Update...I got the Motorola/Netopia 3347 modem/gateway/router installed. DSL line connects directly to it. It is set up to acquire its WAN IP address from the ISP, which gets the static IP address set up as the gateway (nnn.nnn.nnn.22). It has a LAN IP address of 192.168.1.1. The 3347 has wireless capability, but I have it disabled.
The two Netgear routers have their WAN ports connected to LAN ports on the 3347. The routers are set up to use static IP addresses on the WAN side, but the static IP addresses are not the real static IP addresses assigned by the ISP. Instead, they are 192.168.1.nnn with a subnet mask of 255.255.255.0. The 3347 uses IP mapping to map a real static IP address (nnn.nnn.nnn.21 and nnn.nnn.nnn.20, respectively) to each router's LAN IP address (192.168.1.nnn).
Each router has a different private IP address subnet. One is 192.168.2.nnn and the other is 192.168.3.nnn. The routers' DHCP servers are set up to dynamically assign the same private IP address to each laptop based on the laptop's MAC address and the NIC it is using, i.e., wired or wireless. The Netgear SRXN3205 router has wireless built in, and it will be the primary wireless AP. That way, I will always know the IP address of the laptop depending on which router it is connected to and how it is connected.
So far, everything works great. I can get to the internet from PC's on either router. I can get to either router via it's public IP address. The private LANs are isolated from each other. I can establish a SSL VPN connection between a PC on the wired LAN and the wireless router's LAN. I need to do a router firmware update on the wired router (to get 64 bit support) before I can establish a SSL VPN connection from a wireless LAN PC to the wired LAN. I did a tracert from a PC on the wireless LAN to the public IP address for the wired router, and it goes to the 3347 but doesn't go back to the ISP. I guess the 3347 has enough smarts in it to route it directly to the wired router? One potential negative is that the router side of the 3347 is 100Mb instead of Gb like the rest of my LAN, so traffic going thru it is not as fast as between other switches. However, in reality it's not a problem because I will probably only be going between LANs when the PC is using a wireless connection, so that will limit it more than the 100Mb router.
Two things left to do...first, make a printer on the wired LAN available to a PC on the wireless LAN, without having to establish a VPN connection first. I thought of hanging the printer off the 3347 router and IP map a static IP address to it. Not sure if that will work, and not sure if it is a good idea to do so. Any other way to do this via routing rules, port forwarding, etc.? If so, specific instructions, please.
Second...I want to make establishing the SSL VPN connection to the wired LAN as simple as possible. I can create a desktop icon that when clicked will open Internet Explorer and go to the URL that will display the wired LAN's SSL VPN login screen. I would like to take it one step further and actually have the user ID (and optionally, the password) entered on the login screen. That way, all my wife has to do is click on the desktop icon, then click on the login screen's continue button. If I could automate the continue button, that would be even better. The vendor doesn't have any suggestions on how to do any of this. Anyone know of a way?
Thanks,
Ira