on my network.
i have a linksys BEFSR41 and have 2 IP addresses through comcast (at least that is what they tell me).
i need to do the following:
find out my IP addresses
assign one of these addresses to my wifes work computer, and let the rest of the house use the other.
i have messed around within the router but as i don't know my ip addresses. i do an ipconfig and only get one ip address.
so any suggestions oh wise ones? my wife an i both work for the same company and the security system is such that only one log in per ip address is allowed (hence the need for 2).
hope this is clear enough....
thanks,
scott
Full Version: WOT: need computer help....
www.ipchicken.com will show you the IP address you are presenting to the outside world. This is one of the two public IPs that you have. Most residential ISPs do not give static IP addresses so this is a little different. Please confirm that you are getting two static IPs from your ISP.
If that is the case, you will need to statically assign one to the public port on your router. The other will need to be setup as a NAT (Network Address Translation) on your router and point to the Private IP address of your wife's PC.
In your router you will need to specify that you are using static internal addressing. Do not use 192.168.1.X as you local private network. Use 192.168.100.X with 255.255.255.0 as the subnet mask (full class C). You don't want to use the 192.168.1.X because some corporate networks use that too and a VPN connection may not work if that is the case.
On each PC you will need to statically assign IP addresses to each PC and the one on your wife's PC will need to correspond to that public IP that you NAT at the router. You PC can be any IP as long as its not the same as the wife's.
I hope this helps. PM me if you need more help. Something still doesn't seem right with this, but good luck anyways!
If that is the case, you will need to statically assign one to the public port on your router. The other will need to be setup as a NAT (Network Address Translation) on your router and point to the Private IP address of your wife's PC.
In your router you will need to specify that you are using static internal addressing. Do not use 192.168.1.X as you local private network. Use 192.168.100.X with 255.255.255.0 as the subnet mask (full class C). You don't want to use the 192.168.1.X because some corporate networks use that too and a VPN connection may not work if that is the case.
On each PC you will need to statically assign IP addresses to each PC and the one on your wife's PC will need to correspond to that public IP that you NAT at the router. You PC can be any IP as long as its not the same as the wife's.
I hope this helps. PM me if you need more help. Something still doesn't seem right with this, but good luck anyways!
You have two IP addresses and want one dedicated to your wifes puter and the other to go through a wireless or wired router. Some providers require you to register a single computer to each IP. You will then have to log into your router, set IP address, clone the MAC address so the router will register on the network, you can build anything out from there. Class C is a good way to go. If you have a network resource (printer or print server) you can put a hard address on that (easiest) and attach it to the network. Good luck. Not hard to do. You also want to have some security on your wireless. Either MAC address filtering or WEP security ( you will have to put this WEP security on your other computers.
your wireless router has something called DHCP.
That means that you can share one IP with a bunch of people.
Why does your wife need a dedicated IP? Work?
I doubt your wife needs a dedicated IP for work as most corporations use a RSA token to pass through a firewall these days. That method of security is only worried about what key is used in conjunction with a PIN to access the corporations website.
Does this sound right?
If she really needs a dedicated IP you will need to hook up a hub just after the comcast modem, and splice off her dedicated IP connection separate from the router, and the other cable will go to your wireless router to share with the rest of the house.
Anyone know of a different way besides two cable modems? =)
Roger
That means that you can share one IP with a bunch of people.
Why does your wife need a dedicated IP? Work?
I doubt your wife needs a dedicated IP for work as most corporations use a RSA token to pass through a firewall these days. That method of security is only worried about what key is used in conjunction with a PIN to access the corporations website.
Does this sound right?
If she really needs a dedicated IP you will need to hook up a hub just after the comcast modem, and splice off her dedicated IP connection separate from the router, and the other cable will go to your wireless router to share with the rest of the house.
Anyone know of a different way besides two cable modems? =)
Roger
QUOTE(Dr. Roger @ Dec 19 2007, 01:19 AM) 
Anyone know of a different way besides two cable modems? =)
I sure cannot think of another way. Two IP addresses should require two modems and two gateways. I can think of no residential application where this would be necessary. Are you sure you are not confusing the WAN IP address you receive from your ISP with the Local Area Network (LAN) addresses assigned by your router? Both of these are often referred to as Internet Protocal (IP) addresses, but they are vastly different in their application.
