SmallNetBuilder

Saturday, Nov 21st

Hot Stuff!
You are here: LAN & WAN LAN & WAN How To How To: WinXP's IPsec client really can work! - Router Configuration

How To: WinXP's IPsec client really can work! - Router Configuration

August 10, 2003 Tim Higgins
E-mail Print
<< Prev - Page 2 of 11 - Next >>

Router Configuration

Figures 2 - 4 show the relevant SX41 admin screens with entries matching the network configuration in Figure 1. You, of course, are welcome to change IP addresses to match your existing LAN scheme, but unless you know what you're doing, you may want to start with the scheme shown, get things working, then make your desired modifications.

There are some important setup points to note:

  • LAN clients should have static IPs assigned

    As you'll see later, you'll need to access computers on the other end of the tunnel by IP address. So using static IPs on the LAN computers that you want to access will make sure that the shortcuts and mapped drives you set up will always work.

    Remember that if you leave the DHCP server on the router active, be sure you assign your static IP addresses outside the range it uses!

  • The two ends of the VPN tunnel must use different subnets

    In our example, the WAN-side client is in the 192.168.3.X subnet and the wired client in 192.168.1.X, which satisfies this requirement.

  • Dynamic IPs won't work
    For reasons given in Microsoft Knowledge Base article 240262, the MS IPsec client supports tunnels between two static IP addresses only. If the mobile client is not located at a known IP address that can be entered into the SX41's VPN setup, you won't be able to use the MS client.

SX41 WAN / LAN Setup

Figure 2: SX41 WAN / LAN Setup
(click on the image for a full-sized view)

Note that the Gateway and DNS information aren't critical to getting the VPN tunnel to work. They can be whatever is required by your ISP. The WAN IP address can also be different, but its value is critical to getting the VPN connection to work and must be used in the IPsec client setup.

SX41 VPN Setup

Figure 3: SX41 VPN Setup
(click on the image for a full-sized view)

SX41 Advanced VPN Setup

Figure 4: SX41 Advanced VPN Setup
(click on the image for a full-sized view)

Although other settings are possible for Encryption and Authentication, I suggest you use the ones shown, which use the best security that the Linksys router can provide. You can, of course, use a different Pre-Shared Key, but again, must substitute the value you choose at the appropriate points in the setup.

Finally, you can try enabling the NetBIOS broadcast option, but I couldn't get network browsing to work (My Network Places), so left it disabled.


<< Prev - Page 2 of 11 - Next >>


Related Items:

How To: LAN access for Wireless Clients without an Access Point
How To: Fixing DNS problems
Linksys USBVPN1 USB VPN and Firewall Adapter reviewed
Slideshow: Site-to-site VPN between D-Link DFL-CPG310 and Linksys RV04
How To: Getting VPN to work through NAT firewalls
Comscore