Hi,

My company uses D-Link DI-304 ISDN routers at 4 offices to sync databases nightly. They dial into each other and using VPN map network drives to sync data.

I've been asked to move the offices over to using DSL for this, in two stages; first by putting DSL internet access into each office (which each have 3-4 machines - 1 of which hosts the data to be synced), and then later to remove the ISDN connections and use DSL for VPN.

So I have 2 questions...

To start, the DI-304 supports PPPoE, but not PPPoA (which is what is used here in the UK). So what I would like to do, is us a Linksys WAG54G ADSL router to connect to the DSL service, and supply the network with a DSL connection.

I tried attaching it, joining the routers, and changing the gateway used by the office machines. However, this broke the VPN connection that night. Is there a way I can do this without changing the network settings on the machines? Any help or pointers would be great.

2nd question...

I've never setup VPN, but I have a grasp of what it is all about. Could I setup the VPN using a WAG54G at each office? I don't want any VPN software to be required, I would like the tunnel to be responsive for a request to map a network drive with an IP at "hub" office.

My other choice is the Billion 7500G, which looks more promising for doing this. (http://www.billion.com/product/wireless/bipac7500g.htm)

Many thanks! :)

You'll want a router that supports "router to router VPN tunnels"....I've not worked with Billion products before, nor seen them, but that looks to be what you need. I've used Sonicwall products before for clients who have a WAN over DSL need. I've done a couple of setups with Linksys BEFSX41 routers, which will support a single router to router VPN tunnel. The WAP54G does not support this feature, as far as I know. It looks like the WRV54G should....I've not worked with their new commercial line of routers yet, although I'm really wanting to try some. What you have to consider though...is PPPoA compatibility with your router...you absolutely need that first.

Some changing of LAN IPs may be needed...the products I've worked with want each LAN that's being connected to another LAN, to be a different IP scope.

Meaning, you canNOT have LAN 1 at 192.168.0.XXX connect to LAN 2 which is also 192.168.0.XXX.
You need to have something like:
LAN 1 192.168.0.XXX
LAN 2 192.168.1.XXX
LAN 3 192.168.2.XXX
LAN 4 192.168.3.XXX
so on and so forth.

It's also better to try to have your central office, or "mothership" as I call them, have a higher DSL speed. The 4 node WAN over DSL that I setup not too long ago with the Sonicwalls, I had the 3x satellite offices setup on standard 1500/128 DSL business accounts, but the central office, mothership....I put that on a 6000/384 business account. Since a VPN tunnel is only as strong as the weakest link...that's upload from mothership....and having 3x satellite offices tap into mothership, you'll divide the upload by 3. So instead of going with a standard 1500/128 account, which if you divide by 3, would only allow a 43K connection at best, we can divide 384 upload by 3, and come up with a 128 VPN tunnel.

So the satellites offices have a pretty decent VPN connection to the main office, fast enough to allow people to run Outlook to the exchange server at central office, send print jobs to the main office, allow the Dexie (data exchange) to run every 15 minutes, etc. Works great.

Gateways stay local to the satellites, use QoS to assign a greater priority to the VPN tunnel, and satellites offices only use the Domain Controllers IP as their DNS and WINS server.

You'll want a router that supports "router to router VPN tunnels"....I've not worked with Billion products before, nor seen them, but that looks to be what you need.

Neither had I, which made me uncomfortable.

It looks like the WRV54G should....I've not worked with their new commercial line of routers yet, although I'm really wanting to try some. What you have to consider though...is PPPoA compatibility with your router...you absolutely need that first.

I read the VPN stuff in the WRV54G manual, and it got me excited -- it looks exactly what I need... almost. It doesn't support PPPoA. If I got an ADSL modem with a built-in router, and set the DMZ to the WRV54G's IP - would that work, or cause major headache?

With a router to router VPN (i.e a WRV54G at each end) - will the tunnel be always open? So I could just ping an IP at another office and it is all set?

Some changing of LAN IPs may be needed...the products I've worked with want each LAN that's being connected to another LAN, to be a different IP scope.

Meaning, you canNOT have LAN 1 at 192.168.0.XXX connect to LAN 2 which is also 192.168.0.XXX.

Ok, that is very helpful. I thought it was just I couldn't have identical IPs, not that they should be in a different scope. I think though, this should be done for me already, as the ISDN setup should stick to this (and the site I did vist was using 192.168.23).

It's also better to try to have your central office, or "mothership" as I call them, have a higher DSL speed. *snip*

So the satellites offices have a pretty decent VPN connection to the main office, fast enough to allow people to run Outlook to the exchange server at central office, send print jobs to the main office, allow the Dexie (data exchange) to run every 15 minutes, etc. Works great.

Ok, another very good point, thanks. It is points like this that I am missing when it comes to VPN, and as soon as I lack experience (I have only read about the idea) I start slipping out of my comfort zone!

This was a real help, thanks. :)

I'd try to stay away from the "Router inside another router" thing...you're going to end up double'NAT'ing your setup, and "if" you got it working...it would probably be rife with little quirks...at best.

I take it Billion is a popular porduct in the UK?

Yes once a router to router VPN is setup, it is full time. You can ping the other computers in the central network, you can even see them in Network Places just as if you were all on one big LAN. As long as DNS and WINS (if you have Win9X clients) is setup correctly.