If you can explain exactly your ultimate objective, perhaps we can lead you in the right direction.
roger, you are correct that we use rsa keys to log in to the secure company server. however when we both try to log in, the first one can get through but the second is not recognized and is unable to connect. when i spoke with the it guru's they told me that multiple log ins through a single IP address are not allowed and they have the same problem when checking rsa key connections on their single dsl line.
my first thought was that i need 2 modems which i will do but the good people at comcast say if i use 2 modems then i have to pay for 2 internet accounts. whereas they were able to assign me a second IP address for $4 per month.
i am certain i am mixing acronyms and misusing jargon so i really appreciate the help. i know just enough to be dangerous. the final goal is to set up the home network in a way that will allow both the wife and i to work from home simultaneously.
thanks in advance.
scott
my first thought was that i need 2 modems which i will do but the good people at comcast say if i use 2 modems then i have to pay for 2 internet accounts. whereas they were able to assign me a second IP address for $4 per month.
i am certain i am mixing acronyms and misusing jargon so i really appreciate the help. i know just enough to be dangerous. the final goal is to set up the home network in a way that will allow both the wife and i to work from home simultaneously.
thanks in advance.
scott
Scott,
Before you spend any money on additional equipment or services, check with these gurus and ask about your using an onion router or TOR. This is free software that might effectively mask your real IP address by temporarily allowing you to use someone else's. (This is a trick that file shares use to hide from the RIAA.) TOR may solve the problem of a single IP address and concurrent logins.
Of course it may not work but it costs nothing to ask.
You might just have to spend the money the achieve your goals.
Before you spend any money on additional equipment or services, check with these gurus and ask about your using an onion router or TOR. This is free software that might effectively mask your real IP address by temporarily allowing you to use someone else's. (This is a trick that file shares use to hide from the RIAA.) TOR may solve the problem of a single IP address and concurrent logins.
Of course it may not work but it costs nothing to ask.
You might just have to spend the money the achieve your goals.
I am not as up on this as I used to be. I suspect that your ISP is giving you two dynamic IPs. I think what I would try would be to obtain a second router and a switch. Connect the switch to the cable modem. Plug the old and new router into the switch. Each router will now be able to get an IP via DHCP from your ISP. If you have static IP, then you need to setup each router with each IP on the WAN side.
On your LAN side you probably would need to continue to use NAT. Each LAN will be independent of each other and can't directly talk to each outer without routing out through each router. This means that you probably can't easily do things like share folders between your two PCs. You might be able to put in a second NIC in each machine and have them both on a shared network, but that is getting really complicated.
If the RSA security stuff doesn't like the NAT via your wifes router, then you could bypass the new router and have her plug directly into the switch that is connected to the cable modem. The problem here is that she will not have any firewall protection that the router would have provided. But I am guessing you can make this work as described above.
Someone with more experience than me, please validate this approach before he runs off and buys a second router and switch.
On your LAN side you probably would need to continue to use NAT. Each LAN will be independent of each other and can't directly talk to each outer without routing out through each router. This means that you probably can't easily do things like share folders between your two PCs. You might be able to put in a second NIC in each machine and have them both on a shared network, but that is getting really complicated.
If the RSA security stuff doesn't like the NAT via your wifes router, then you could bypass the new router and have her plug directly into the switch that is connected to the cable modem. The problem here is that she will not have any firewall protection that the router would have provided. But I am guessing you can make this work as described above.
Someone with more experience than me, please validate this approach before he runs off and buys a second router and switch.
I'll say this again. Confirm that your ISP is giving you two STATIC IPs. If they are not static, then everything else we try to do is a waste of time.
Your router sits between your DSL/Cable modem and proxies your PCs to the internet. Right now, they both are using the same PUBLIC IP address. If you want both PCs to access the corporate network, they need to have dedicated PUBLIC IP addresses to proxy via the router. You need to program the router to do this via NAT. It should be able to do it, but it's useless to try if you don't have STATIC IPs from the ISP. If the ISP gives you dynamic IP addresses, then they may change over time, and that doesn't help you.
You could remove the router and connect the DSL/Cable Modem to the switch that the PCs connect to and allow the PCs to get IPs from the ISP via DHCP. This would work, but leave your PCs open on the public Internet, which is a bad idea.
