NAT routers connecting across the Internet

It's been a while since I did anything like this, and I've never configured two NAT routers to allow each access.

Basic situation. Both routers have static IPs assigned. Both use private networking addressing for the PCs on the network. Both have NAT enabled. No other firewalling enabled on the router.

Is this a straight forward job, just requiring each router to be configured, or is it a nasty one, requiring masses of firewall ACL setups?

One bonus. Both routers are identical, and are using the same ISP.

Quite possibly depends on which routers you have.

Dead easy with two Draytek routers, for example.

Do your routers have a VPN (Virtual Private Network) option in the setup menus?

It's not that straightforward. The PCs are on private IP ranges (10.x.x.x or 192.168.x.x) that cannot be routed over the internet, so the traffic will need to be tunnelled in some way, most likely VPN.

You also need to make sure the PCs on each site are on separate subnets so you can get the routing to work.

e.g.
Site A 10.0.0.x Site B 10.0.1.x, both sites using a subnet mask of 255.255.255.0

I have achieved this before quite cheaply using Zyxel P660 ADSL routers, although I think you'd need the P662HW these days to get the built in VPN functionality. These allow you to setup encrypted IPSec tunnels between sites. It worked successfully for me for many years with this setup.

Here's the root menu list:

Login successful

-->
system
console
source Read a file of commands
help
ethernet
user
imdebug Directly access the information model
transports Bearer channels in use
ipoa
ip Configure IP router
igmp
pppoa
pppoe
rfc1483 Manipulation of RFC1483 transports
pptp Point-to-Point Tunneling Protocol
bridge Configure layer 2 bridge
dhcpclient DHCP client configuration commands
dhcpserver DHCP server configuration commands
dhcprelay
dnsrelay
dnsclient
security
firewall Firewall configuration commands
nat
adsl ADSL access command
webserver
port Physical port configuration commands
-->

This is setup in a standard PPPOA with Gdmt. Both networks are on 192.168.x.x (identical networks). Both with 255.255.255.0

That doesn't look like it has VPN capability unless you can use PPTP between the two. What routers are they?

Solwise SAR 715 (4-port router switch modem).

I think there might be a way with PPTP here:

http://www.solwise.co.uk/downloads/files/cli_manual_... (section 24 : Page 501). Not a small user manual (922 pages).

Looks like it might be possible to set one as listening dialin then dialout from the other to it.

I still think you will have to re-address one of your networks to get the routing working between the two sites.

Is it a dial-in only thing then? I did see that, but figured that since the router is about nine years old (and I still love it ), that the dial-in thing might have become an ADSL thing. I know. Not very scientific. Not dine tunneling (in networking) .

I seem to remember setting up a VNC proggie years ago, and preceeded to entertain and worry my Dad, by moving his mouse cursor and all that. Now I can't swear to it, but I have a feeling that we both had NAT routers then too. iirc the connection didn't happen too easily, but in an accidental 'Oh that's how it works' manner. Heh!

TBH maybe I didn't have NAT back then, but I'm pretty sure he did.

"Dialin" refers to setting one of the routers to listen for incoming PPTP connections, it is one of the CLI command options. PPTP will work fine over ADSL.

As for VNC that's just a case of installing it on the PC then setting up a port forward on the router to the PC for the VNC port.

Yup. I remember now.

Here's the scenario(s).

Scen 1:

Client with limited IT skills requires network backups. NAS at premises, with me doing remote access (VNC) to monitor scheduled backups.

Scen 2:

NAS at my premises. Original full backup done on a disk to disk, with incremental automatic backups by Internet (probably no more than one to ten Meg a day max).

Scenario 2 is saferbut complicated.

Thoughts?