LAN 1
VR2004 A
Internet
| VR2004 B LAN 2 |
WAN IP: 172.16.0.123 | WAN IP: 10.10.0.123 |
Netmask: 255.255.255.0 | Netmask: 255.255.255.0 |
LAN IP: 192.168.123.254 | LAN IP: 192.168.100.254 |
You will require three pieces of information about each LAN that is taking part in a VPN connection:
1.The remote Network IP address of the LAN. This will usually be the same as the address of the LAN port of the router, with the last segment of the address changed to ‘0’.
2.The remote IP Netmask. This is the subnet mask that describes the network. Most users should leave this at the default value of 255.255.255.0.
3.The remote gateway IP address. This is the WAN address of the router that is connecting the remote network to the Internet. If the remote router is acquiring a dynamic IP address from its ISP, enter 0.0.0.0.
Note: In this case, the remote end of the tunnel will have to ini- tiate the connection. It is not possible to form a VPN between two networks whose gateways each receive a dynamic IP ad- dress.
Important! Each network joined by VPNs must have a different net- work address. This means that if you leave the LAN address of the first router set to the default value of 192.168.123.254, you should change the LAN address of any other router connecting to the first to another value. A good way to do this would be to change the third octet of the IP address to a different value1.
Your configurations for both ends of the tunnel described in the pre- vious diagram should look like the following:
1.The LAN side of the VR2004 uses one of a set of IP addresses reserved for private ad- dresses, as defined in RFC 1918. They are:
From | To |
10.0.0.0 | 10.255.255.255 |
172.16.0.0 | 172.31.255.255 |
192.168.0.0 | 192.168.255.255 |
Most of the addresses shown in this manual are taken from these ranges. For more informa- tion about these addresses, see RFC 1918:
42 | FriendlyNET VPN Security Router |