Your router sits between your DSL/Cable modem and proxies your PCs to the internet. Right now, they both are using the same PUBLIC IP address. If you want both PCs to access the corporate network, they need to have dedicated PUBLIC IP addresses to proxy via the router. You need to program the router to do this via NAT. It should be able to do it, but it's useless to try if you don't have STATIC IPs from the ISP. If the ISP gives you dynamic IP addresses, then they may change over time, and that doesn't help you.
You could remove the router and connect the DSL/Cable Modem to the switch that the PCs connect to and allow the PCs to get IPs from the ISP via DHCP. This would work, but leave your PCs open on the public Internet, which is a bad idea.
you guys are making my brain hurt! 
i have a switch and i have a couple of routers. i will try the switch then 2 router approach. i will also contact comcast to see if i have 2 static ip addresses or 2 dynamic.
i all else fails, i suppose i could fall back on 2 modems and spring for a second internet account.
cheers,
scott
i have a switch and i have a couple of routers. i will try the switch then 2 router approach. i will also contact comcast to see if i have 2 static ip addresses or 2 dynamic.
i all else fails, i suppose i could fall back on 2 modems and spring for a second internet account.
cheers,
scott
before i do anything, try this....
cable comes into modem
modem ethernet cable goes into switch/hub
one ehternet cable goes from swithc/hub into wifes laptop and supplies one IP address.
other ethernet cable goes from anothe rport from switch/hub into wireless router which supplies other assigned IP address which is setup through the router.
it can't hurt to try.
cable comes into modem
modem ethernet cable goes into switch/hub
one ehternet cable goes from swithc/hub into wifes laptop and supplies one IP address.
other ethernet cable goes from anothe rport from switch/hub into wireless router which supplies other assigned IP address which is setup through the router.
it can't hurt to try.
Wow, I've set up and maintained quite a few networks and you guys are confusing the hell out of me, poor Scot.
There is some misinformation here about static addresses. Most of these "static" addresses that ISPs issue are not constantly connected static connections. A constantly connected static connection is needed to find your WAN IP address from the outside internet (if you have that need). What ISP generally provide are unchanging IP addresses which are constantly dropped by the ISPs NAT servers when not in use. The simple solution is to constantly ping from your machine to anywhere else, keeping the internet connection active and available for connections from the outside. There are plenty of free clients available to do this for you. There is also a nifty little free program called Hamachi to do this all for you, and you do not need a static address to make it work. There are other work arounds to the static IP requirement but they are out of the scope of our requirements.
I seriously doubt you really need a static address, you just need an independent IP address for your logon. If you do, you'll need to go back to the gurus at work for an application explanation.
Part of the major problem here is one of nomenclature. Modems can be routers, routers always include hubs but may include modems but not unnecessarily and it is possible to hook a computer directly to an ISP's modem without using a router at all (not really recommended).
I recommend you get back with the guys are work and let them help you out.
There is some misinformation here about static addresses. Most of these "static" addresses that ISPs issue are not constantly connected static connections. A constantly connected static connection is needed to find your WAN IP address from the outside internet (if you have that need). What ISP generally provide are unchanging IP addresses which are constantly dropped by the ISPs NAT servers when not in use. The simple solution is to constantly ping from your machine to anywhere else, keeping the internet connection active and available for connections from the outside. There are plenty of free clients available to do this for you. There is also a nifty little free program called Hamachi to do this all for you, and you do not need a static address to make it work. There are other work arounds to the static IP requirement but they are out of the scope of our requirements.
I seriously doubt you really need a static address, you just need an independent IP address for your logon. If you do, you'll need to go back to the gurus at work for an application explanation.
Part of the major problem here is one of nomenclature. Modems can be routers, routers always include hubs but may include modems but not unnecessarily and it is possible to hook a computer directly to an ISP's modem without using a router at all (not really recommended).
I recommend you get back with the guys are work and let them help you out.
QUOTE(Sarastro @ Dec 19 2007, 04:33 PM)
I recommend you get back with the guys are work and let them help you out.
our it department is farmed out to another company. they really could care less. i do know a couple of the guys who are on site and will pester them if the suggestions provided don't work.
i will give rogers approach a try. i do have stand alone modems, stand alone routers (linksys x2) and a linksys switch hub. maybe i can pull this off with all this crap.
if nothing else, i will get a second internet account and run a modem for my wifes work computer and another for the rest of the house. so i am out $42/month, oh well.
i really do appreciate all the input. i will advise the outcome once the wife is done with work and i can disconnect everything!
after i do this, i am going to get a job with geek squad!
cheers,
scott
QUOTE(Sarastro @ Dec 19 2007, 04:33 PM)
Wow, I've set up and maintained quite a few networks and you guys are confusing the hell out of me, poor Scot.
