Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

IPSec VPN Issue

  • 11-04-2007 9:24am
    #1
    Closed Accounts Posts: 92 ✭✭


    Hello,
    We have a ZyWall 1050 Internet Security Application running as our main router and in there we have over 30 VPN tunnels established to many different sites.

    So far everything is running rock solid and no issues, but going forward we want to forsee any protential issues we may have and try to address them now.

    Here's the hot topic for us today:
    2 Remote sites with the same local IP Ranges.

    Let's just say if both sites were very big and changing IP addresses was not a running option on the table, would anyone know anther way of being able to VPN to both sites with still maintaining the local IP addresses?

    The suggestion that I'm trying to run with right now is like this:

    SITE "A"
    Real local Addresses: 10.100.2.0

    SITE "B"
    Real local Addresses: 10.100.2.0

    However, in the ZyXel 1050, we maybe set SITE "A" as having a different subnet/IP range (10.120.2.0) and have a out-bound NAT rule that would convert any out going traffic matching that rule to the correct site and the correct subnet/range.

    Now, question - does anyone think this is possible?
    Has anyone come across this issue before and have you overcome it another way?


    Many Thanks,
    Joe Leavy


Comments

  • Registered Users, Registered Users 2 Posts: 4,162 ✭✭✭_CreeD_


    NAT is the only way to do it. The device support is another story.


  • Moderators, Computer Games Moderators Posts: 2,975 Mod ✭✭✭✭LoGiE


    _CreeD_ wrote:
    NAT is the only way to do it. The device support is another story.

    What he said! Seeing as how your looking to the future it might be worth while standardizing the IP ranges you use. Even if it's a big site a dhcp server will make in an easy job.


Advertisement