problem in making VPN connection

hi all
I hav three offices and i wanted to make the VPN connection in them. one is head office and has LAN, linksys gateway RV016 and internet connection has the static IP. and the server runs on win 2k3. SBS and tally is main work of my office. other offices are to connect to this server only and update the files here only. other 2 offices have the dynamic IP and not the LAN and linksys RV042 is attached to them. in office 2 only 3 computers work and in office 3 only 1 system work. can smbody guide me with the configuration of gateways coz i m facing too many problems in making the connection but no way gives me the connection.
problem 1: wen i give the static IP at gateway internet doesnt work and on dynamic settings it work. so please help me out that what else do i have to do so that static IP works.
problem 2: what access rules do i have to set in the gateways or do i have to remain them as such.
problem 3: i have talked to many people all say that firewall has to be off if so the what to do to make it off coz wen i set firewall off of the gateway then SPI also goes off.
Please help me out if somebody can coz my offices are totally stuck up these days. thanx in advance
sugandha

 

That is very bad advice. You should not have to turn off the firewall to get VPN to work - especially via hardware devices specifically designed to provide VPN connections.

Your main problem is the dynamic IP addresses. This shouldn't be too bad if you are initiating the tunnel from a site with dynamic IP, to a site with static IP, but will be a problem the other way round. You may well either need to find an ISP who will provide static IPs at these remote sites (the best solution) or use a dynamic DNS solution to get round the problem.

If you do to page 29 of the User Guide for the RV042, it describes how to set up the device to use a dynamic DNS (you can download the guide from here)

The same guide has a large section on setting up VPN starting on page 39. This contains a number of references on setting up a tunnel using dynamic DNS names. However, without a working interface in front of me, its not obvious to me exactly which settings you need to modify and on which screens. If you can't work that out for yourself, you best bet is probably to contact Linksys support for advice (there is a 'Support' link on the same page you get the guide from). They should be able to give very good advice as you are connecting from one Linksys product to another, so no third-party kit to muddy the waters.

The only other thing that may cause a problem is if you have another NAT between the two Linksys devices. If you have routers in front of the RV016 and RV042, I'd strongly recommend that you do not use NAT on these routers.

 

To add to what Reggie said.

First and foremost the three different locations need different subnets.

Example:

Main location
192.168.1.xxx

Location 2
192.168.2.xxx

Location 3
192.168.3.xxx

If all three LANs are using the same subnet scheme it will wreak havoc.

2nd, I use Dyn DNS https://www.dyndns.com/ for dynamic WAN IPs
A paid account is 9 bucks a year for what you want to do.

3rd,
As Reggie mentioned if your device that your ISP provided is doing NAT then that could also be a problem.

If thats the case I would contact my ISP and tell then you need them to disable NAT or put their device in Bridge Mode.

 

Excellent point that I'd over-looked. Each network has to have its own network address (subnet) or you will not be able to route traffics between the networks, as effectively you won't be able to pass traffic between them.

 

thanx for the advice. now the problem is same that on static IP internet doesnt work wen i run nslookup it says DNS doesnt respond but on dynamic it does.
and is it necessary to register at Dyndns.com. though i hav created and account at dyndns.com but wen i fills up at DDNS page of gateway it results in that hostname doesnt exit. do i have to do smthing else also at that site for account. i filled up the
username: dhandhania
password:----------
at host name it becomes dhandhania@dyndns.com. as user is dhandhania. or do i have to do smthing else to get the host name.

result is as below
User name: dhandhania
Password:
Host Name: dhandhania . dyndns .com
Internet IP Address: 0.0.0.0
Status: The hostname does not exist.




DDNS (Dynamic DNS) service allows you to assign a fixed domain name to a dynamic WAN IP address. This allows you to host your own Web, FTP or other type of TCP/IP server

More...

WAN1 DDNS Service: Disable DynDNS.org 3322.org PeanutHull







WAN2

 

I think we have a langauge barrier going on here.

So you created an account at dyndns.com

Then you setup hosts correct?

Then at each remote location of your company you put the host info in the router on the DYNDNS tab. Have you done this?

 

yes i did that

thanx for ur reply and i have already done that what you said i m not even able to make dynamic to dynamic Vpn as at static ip internet doesnt so i tried for dynamic to dynamic so that temporarily office can conact. i dont know what i am missing. is there a problem of firewall? but what i know SBS alutomatically makes windows firewall of so i think now only the firewall of Vpn is working. or do i have to create few specific access rules for the firewall. if you know please let me know. thanx a lot

 

With the hardware router/firewall you have, the VPN should be from linksys unit to linksys unit. Your SBS server should not be involved in the VPN at all. As far as the server is concerned, this should just be a normal network connection.

In effect what you should have is:

[SBS]==normal_network==[linksysRV042]--vpn--[linksysRV016]==remote_network

I'd be tempted to use a laptop to test the connection inside the RV042 network. If you can get that to work, then look to get the SBS side of things working.