Thats OK, your reply confused me as well.
Scott,
Roger's idea is pretty much the same as one I suggested and I suspect it will work. Just wanted to point out again that directly connecting to the hub/switch does leave that PC more exposed to attack. If it does work, consider using the second router for your wife.
I also suspect the static vs. dynamic IP is a red herring. That it will probably work fine either way.
Richard
The static IP issue is not a red herring. It requires a totally different setup from what else has been offered AND the other solutions leave the PC that is not behind the router totally exposed to the internet.
cool then.
so use both routers and you'll be protected. =)
so use both routers and you'll be protected. =)
ok, tried the following:
modem to switch
wife computer to switch
router to switch
router to rest of house
wife and i could still not log on to the secure vpn network at the same time. for those in the know about these systems, we received a 403 error indicating that client was not recognized.
next will be to try putting a router between the switch and wifes computer. also need to call comcast and find out if i have dynamic or static ip addresses.
thanks for all the input.
scott
modem to switch
wife computer to switch
router to switch
router to rest of house
wife and i could still not log on to the secure vpn network at the same time. for those in the know about these systems, we received a 403 error indicating that client was not recognized.
next will be to try putting a router between the switch and wifes computer. also need to call comcast and find out if i have dynamic or static ip addresses.
thanks for all the input.
scott
QUOTE(KaptKaos @ Dec 19 2007, 08:47 PM)
The static IP issue is not a red herring. It requires a totally different setup from what else has been offered AND the other solutions leave the PC that is not behind the router totally exposed to the internet.
I am not trying to be argumentative at all, but why again would he need static IP addresses? I am guessing that this has worked previously for him with just a single IP (that is most likely dynamic). Also, I believe that many users of this type of remote access systems are people who travel (sales, etc.) and have no way of getting a static IP when on the road at a remote location. This also applies to any remote person who may have to use dialup.
A few things to check. When you had both PCs connected, can you verify that you were actually getting two IP addresses from your ISP? I think you can check this by logging into your router and seeing what IP it is using on the WAN side. You would check this on your wife's PC by doing something like an "ipconfig /all" at a command prompt. I would think that both would be in the same IP range, have the same subnet mask and same default gateway. If you are both getting IPs from your ISP, you would then need to make sure that you both can access the internet at the same time.
This is grasping at straws here, but I wonder if maybe the ISP doesn't have you setup for the second IP?? That maybe the router starts up, gets an IP via DCHP. You login and it works. Then you boot up your wifes PC, it gets an IP via DHCP (but the ISP knows you only should get one, so they revoke the reservation for the first one used by the router) then she can get in, but then your connection is toast?
This is grasping at straws here, but I wonder if maybe the ISP doesn't have you setup for the second IP?? That maybe the router starts up, gets an IP via DCHP. You login and it works. Then you boot up your wifes PC, it gets an IP via DHCP (but the ISP knows you only should get one, so they revoke the reservation for the first one used by the router) then she can get in, but then your connection is toast?
QUOTE(Richard Casto @ Dec 20 2007, 05:52 AM)
QUOTE(KaptKaos @ Dec 19 2007, 08:47 PM)
The static IP issue is not a red herring. It requires a totally different setup from what else has been offered AND the other solutions leave the PC that is not behind the router totally exposed to the internet.
I am not trying to be argumentative at all, but why again would he need static IP addresses?
IF you are running a router and require that the two PCs on the LAN behind the router present different public IP addresses to the internet, then you need to NAT them. It doesn't make sense to do all of the work to setup a NAT if those addresses are dynamic and can change.
QUOTE(Richard Casto @ Dec 20 2007, 05:52 AM)
I am guessing that this has worked previously for him with just a single IP (that is most likely dynamic). Also, I believe that many users of this type of remote access systems are people who travel (sales, etc.) and have no way of getting a static IP when on the road at a remote location. This also applies to any remote person who may have to use dialup.
I don't know if it has worked with 2 PCs in the past, however, now he's trying to get two PCs to connect via a VPN to a corporate network that requires unique IP addresses from the source. If you stick them behind a router, that router will grab one IP from the DHCP server and port translate the requests thereby giving all PCs behind the router the same public IP address.
