Routers and VPN Clients

Can most/all routers be used for a VPN client to access a company's VPN
network elsewhere? Or do you need specific models of routers to connect a
VPN client to?

Does a VPN client require ports to be opened and/or port-forwarding rules to
be created? If so, does it imply that PCs on the network need to have static
IP addresses so they can be guaranteed to keep the same IP address? I
realise that the PC will need suitable VPN client software installing on it.

A customer may want to connect to her company's VPN (if the company even
*has* a VPN) from home, and I'm wondering whether this requirement will
influence the choice of wireless router that I buy for her. I was planning
to use a Netgear DG834 (which I've found very reliable and which I recommend
for all customers).

On Sat, 8 Oct 2005 13:36:57 +0100, "Martin Underwood" <(E-Mail Removed)>
wrote:

>A customer may want to connect to her company's VPN (if the company even
>*has* a VPN) from home, and I'm wondering whether this requirement will
>influence the choice of wireless router that I buy for her.

some VPNs don't work over wireless, so there's your first problem.

The higher end routers seem to offer pass-through for a wide range of
VPNs, some will terminate VPN. Some residential stuff won't do it at
all.

Googling for "ADSL router modem UK VPN passthrough" suggests a number
of options including the Netgear, but I would determine the VPN type
and get specific.

Phil
--
Tiscali - dialup speeds at Broadband prices, see
http://bbs.adslguide.org.uk/postlist...&Board=tiscali

AOL - the unlimited ISP of choice for heavy downloaders.

Phil Thompson wrote:

> some VPNs don't work over wireless, so there's your first problem.
>
> The higher end routers seem to offer pass-through for a wide range of
> VPNs, some will terminate VPN. Some residential stuff won't do it at
> all.
>
> Googling for "ADSL router modem UK VPN passthrough" suggests a number
> of options including the Netgear, but I would determine the VPN type
> and get specific.
>
> Phil

Is the OP not referring to someone dialling out to their company
VPN rather than setting up VPN?

That shouldn't be a problem with any old router should it? My
ultra cheapo router lets me dial my office VPN without any problem.

On Sat, 08 Oct 2005 16:00:32 +0100, Trevor
<zeppo1984@f2s-HALSMAN-.com> wrote:

>Is the OP not referring to someone dialling out to their company
>VPN rather than setting up VPN?

dialling ? you set up a VPN whichever way its going, if your NAT
router won't do it you're stuffed.

>That shouldn't be a problem with any old router should it? My
>ultra cheapo router lets me dial my office VPN without any problem.

congratulations. There are plenty of routers around that don't pass
VPN, or that have problems with some types of VPN. One Belkin model
was replaced because it couldn't cope with VPN.

Phil
--
Tiscali - dialup speeds at Broadband prices, see
http://bbs.adslguide.org.uk/postlist...&Board=tiscali

AOL - the unlimited ISP of choice for heavy downloaders.

"Martin Underwood" <(E-Mail Removed)> wrote in message
news:4347bd6c$0$6997$(E-Mail Removed)...
> Can most/all routers be used for a VPN client to access a company's VPN
> network elsewhere? Or do you need specific models of routers to connect a
> VPN client to?

it depends on the router, and the VPN client.

the client needs to support going "thru" a NAT (address translation) - most
that do do this by encapsulating some or all of the VPN traffic in an extra
layer of UDP or TCP or both.

some router dont work reliably or at all - how i have used the cisco VPN
client thru several different ones and never had an issue that turning on
TCP encap didnt cure.
>
> Does a VPN client require ports to be opened and/or port-forwarding rules
to
> be created?

not on the remote site router if the client is initiating the tunnel and
going "out" from a private LAN, thru a router and then via the internet.

you may need tunnels opening on the central site - depends on how it is put
together and what firewalls, central VPN, topology etc.

If so, does it imply that PCs on the network need to have static
> IP addresses so they can be guaranteed to keep the same IP address?

not usually - some VPNs are set to use static addresses as part of the
security where the VPN terminates on a router at both central and remote
site, but this isnt usually the setup for remote PC clients - since they
might want to connect from anywhere.

> realise that the PC will need suitable VPN client software installing on
it.
>
yes - and test it before you let them take the PC home as it is much easier
to fault find when you can assume most of the setup works.

i suggest you build a dummy "home network" at your central site, with its
own consumer style broadband and use that for testing + config.

> A customer may want to connect to her company's VPN (if the company even
> *has* a VPN) from home, and I'm wondering whether this requirement will
> influence the choice of wireless router that I buy for her. I was planning
> to use a Netgear DG834 (which I've found very reliable and which I
recommend
> for all customers).

wireless adds even more uncertainty and complications - get it working
across Ethernet connections before worrying about wireless.
--
Regards

(E-Mail Removed) - replace xyz with ntl