Understanding Differences: VPN Site-to-Site vs. VPN Gateway for Beginners

Question

Question as in the subject.
How is VPN site to site different from VPN Gateway?
I am asking for a pathological explanation because I have contact with private networks only for the first time and I learn everything slowly.

bogiebog · Answer

Zenek's site-to-site LAN (all computers in Zenek's network) connect to Bronek's LAN. The connection is transparent, i.e. nothing is installed on the bronka and zenka computers. vpn gateway - only Hania's computer (on which VPN is installed) connects with Bronek's LAN via VPN gateway. Added after 28 :

bartekb24 · Answer

Thanks for your help, I get it :)

Added after 5 [minutes]:

So you can make a site-to-site VPN with a VPN gateway by creating a second VPN gateway in Zenka's LAN in this example? But am I not quite right?

marek1712 · Answer

Not completely.
S2S VPN - You could say it's "static". It requires the configuration of local and remote LAN networks and point addresses (usually public IP addresses) that will communicate with each other.
VPN gateway (or CISCO nomenclature) Remote Access - works a bit differently. Well, you are not pointing to the subnet at the other end of the tunnel; you do not know where the client will connect from (of course you can limit it, etc - but this does not apply to the question).
Of course what he wrote bogiebog it is most accurate.

bartekb24 · Answer

Yes. I can understand what you mean.
But if I buy a router with the site to site option, I don't know if I can set up remote access? Or maybe it will have to be set in such a way that two addresses are configured in two endpoints of the LAN and VPN gateway I will not be able to do in it?

marek1712 · Answer

And it depends on the manufacturer - find out what the situation looks like in the equipment you want to buy.
Check this out NetGear . It allows you to define both S2S and RA tunnels. I would show it on the example of TP-Link, but the page is just ...

freetz_master · Answer

As you buy each FritzBox from 714x upwards, this is a VPN site to site.
Each model goes with each (Fritzboxes of course).
7141 costs ~ 130 zlotys.

Up to 7 subnets are officially supported.
Configuration is a child's play with a Windows utility, where you enter the domain name and create a configuration file that needs to be imported into Fritz.

bartekb24 · Answer

I have a Zywall zyxell 35. It has the ability to configure a VPN. But in the options, I do not see the choice of site to site or VPN Gateway anywhere. If I do not enter the gateway address on the other side (I leave the IP 0.0.0.0), the information that it is Dynamic VPN pops up. So I can create a Geteway VPN in it. That's right? And what software can be used to configure a VPN client on the computer to make it compatible with Zywall?

marek1712 · Answer

It seems that is right. In CISCO ASA, dynamic crypto-maps are used just for setting up RA connections. Can you make screenshots with drop-down lists to be sure?
As for the software ... Usually the manufacturer supplies. The general ones are, for example, ShrewSoft, you just have to arrange everything in it.

freetz_master · Answer

Who reads doesn't go wrong. ftp://ftp.zyxel.fr/ftp_download/ZyWALL_35/quick_start_guide/ZyWALL%2035_1.pdf Of course, site to site, otherwise it makes no sense on the router. Pages 13-14, all black on white. Of course you have the choice of what you need. But somehow I still do not understand: what do you want to achieve or what is the problem. Oh, this vpn on this zyxel follows a bad pptp protocol from M $. It's by the way. Because for anything to work, you must have it 1.2 devices (server / client or / and vice versa) 2.2 other subnets that you connect (one is nonsensical and site to site is not possible because site to site connects subnets) 3. DNS service, either domain name or permanent IP. All you can do is configure this box as your server, then you have to have some domain to find the router from outside. 1step myIP 0.0.0.0 secureGatewy address 0.0.0.0 2step local network -subnet remote network (what do you want, one client?) -single the rest is setting the keys. Literature And don't ask what can be done, just what you want to do.

marek1712 · Answer

ORLY? I see IPSec options here, like Ox matching L2TP / IPSec. Yes, PPTP is a WAN link. Besides, what is the problem for the router to offer both the S2S and RA tunnel options? Netgear allows it from cheaper devices, and from the more expensive CISCO ASA. @ bartekb24 - If you want to use a router as an end device for Remote Access, try this tutorial:

bartekb24 · Answer

Thanks, I'll start reading in a moment As I said before, I did not deal with VPN, so I do not fully catch what it is all about. And I want to set it up in such a way that I would have access to the local network in the company from my laptop from any network. So I have to do Remote Access, it seems to me from what I have learned so far in this topic. So I need some software on the laptop. If I read what I have in the links, I will contact you if I managed to do it.

bartekb24 · Answer

I have one more question. Do I need a public IP to use a VPN on my laptop, or can I be connected to the network, e.g. in a hotel with a private IP?

marek1712 · Answer

It can be private IP. Not from the subnet you have at home ...

bartekb24 · Answer

I set up the router as in the attachments.
Now, how do I set the options on my laptop to make it work.
Because I've been trying for two days and it doesn't work; /
I do it as follows.
I create a new connection through the create connections wizard in windows 7. There is an option to create a VPN connection. I choose it and set it in the properties like this:

Host name - My router's address (WAN address)
Virtual private network type - automatic (I also tried other options but it also does not work. In the advanced settings, I enter the password that I set in the router)
Data encryption - require encryption (other options I tried and didn't work either)
Authentication - Second option (Allow the use of these protocols).
And now when I give connect, I am prompted for a username and password.
But I didn't set anything up in the zywall. If I give OK without typing anything, it seems to start to connect, but after a while an 800 error will appear that the remote connection cannot be established.
In the firewall I have set it to pass traffic through VPN (In the router).
I have nothing in the router logs about negotiating a VPN connection with my laptop.
I have a laptop on my private network 192.168.137.0
What am I doing wrong ???
Because I have no idea what other options to change and where, i.e. on the router or laptop

bartekb24 · Answer

Nobody has any idea how to configure it?

Kostek7 · Answer

You have selected the server mode with authentication from the local router's access base, so as login and password as for the router.

marek1712 · Answer

WHAT !! ?? AUTHENTICATION Back to the topic. I guess I mentioned that you are supposed to do this with a Shrew Soft client (not a Windows client). If I have a moment in the evening, I will try to write what and how.

bartekb24 · Answer

Thanks. I tried with the client you are talking about but I can't install it at all. Crashes error during installation, can't remember what anymore.

bartekb24 · Answer

marek1712 can I count on the instruction?

bartekb24 · Answer

I can see that the topic is dead, so I close

Understanding Differences: VPN Site-to-Site vs. VPN Gateway for Beginners

Post #1

Post #2

Post #3

Post #4

Post #5

Post #6

Post #7

Post #8

Post #9

Post #10

Post #11

Post #12

Post #13

Post #14

Post #15

Post #16

Post #17

Post #18

Post #19

Post #20

Post #21

Topic summary