• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 288
  • Last Modified:

VPN into a networl

Good Evening
I have a VPN box-to-box FVL328 Netgear routers; they work great; however we have a remote server connect within our org that goes out another VPN to our vendor. The other VPN has access-list that prohibit my VPN from accessing the internal Service because my remote scheme is not in the list . My  remote VPN address scheme is 10.251.85.X my internal scheme is 10.251.83.X.

My question is; is thier a way to mask the 10.251.85.x address to look like the internal address so that the VPN will respond to my VPN. I'm open to changing the router if need be or even adding a router.

Thanks in advance ...
  • 4
  • 3
1 Solution
I need more information; can you draw a picture of your network, something like

10.251.83.X --> fvl328 --> remote vpn server ?

tonyg01Author Commented:
Yes I'm sorry
The internal networl IP address is 10.251.83.X to FVL328 VPN which turns into 10.251.84.X. The VPN internal that has the access-list has a Cisco router that VPN's back to the remote server. Our management compnay thats off site uses the off site address of 10.251.84.X.

Any IP on the internal network can access the VPN's router that is included in the access list. Also our commuters can no longer use the the remote servers resources because again of the address.... Prior to this Server being placed off-site everything worked great!. the  people who do the server connection do not support or help you with your VPN concerns!

Thx for your help again in advance
Please confirm if I understand it correctly.

10.251.83.X --> FVL328(a) --> ISP--> INTERNET <-- ISP <-- FVL328(b) <-- 10.251.84.X

And now you have a second tunnel which is connected to FVL328(a) and terminating at another network which is 10.251.85.X ?

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

tonyg01Author Commented:
Yes; except that the second tunnel goes out the Cisco router 1711 over a seperate isp T-1 to the internet; to the server. The Cisco resides on the 10.251.83.x network. The 10.251.84.x is coming in from the outside using the FVL328 netgear VPN router. When I attempt to access the router (Cisco) it does not respond; I assume because it see's the request comming from the 10.251.84.x ip and does not respond

So, it becomes something like this:

[SITE-B] 10.251.83.X --> FVL328(a) --> ISP--> INTERNET <-- ISP <-- FVL328(b) <-- 10.251.84.X [SITE-A]
\ > T-1 --> ISP --> INTERNET <-- CISCO <-- 10.251.85.X (Server) [SITE-C]

You are trying to access Site-C from Site-A?

What you have told so far, you do not have access to the SITE-C router (Cisco) so you can not create a tunnel between SITE-A and SITE-C ?

Well; there is not much you can do with Netgear products. You can add a second router to do Netword Address Translation and then go out to Site-C. This will allow Site-C to thing the traffic is comming from Site-B when it comes from Site-A.

tonyg01Author Commented:
could you suggest a router to use; I need to mask 10.251.84.x to the site "C" router; making it think it's coming from 10.251.83.x
You can go with a Cisco 1700 series router, or check around for other products that might be cheaper. This is what you have to do.

[84.X] --- > VPN deviceA (INTERNET) VPN deviceB <-- [83.X] -- > [NEW ROUTER NATING] --> VPN deviceC --> (INTERNET) --> CISCO --> [85.X]

We are assuming that your existing VPN deviceB is able to receive packets for 85.X network and forward them to [NEW ROUTER NATTING] which in turn is going to translate 84.X addresses into 83.X addresses then send them to VPN deviceC.

OR You may end up creating following setup if you are unable to split the 83.X network with existing hardware.

Tunnel - 1 (existing traffic from 84.X to 83.X)

[84.X] --- > VPN deviceA (INTERNET) VPN deviceB <-- [83.X]

Tunnel - 2

[84.X] --- > VPN deviceA (INTERNET) VPN deviceD <-- [90.X]  --> [NEW ROUTER NATING] --> VPN deviceC

Trnnel - 3

[83.X] -->  VPN deviceC --> (INTERNET) --> CISCO --> [85.X]

90.X will be a temporary link only used for translation traffic.


Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now