Wife and I work for two different companies. both log on at the same time through VPN, through a single router and DSL modem. Router is set up for DHCP.
So, if it works for me, why shouldn't it work for Scott?
So, if it works for me, why shouldn't it work for Scott?
pulled out an old router and was not able to get a connection with that so am going to try the double router on the switch thing....
is really getting frustrating.... we both have vpn access with rga keys.... what difference should it make what ip address the log in comes from? i often travel with other members of my department and we all can log in through the hotel internet, so how is that so different?
i used to be challenged and intrigued, now just getting pissed.
cheers,
scott
is really getting frustrating.... we both have vpn access with rga keys.... what difference should it make what ip address the log in comes from? i often travel with other members of my department and we all can log in through the hotel internet, so how is that so different?
i used to be challenged and intrigued, now just getting pissed.
cheers,
scott
QUOTE(KaptKaos @ Dec 20 2007, 11:16 AM)
QUOTE(Richard Casto @ Dec 20 2007, 05:52 AM)
QUOTE(KaptKaos @ Dec 19 2007, 08:47 PM)
The static IP issue is not a red herring. It requires a totally different setup from what else has been offered AND the other solutions leave the PC that is not behind the router totally exposed to the internet.
I am not trying to be argumentative at all, but why again would he need static IP addresses?
IF you are running a router and require that the two PCs on the LAN behind the router present different public IP addresses to the internet, then you need to NAT them. It doesn't make sense to do all of the work to setup a NAT if those addresses are dynamic and can change.
I am still not getting it. Static or dynamic the IP on the WAN side of his router (or routers) just appears to the host he is trying to connect to as an IP address. It is not going to change during the life of his session and may remain the same address for months. The host he is connecting to should not care (or can even know (easily)) if his IP is static or dynamic.
QUOTE(KaptKaos @ Dec 20 2007, 11:16 AM)
QUOTE(Richard Casto @ Dec 20 2007, 05:52 AM)
I am guessing that this has worked previously for him with just a single IP (that is most likely dynamic). Also, I believe that many users of this type of remote access systems are people who travel (sales, etc.) and have no way of getting a static IP when on the road at a remote location. This also applies to any remote person who may have to use dialup.
I don't know if it has worked with 2 PCs in the past, however, now he's trying to get two PCs to connect via a VPN to a corporate network that requires unique IP addresses from the source. If you stick them behind a router, that router will grab one IP from the DHCP server and port translate the requests thereby giving all PCs behind the router the same public IP address.
I don't think it has worked with 2 PCs (now or in the past). That is the problem. But I think it has worked with one PC in the past. And most likely that is via a dynamic IP assigned to his router with him most likely using NAT on the LAN side.
As you mention that if both PCs are on the LAN side of the same router, they will most likely have private class C addresses. And both will present the same public IP on the WAN side (that was given to the router via DHCP from the ISP). Having the two routers (or just two PCs and no routers/firewalls if you like to live dangerously) results in two different DHCP request and if the ISP is doing what they say they are doing, they will issue and honor the two requests with two different IP addresses.
QUOTE(scottb @ Dec 20 2007, 09:46 PM)
pulled out an old router and was not able to get a connection with that so am going to try the double router on the switch thing....
is really getting frustrating.... we both have vpn access with rga keys.... what difference should it make what ip address the log in comes from? i often travel with other members of my department and we all can log in through the hotel internet, so how is that so different?
i used to be challenged and intrigued, now just getting pissed.
cheers,
scott
Scott,
If I was you, I would be frustrated as well. It's too bad your own IT department can't help.
You mention that connecting your wifes PC directly to the switch didn't work and (I think) you swapped your existing router for an old one and that didn't work. If those didn't work so far, I am thinking you are not going to have any luck on using both routers at the same time. I am also curious if you were able to determine if you were getting two active and live IP addresses from your ISP at the same time and was able to both surf the net prior to trying the RSA security login.
I am making a lot of assumptions here and maybe I should confirm these if you don't mind.
1. You have had this working on your PC before, but not at the same time as your wifes?
2. You have had this working on your wifes PC before, but not at the same time as yours?
If either of those are not yes, then I would try to get those scenarios to work first. Just to make sure it is not a problem with one or both PCs (and associated security setup) before we get into detail with network issues.
Assuming the above answers are both "yes"...
