In article , Ant Judy wrote: :I have set up a VPN using Linksys BEFSX41, but that requires that :office 1 and office 2 be on a different subnet...The devices can ping :each other across the network, but I would like them all to be on :192.168.2.xxx
Why? If they are bridged, then all broadcast traffic will have to cross the bridge. Broadcast traffic can include ARPs, NETBIOS, DHCP, ntp, and other fun things.
:So I'm wanting to BRIDGE the two LANS, right?
That would be the term.
: I've heard that some :VPN hardware has a "bridge" mode, but I can't find any hardware to do :this.
On the VPN side, try searching for "network extension mode" (e.g., the PIX 501 or 506/506E acting as a VPN client to an EzVPN server).
Note: you will note be able to do what you want using IPSec as the VPN. IPSec can operate in two modes, and in one of the modes the traffic is essentially bridged, but the RFCs for IPSec *define* that mode as being invalid for traffic through a security gateway (a device that is processing security on behalf of something else). The RFC's do allow that mode for traffic -to- the security gateway itself for the purpose of controlling the security gateway: for the purposes of such traffic, the security gateway is, de facto, a "security endpoint" and IPSec bridging is allowed between two security endpoints.
The device feature that you are looking for is sometimes called "remote bridging". "Remote bridging" in its original form is often only configurable over serial interfaces (point-to-point links.) Configuring remote bridging over the Internet usually requires encapsulating the packets for transmission, such as by using GRE (Generic Router Encapsulation).
If memory serves me, Cisco supports GRE on some models of their SOHO line, on their 800 series access devices, and on their 1700 series modular routers. (On the 1600 series too, but you would generally go for a 1700 series over a 1600 series.)
You mentioned DSL, but you did not happen to mention whether that was ADSL or SDSL (or other), and you did not happen to mention uplink and downlink speeds. One thing you really want to avoid happening when you are doing remote briding, is having a "master browser" elected on the far side of the link from the side that has a noticably bigger population of hosts: if that happens, then all the NETBIOS resource looking and registration has to go over the uplink (which might only be 128 Kbit/s) to the other end. If the master browser is on the more populated side, then most of that NETBIOS traffic will stay local to that larger side.