeleahy]

they have all this done. ip, subnet etc. its a dell but not running windows etc. my question is where do i cable the usa wan card(83.71.210.218) to??

 

[dberg35]

Well you want to connect it to the VPN router. The set up should look like this

DSL Modem to VPN Router to PC
The PC should have an internal IP address like 192.x.x.x or 10.x.x.x

 

[mikeleahy]

but how do i get the second ip 83.71.210.218 to be accessible from the internet...the vpn device is the usa box (lan 1.0.0.199) and wan card (83.71.210.218)

 

[dberg35]

Lets back up a little. What are the exact settings in the usa vpn box and pc?
IP
Subnet
Gateway
DNS

 

[mikeleahy]

ok
usa vpn box is a pc

two cards (lan and wan)

lan is 1.0.0.199 255.0.0.0, not sure of gateway

wan card i 83.71.210.218, 255.255.255.252, gateway is 83.71.210.217 (to get out to internet) dns is of ISP 159.134.237.6

 

[dberg35]

Ok not I see you have 2 nics in that pc and not a seperate vpn box. If I understand now the other location is using a seperate vpn box...correct? If this is the case you will need a vpn box where you are preferably the same as the other location. Then you will need to config your vpn to talk to the other and you sould be able to ping them.

 

[mikeleahy]

yes the other location is using a seperate vpn box. the vpn boxes are setup by the states. they will be doing the config on the tunnels but they need to be able to ping their wan ip 83.71.210.218 before doing that and they cant because i dont know how to allow them to ping it

 

[dberg35]

In order to accopmlish this you will need a seperate vpn box and config it with that ip address info.