Lets say your have it working on your PC. If you try to connect via your wifes, is she able to do so? If so, does it kill your session? If not, I assume her attempt fails and your session continues to work?
Richard
2 PCs both going to the same VPN gateway.
VPN gateway allows only 1 connection from a single IP address.
As of now, he only has one router.
Router will get one IP address via DHCP.
SO
If you want to protect both PCs with one router, and connect to the VPN gateway, then you need to NAT.
I am only working with the things I know he has. Options to put the other PC outside the router (unsafe) or add another router (extra costs) were not considered.
If the ISP is only offering DHCP for the second IP, then your choices are very limited.
VPN gateway allows only 1 connection from a single IP address.
As of now, he only has one router.
Router will get one IP address via DHCP.
SO
If you want to protect both PCs with one router, and connect to the VPN gateway, then you need to NAT.
I am only working with the things I know he has. Options to put the other PC outside the router (unsafe) or add another router (extra costs) were not considered.
If the ISP is only offering DHCP for the second IP, then your choices are very limited.
QUOTE(scottb @ Dec 20 2007, 09:46 PM)
what difference should it make what ip address the log in comes from? i often travel with other members of my department and we all can log in through the hotel internet, so how is that so different?
I meant to mention earlier that this is a very good point. It is part of what makes me wonder if you really need two IP addresses anyhow. For example if you have five guys from the same company staying at a hotel and most likely that hotel has a single pubic IP address and EVERYONE there is using NAT and it works, then the need for distinct IP doesn't make sense.
Depends on the company and their security policies. I have seen crazier stuff.
Example of what I am talking about...
http://ask-leo.com/how_can_i_use_two_ip_ad...able_modem.html
Someone else please jump in here if KaptKaos or I am steering Scott wrong!
It's late. I need to goto bed.
Richard
http://ask-leo.com/how_can_i_use_two_ip_ad...able_modem.html
Someone else please jump in here if KaptKaos or I am steering Scott wrong!
It's late. I need to goto bed.
Richard
thats what I'm talking about
thanks for all the help guys. i am going to take everything apart and start anew over the weekend after i speak with comcast regarding the ip addresses. right now the mess of wires under the desk is quite daunting. cleaning that up will help.
i will advise what if anything i accomplish this weekend. if i need to set up NAT, i will be back!
again, thanks for the input.
scott
i will advise what if anything i accomplish this weekend. if i need to set up NAT, i will be back!
again, thanks for the input.
scott
QUOTE(KaptKaos @ Dec 20 2007, 10:36 PM)
Depends on the company and their security policies. I have seen crazier stuff.
Aintitthetruth!
ok here is the latest as of today....
modem -----> switch -------> router ------> my computer
I
I
I
router -------> wife computer
nuthin'
i was on hold with silicone sally at comcast for 20 minutes without speaking to a human so i still do not know if i have 2 static IP addresses.
when i run IP config, i have a single IP address but 2 DNS servers noted. does this matter, make sense or anything?????
what is this NAT thing that others have spoken of? i am halfway thinking of calling cisco systems directly and seeing if i can get any of their techno guys to help out.
running out of ideas and beer. the beer i can fix but ideas regarding this issue are in short supply.
but i did hear i could save a lot of money by switching my car insurance to geico....
help, as always, is not only needed, but appreciated.
cheers,
scottb
edit : noticed the down line above from the switch moved left to the modem. please take this into account with any feedback. thanks.
modem -----> switch -------> router ------> my computer
I
I
I
router -------> wife computer
nuthin'
i was on hold with silicone sally at comcast for 20 minutes without speaking to a human so i still do not know if i have 2 static IP addresses.
when i run IP config, i have a single IP address but 2 DNS servers noted. does this matter, make sense or anything?????
what is this NAT thing that others have spoken of? i am halfway thinking of calling cisco systems directly and seeing if i can get any of their techno guys to help out.
running out of ideas and beer. the beer i can fix but ideas regarding this issue are in short supply.
but i did hear i could save a lot of money by switching my car insurance to geico....
help, as always, is not only needed, but appreciated.
cheers,
scottb
edit : noticed the down line above from the switch moved left to the modem. please take this into account with any feedback. thanks.
Scott,
Sorry you are still having issues. If it was me, the top things I would try to work on would be the following...
1. Make sure I can build a working (secure remote connection) setup with just one computer so you will know what does work. You may have already done this.
