VPN into a networl

Good Evening
I have a VPN box-to-box FVL328 Netgear routers; they work great; however we have a remote server connect within our org that goes out another VPN to our vendor. The other VPN has access-list that prohibit my VPN from accessing the internal Service because my remote scheme is not in the list . My  remote VPN address scheme is 10.251.85.X my internal scheme is 10.251.83.X.

My question is; is thier a way to mask the 10.251.85.x address to look like the internal address so that the VPN will respond to my VPN. I'm open to changing the router if need be or even adding a router.

Thanks in advance ...
Who is Participating?
naveedbConnect With a Mentor Commented:
You can go with a Cisco 1700 series router, or check around for other products that might be cheaper. This is what you have to do.

[84.X] --- > VPN deviceA (INTERNET) VPN deviceB <-- [83.X] -- > [NEW ROUTER NATING] --> VPN deviceC --> (INTERNET) --> CISCO --> [85.X]

We are assuming that your existing VPN deviceB is able to receive packets for 85.X network and forward them to [NEW ROUTER NATTING] which in turn is going to translate 84.X addresses into 83.X addresses then send them to VPN deviceC.

OR You may end up creating following setup if you are unable to split the 83.X network with existing hardware.

Tunnel - 1 (existing traffic from 84.X to 83.X)

[84.X] --- > VPN deviceA (INTERNET) VPN deviceB <-- [83.X]

Tunnel - 2

[84.X] --- > VPN deviceA (INTERNET) VPN deviceD <-- [90.X]  --> [NEW ROUTER NATING] --> VPN deviceC

Trnnel - 3

[83.X] -->  VPN deviceC --> (INTERNET) --> CISCO --> [85.X]

90.X will be a temporary link only used for translation traffic.

I need more information; can you draw a picture of your network, something like

10.251.83.X --> fvl328 --> remote vpn server ?

tonyg01Author Commented:
Yes I'm sorry
The internal networl IP address is 10.251.83.X to FVL328 VPN which turns into 10.251.84.X. The VPN internal that has the access-list has a Cisco router that VPN's back to the remote server. Our management compnay thats off site uses the off site address of 10.251.84.X.

Any IP on the internal network can access the VPN's router that is included in the access list. Also our commuters can no longer use the the remote servers resources because again of the address.... Prior to this Server being placed off-site everything worked great!. the  people who do the server connection do not support or help you with your VPN concerns!

Thx for your help again in advance
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Please confirm if I understand it correctly.

10.251.83.X --> FVL328(a) --> ISP--> INTERNET <-- ISP <-- FVL328(b) <-- 10.251.84.X

And now you have a second tunnel which is connected to FVL328(a) and terminating at another network which is 10.251.85.X ?

tonyg01Author Commented:
Yes; except that the second tunnel goes out the Cisco router 1711 over a seperate isp T-1 to the internet; to the server. The Cisco resides on the 10.251.83.x network. The 10.251.84.x is coming in from the outside using the FVL328 netgear VPN router. When I attempt to access the router (Cisco) it does not respond; I assume because it see's the request comming from the 10.251.84.x ip and does not respond

So, it becomes something like this:

[SITE-B] 10.251.83.X --> FVL328(a) --> ISP--> INTERNET <-- ISP <-- FVL328(b) <-- 10.251.84.X [SITE-A]
\ > T-1 --> ISP --> INTERNET <-- CISCO <-- 10.251.85.X (Server) [SITE-C]

You are trying to access Site-C from Site-A?

What you have told so far, you do not have access to the SITE-C router (Cisco) so you can not create a tunnel between SITE-A and SITE-C ?

Well; there is not much you can do with Netgear products. You can add a second router to do Netword Address Translation and then go out to Site-C. This will allow Site-C to thing the traffic is comming from Site-B when it comes from Site-A.

tonyg01Author Commented:
could you suggest a router to use; I need to mask 10.251.84.x to the site "C" router; making it think it's coming from 10.251.83.x
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.