Please help me configure an IPSec VPN

Hello,

I'm desperate trying to connect and configure a VPN to my office but I haven't been able to do it I really need someone's help here

Let me talk about my configurations.
We have a small office LAN with no real server, no DC, no DHCP server
There are just some PC's in various subnets sharing Internet and some files and printers. All the PC's has fixed IP's.

All the office LAN is behind a D-Link DI-824VUP router wich has VPN server capabilities.
the router has fixed public IP assigned by our ISP. Let's call it A.B.C.D
Here are the details:

PUBLIC IP: A.B.C.D
LAN IP: 192.168.1.101

In this subnet we have some PC's:
Range: 192.168.1.1 to 192.168.1.10

and also some other routers to stablish other subnets
For example, router 192.168.1.105
subnet LAN: 192.168.5.101

We only have one PC (192.168.5.1) on that subnet that is the one on wich I'd like to connect from VPN.

Please find here a graphic with a diagram of the network:



I must say that I'm a total newbie on the VPN's and maybe an intermediate user on firewalls, routers and so.

This is what I've done until now:

Since I haven't been able to get even a tunnel open from a Windows vpn client connection, I've downloaded the trial for TheGreenBow VPN client and, following a very good guide there,
I managed to configure the DI-824VUP router to accept Ipsec dynamic connections and I was able to get the tunnel opened but nothing more than that.
I can't ping any pc on the office

Please help me configure an IPSec VPN for my network and I'll be really thankfull.

If you think it can be done without the GreenBow client it would be much much better since that is a paid software and I would prefer to do it for free.
Also, I've seen a D-link vpn client they sell but I'm guessing this is not a client problem since I got the tunnel open and running.

Thanks in advance for your help and I hope I can get this finally done since I have many days trying and searching how to do it but I haven't been able to do it.

 

The first thing that jumps out at me is that your second router is not connected to the internet.
Your asking the VPN to jump through 2 routers (NATs).
JMHO.

 

Hi Scott,

Yes you are right. Scond router is not facing directly to the internet. The only one doing it is the 192.168.1.101
And yes, I would need the VPN to jump from gateway router to the second router and then to the subnet5 PC

But I must tell you that to start I have been trying to do a VPN to connect to the subnet1 PC's and I haven't been able to do that either

Any thoughts?

 

Thanks Tony for taking time to read my case.
I'm not really sure what do you mean with VPN services running on the office PC.
I have the VPN server settings configured at my router.
The office PC's are Microsoft XPSP2 and Vista on wich they have the IKE and AuthIP IPsec Keying Modules and IPsec Policy Agent, I don't know if those you were talking about.

What ports should I forward from gateway router to the second router when configuring IPSec VPN.?
Anyways, for now I'm trying to make the VPN work at one of the directly connected PC's and haven't been able to do it

You may be right on that, but please note that I can't get to work the VPN even on the subnet1.
I decided to use routers because each subnet has some field distance between each other so I could manage that better.

 

Hi Tony,

you are right. VPN connection by itself is meaningless.

That is just the problem I'm having right now.
The tunnel between my TheGreenBow VPN client and the D-Link router is ok and working. Everything seems to be configured just as they say in the link you sent.

The problem is that I can't ping, I can't stablish any connection between server-clients..so the VPN is useless

I need to know why????

Don't know if my router is bloking the traffic, don't know if I need to configure the roter further, don't know if I need to configure the client further, etc.

I even used a traffic analizer and there's nothing arriving to the server side PC's

 

The wan access has been enabled all this time
I had been accessing via its wan ip address.
What settings should I play with??

Thanks