2. If #1 includes the router in the path, then all the better. Sometimes a router setup to also do NAT may cause problems with the type of things you are trying to do. If #1 does not include the router, then I would try to build a working setup (again just the one connection) that does work with a router in the loop. You may want to look at a setting on your router. On my Linksys this is known as the VPN passthrough. You may want to see if you have a setting called "IPSec passthrough" and make sure it is turned on.
3. Once you have the above working configurations, the you can move onto trying to get two live internet connections. Again assuming you really need two public IP addresses, then I would focus on just seeing if you can get two different IP addresses from your ISP. In your diagram above it would be the two routers that would be getting the IPs. On my Linksys I can view a status page that tells me what IP addresses that the ISP gave the router. It probably also provides the default gateway and DNS (two or more is OK). Both routers should get the same info except for the actual IP address. At this point just make sure you can both address the internet at the same time from two PCs that are using two different routers. Just web surf type of thing.
4. If you get this far, you should be able (cross fingers) to combine the results of #2 and #3 to make two working setups (one for you and one for your wife).
Regarding NAT. Here is a good link...
http://en.wikipedia.org/wiki/Network_address_translation
If that Wiki page is too complicated I will give a quick explanation. Basically as you can tell ISPs will give you one free public IP address and then charge you for more. But you may have multiple computers in your house. And each of those need an IP address to communicate to the rest of the world. So what do you do?
So lets say your ISP gives your router the address of 24.40.136.100. What NAT does is use a special "range" of IP addresses that everyone agrees will never be used as public IPs. Your router can be setup to give out those addresses to your PCs at home as needed (via something called DHCP). A commonly used range is 192.168.1.XXX. So if your PC boots up and asks for and IP address, your router catches that request and gives out the first unused number (lets say 192.168.1.1). Another PC then boots up and it asks for an IP and it gets the next number (lets say 192.168.1.2). When you goto a web site, the router acts as a middle man and the remote website actually things it is talking to 24.40.136.100 even if both PCs are accessing the same site. The site sees just the same IP address. There is other info buried in the what is going back and forth that allows the router to redirrect the info the the proper PC in your network.
It is very likely that you are using NAT (which is not a bad thing) and if you and your wife are using two different routers then you both may end up with the same IP address. In my example above I used 192.168.1.1. There is probably millions of PCs on the planet that are using addresses in that same range. But because of NAT their public IP is something different and multiple PCs are sharing singular public IPs. The entire thing started years ago when they were experiencing a shortage of public IPs. If you and your wife need different public IPs, then what is important is that your "routers" have different IPs. And that is what you should be able to see via the status info somewhere.
Sorry you are still having issues. If it was me, the top things I would try to work on would be the following...
1. Make sure I can build a working (secure remote connection) setup with just one computer so you will know what does work. You may have already done this.
2. If #1 includes the router in the path, then all the better. Sometimes a router setup to also do NAT may cause problems with the type of things you are trying to do. If #1 does not include the router, then I would try to build a working setup (again just the one connection) that does work with a router in the loop. You may want to look at a setting on your router. On my Linksys this is known as the VPN passthrough. You may want to see if you have a setting called "IPSec passthrough" and make sure it is turned on.
3. Once you have the above working configurations, the you can move onto trying to get two live internet connections. Again assuming you really need two public IP addresses, then I would focus on just seeing if you can get two different IP addresses from your ISP. In your diagram above it would be the two routers that would be getting the IPs. On my Linksys I can view a status page that tells me what IP addresses that the ISP gave the router. It probably also provides the default gateway and DNS (two or more is OK). Both routers should get the same info except for the actual IP address. At this point just make sure you can both address the internet at the same time from two PCs that are using two different routers. Just web surf type of thing.
4. If you get this far, you should be able (cross fingers) to combine the results of #2 and #3 to make two working setups (one for you and one for your wife).
Regarding NAT. Here is a good link...
http://en.wikipedia.org/wiki/Network_address_translation
If that Wiki page is too complicated I will give a quick explanation. Basically as you can tell ISPs will give you one free public IP address and then charge you for more. But you may have multiple computers in your house. And each of those need an IP address to communicate to the rest of the world. So what do you do?
