Remote connection to multiple Ethernet networks?

We've been implementing a setup allowing us to remote connect via the Internet (using the customers internet connection - jumping onto their LAN) but have hit a snag.

What we want to do:

Connect from our office to a machine anywhere in the world. Each network has 2 Ethernet networks (10.0.x.y) where the x is one of 2 subnets per machine, and y would be the device (upto 10 per subnet).

We need to get a VPN connection through and ideally have a single modem/router in each machine capable of VPN'ing through to both the networks. The two networks don't need to talk to each other on the machine.

We were going to go with a system from Insys (MOROS) but apparently it can't support 2 subnets on its downstream side (i.e. on the machine).

Anyone got any ideas? We've just to the expense of installing a leased line to facilitate this our end and the plan has just gone up in smoke...and I'm about to fly half way around the world to install these on a machine!

It sounds like you just need to set your subnet mask correctly. Try setting it to 255.255.0.0 and see if you can get through to both. If that works, then we can get some more details and tie it down real tight.

The series 4000 WebPort VPN device from Spectrum Controls has 2 network adapters. One for the network with Internet access, and one for the isolated controls network, so you don't have to tie the controls network to the Internet. Maybe this is what you are looking for?

The MOROS system we were going to use doesn't allow two subnets to be connected to it (although it has 4 ports and is a switch); basically although you can set your Subnet Mask to 255.255.0.0 it won't work - according to their technical guy who came to visit us yesterday.

What we need is effectively 3 networks; one upstream (customers internet accessible network), plus our 2 downstream networks (one is PLC programming, the other actually contains our vision systems).

At our end we need to be able to connect to either of our subnets from a single location/port (i.e. our office network/internet connection, hotel rooms or maybe a mobile GSM type connection).

Think it might be just as well to sketch it down quickly - might make more sense as a series of lines!

I don't have some of the basic knowledge on IP addrresses so there may be an easy solution. My more complex solution is to add a second Router, the WAN/(LAN ext) port of the second Router is connected to a LAN port on the first. LAN on first Router will be 10.0.x.y and the second Router WAN/(LAN ext) will be part of that subnet. You VPN into the first router and have easy access to things connected to the first Router. For the second Router subnet you can either use Port forwarding to access things on its LAN or I think you may be able to VPN to the second Router via the VPN connection of the first. If that doesn't make sense then I can soon sketch a drawing.

I looked at the manual for the MOROS and it does have some strange settings that it asks for, why it needs to know the subnet for the Remote incoming connection is very strange. It is a shame that people like Netgear or D-Link don't make hardened versions of their Routers, it would make life a lot easier.

Bryan

For a quick-fix, go pick up a Linksys WRT54G and load DD-WRT VPN firmware onto the unit. You can create multiple routable VLANs on the unit. Configuration of the VLANs was a bear, but once the port numbering scheme was figured out it worked like a charm. Not for the faint-hearted however. We had one that was providing VPN access, routing 3 networks, and updating a dynamic dns server due to our dynamic IP from the dsl connection. The most difficult piece was the VLAN routing, the VPN portion was quite simple.

Richard