How to connect 2 VPN-Client (safeNet) from same subnet, to Office..

Hi there Gents...

Spend long time browsing through topics, but none of them seems to give any hints...

I have 1 Office with a Zywall 35. -  Support up to 35 simultaneous IPSec connections.
Connections from different single locations works just fine.

Now.. from another office... I want to have 2 clients from the same subnet, connected via Safenet VPN-clients to the Zywall at the same time.
The problem is that, one client connects and works fine,
but when the other client connects, the first gets disconnected.

I know something about not having the same ip-range or subnet.
But here´s the deal.
Client 1= 192.168.1.10 /24
Client 2= 192.168.1.20 /24
They share one DSL-modem with dynamic IP to internet.

At the Office - from internet to lan.
DSLmodem->CiscoRouter(WAN:static public IP.. InsideLAN: 192.168.1.1) ->
Zywall(WAN:192.168.1.4.. LanInside:10.0.0.1)->
Lan nodes : 10.0.0.10 - 10.0.0.50

I know the best solution would be to install VPNbox ->VPNbox..
but that´s not an issue for the company.

Any help would be great.

HHLiisborgAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob WilliamsCommented:
No question the same subnets is usually an issue, however with Safenet clients, they are connected with a virtual adapter and it may work. Wondering if the problem might be the router at that site. Some routers will only support a single VPN client (pass-through tunnel), the second is either not allowed or dropped. Can you verify if that router does in fact support multiple tunnels? What router is installed at the satellite office?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
HHLiisborgAuthor Commented:
Hi Robwill, sorry the delay..

It might have been the ISP-router ( Efficient Speedstreem). It´s gone by now.
It´s also a VPN-enabled device, but I couldn´t get access, cause of missing passwords ect.
So I installed a new vpn-router. Site-to-Site.

What I also noticed, was at the Main-office 1, they had another nat-router !! between internet an firewall.
So i had to change IP-(content) from Main-office public IP, to include the WAN-IP of the Zywall and nat-traversal on both routers.

Main-Office
> Internet - Nat-roter - Zywall - LAN

Satelite Office
> Internet - Zywall - LAN

So.. thanks for the clue, we r up an running.

PS.. If I want VPN-client access as well on the MainOffice Zywall, I just have to create
one more Gateway / Netpolicy right?
0
Rob WilliamsCommented:
>>"PS.. If I want VPN-client access as well on the MainOffice Zywall, I just have to create
one more Gateway / Netpolicy right?"
I am not familiar with the Zywall units but that is the way it would normally be done. 1 policy for software clients and 1 for each site-to-site hardware tunnel.
Glad to hear you were able to resolve.
Thanks,
--Rob
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.