So lets say your ISP gives your router the address of 24.40.136.100. What NAT does is use a special "range" of IP addresses that everyone agrees will never be used as public IPs. Your router can be setup to give out those addresses to your PCs at home as needed (via something called DHCP). A commonly used range is 192.168.1.XXX. So if your PC boots up and asks for and IP address, your router catches that request and gives out the first unused number (lets say 192.168.1.1). Another PC then boots up and it asks for an IP and it gets the next number (lets say 192.168.1.2). When you goto a web site, the router acts as a middle man and the remote website actually things it is talking to 24.40.136.100 even if both PCs are accessing the same site. The site sees just the same IP address. There is other info buried in the what is going back and forth that allows the router to redirrect the info the the proper PC in your network.
It is very likely that you are using NAT (which is not a bad thing) and if you and your wife are using two different routers then you both may end up with the same IP address. In my example above I used 192.168.1.1. There is probably millions of PCs on the planet that are using addresses in that same range. But because of NAT their public IP is something different and multiple PCs are sharing singular public IPs. The entire thing started years ago when they were experiencing a shortage of public IPs. If you and your wife need different public IPs, then what is important is that your "routers" have different IPs. And that is what you should be able to see via the status info somewhere.
My head hurts from wrenching. I'll try and help you with this in a bit, but I need to rest my eyes.
ok, resurrecting this for some input. was not able to get things organized before and then work got busy among other excuses.but now i can work from home even more so i want this VPN issue resolved once and for all.
just got off the phone with comcast tech and the latest information i received is that in order to have IP addresses assigned, i will need a gateway modem. the IP addresses i have are not static so per the tech person, they cannot be assigned to a particular router port. i asked for a static IP address but they will not give them to residential accounts.
the reasoning for the gateway modem is that it will grab the first IP address for the first log on, then the second for the next. most of these that i have found on line look a lot like a router. i would set up a router and/or switch on a couple of the remaining ethernet connections so i can have use of more than one log in on one of the IP addresses.
ok, so there is the story and here are my questions:
1) does this reasoning sound plausible?
2) any suggestions for a gateway router?
as always, thanks in advance.
scott
just got off the phone with comcast tech and the latest information i received is that in order to have IP addresses assigned, i will need a gateway modem. the IP addresses i have are not static so per the tech person, they cannot be assigned to a particular router port. i asked for a static IP address but they will not give them to residential accounts.
the reasoning for the gateway modem is that it will grab the first IP address for the first log on, then the second for the next. most of these that i have found on line look a lot like a router. i would set up a router and/or switch on a couple of the remaining ethernet connections so i can have use of more than one log in on one of the IP addresses.
ok, so there is the story and here are my questions:
1) does this reasoning sound plausible?
2) any suggestions for a gateway router?
as always, thanks in advance.
scott
Scott,
(1) I have to say that I am a bit confused about the term "gateway modem". What people generically call a "router" these days, will act as a gateway, will do NAT, will act as a firewall, will act as a switch.
(2) I think that your existing "router"s will do what they are asking if you configure them to use DHCP.
If you have a "switch" connected directly to your cable modem. Then you have two different routers connected to that switch. Both routers are configured to ask DHCP for an IP address (dynamic IP). If both are off, you turn the first one on. It sends out a DHCP request that makes it way to their network. The ISPs DHCP server checks and sees that you are allowed "two IPs" so it gives you one. You turn on the other router, it does the same thing. With the result of each router having a different IP. Yes, depending upon which one is turned on first, will determine who grabs the first one. But it really doesn't matter what value they get and in what order. The important thing is that you end up with two different public IP addresses.
If feel bad that you are still having problems with this. Have you considered having a local computer tech come out and work with you on this?
(1) I have to say that I am a bit confused about the term "gateway modem". What people generically call a "router" these days, will act as a gateway, will do NAT, will act as a firewall, will act as a switch.
(2) I think that your existing "router"s will do what they are asking if you configure them to use DHCP.
If you have a "switch" connected directly to your cable modem. Then you have two different routers connected to that switch. Both routers are configured to ask DHCP for an IP address (dynamic IP). If both are off, you turn the first one on. It sends out a DHCP request that makes it way to their network. The ISPs DHCP server checks and sees that you are allowed "two IPs" so it gives you one. You turn on the other router, it does the same thing. With the result of each router having a different IP. Yes, depending upon which one is turned on first, will determine who grabs the first one. But it really doesn't matter what value they get and in what order. The important thing is that you end up with two different public IP addresses.
If feel bad that you are still having problems with this. Have you considered having a local computer tech come out and work with you on this?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.