VPN into a networl

Posted on 2006-05-01
Last Modified: 2013-11-16
Good Evening
I have a VPN box-to-box FVL328 Netgear routers; they work great; however we have a remote server connect within our org that goes out another VPN to our vendor. The other VPN has access-list that prohibit my VPN from accessing the internal Service because my remote scheme is not in the list . My  remote VPN address scheme is 10.251.85.X my internal scheme is 10.251.83.X.

My question is; is thier a way to mask the 10.251.85.x address to look like the internal address so that the VPN will respond to my VPN. I'm open to changing the router if need be or even adding a router.

Thanks in advance ...
Question by:tonyg01
    LVL 10

    Expert Comment

    I need more information; can you draw a picture of your network, something like

    10.251.83.X --> fvl328 --> remote vpn server ?


    Author Comment

    Yes I'm sorry
    The internal networl IP address is 10.251.83.X to FVL328 VPN which turns into 10.251.84.X. The VPN internal that has the access-list has a Cisco router that VPN's back to the remote server. Our management compnay thats off site uses the off site address of 10.251.84.X.

    Any IP on the internal network can access the VPN's router that is included in the access list. Also our commuters can no longer use the the remote servers resources because again of the address.... Prior to this Server being placed off-site everything worked great!. the  people who do the server connection do not support or help you with your VPN concerns!

    Thx for your help again in advance
    LVL 10

    Expert Comment

    Please confirm if I understand it correctly.

    10.251.83.X --> FVL328(a) --> ISP--> INTERNET <-- ISP <-- FVL328(b) <-- 10.251.84.X

    And now you have a second tunnel which is connected to FVL328(a) and terminating at another network which is 10.251.85.X ?


    Author Comment

    Yes; except that the second tunnel goes out the Cisco router 1711 over a seperate isp T-1 to the internet; to the server. The Cisco resides on the 10.251.83.x network. The 10.251.84.x is coming in from the outside using the FVL328 netgear VPN router. When I attempt to access the router (Cisco) it does not respond; I assume because it see's the request comming from the 10.251.84.x ip and does not respond

    LVL 10

    Expert Comment

    So, it becomes something like this:

    [SITE-B] 10.251.83.X --> FVL328(a) --> ISP--> INTERNET <-- ISP <-- FVL328(b) <-- 10.251.84.X [SITE-A]
    \ > T-1 --> ISP --> INTERNET <-- CISCO <-- 10.251.85.X (Server) [SITE-C]

    You are trying to access Site-C from Site-A?

    What you have told so far, you do not have access to the SITE-C router (Cisco) so you can not create a tunnel between SITE-A and SITE-C ?

    Well; there is not much you can do with Netgear products. You can add a second router to do Netword Address Translation and then go out to Site-C. This will allow Site-C to thing the traffic is comming from Site-B when it comes from Site-A.


    Author Comment

    could you suggest a router to use; I need to mask 10.251.84.x to the site "C" router; making it think it's coming from 10.251.83.x
    LVL 10

    Accepted Solution

    You can go with a Cisco 1700 series router, or check around for other products that might be cheaper. This is what you have to do.

    [84.X] --- > VPN deviceA (INTERNET) VPN deviceB <-- [83.X] -- > [NEW ROUTER NATING] --> VPN deviceC --> (INTERNET) --> CISCO --> [85.X]

    We are assuming that your existing VPN deviceB is able to receive packets for 85.X network and forward them to [NEW ROUTER NATTING] which in turn is going to translate 84.X addresses into 83.X addresses then send them to VPN deviceC.

    OR You may end up creating following setup if you are unable to split the 83.X network with existing hardware.

    Tunnel - 1 (existing traffic from 84.X to 83.X)

    [84.X] --- > VPN deviceA (INTERNET) VPN deviceB <-- [83.X]

    Tunnel - 2

    [84.X] --- > VPN deviceA (INTERNET) VPN deviceD <-- [90.X]  --> [NEW ROUTER NATING] --> VPN deviceC

    Trnnel - 3

    [83.X] -->  VPN deviceC --> (INTERNET) --> CISCO --> [85.X]

    90.X will be a temporary link only used for translation traffic.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
    Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now