• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 306
  • Last Modified:

How to route multiple identical networks thru one router (VPN)

I need to solve the following problem:

Customer Site (192.168.1.x) --> Router IP 123.123.123.123 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site (10.10.10.x)

Now I have to clone the hole network multiple times (all sites keep its IP net), AND using the same external IP (1.1.1.1) of the central site to establish the VPN tunnel, BUT all networks (A,B,C) must stay isolated from each other.

Customer Site A (192.168.1.x) --> Router IP 123.123.123.123 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site A (10.10.10.x)
Customer Site B (192.168.1.x) --> Router IP 166.166.166.166 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site B (10.10.10.x)
Customer Site C (192.168.1.x) --> Router IP 231.231.231.231 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site C (10.10.10.x)

Since I have only one external IP address (1.1.1.1), I obviously need an option to bind each tunnel to a LAN port on the router to isolate the networks.

I don't know, if this is even possible or not.
0
Gryzn
Asked:
Gryzn
  • 3
  • 2
1 Solution
 
davidecooper1967Commented:


What type of devices are at the remotes?  

DC
0
 
pseudocyberCommented:
You need to NAT the Customer Sites to a different net.  Say, like this:

Customer Site A (192.168.1.x)--172.16.1.0/24
Customer Site B (192.168.1.x)--172.16.2.0/24
Customer Site C (192.168.1.x)--172.16.3.0/24

Then, you have tunnels set up to your central site.  In your central site network core, you could have a summary route for your customer NATs - 172.16.0.0/16 send it to your VPN box.
0
 
GryznAuthor Commented:
@davidcooper1967

Currently some Zywall's, Symmatec Appliances and so on...

@pseudocyber

do you mean: ?

Customer Site A (192.168.1.x) --> NATING to 172.16.1.0/24 -->Router IP 231.231.231.231 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site A (10.10.10.x)
Customer Site B (192.168.1.x) --> NATING to 172.16.2.0/24 -->Router IP 231.231.231.231 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site B (10.10.10.x)
Customer Site C (192.168.1.x) --> NATING to 172.16.3.0/24 -->Router IP 231.231.231.231 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site C (10.10.10.x)

???

So I need two routers at customers side? But there is still no isolation on the central site...


0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
pseudocyberCommented:
Yes, but the router IP's at each customer site would need to be unique.  

You could enforce "isolation" at your central vpn site by not allowing the different tunnels to route to each other.
0
 
GryznAuthor Commented:
This is the point. I cannot isolate it, because the router (on central site) has only ONE IP internaly (10.10.10.1), which is the gateway for (A,B and C) ...

I need a dedicated VPN Tunnel to LAN Port assignment or a way to simulate it some how.
0
 
GryznAuthor Commented:
Even if it seems to be possible by using a mutliple gateway router in combination with a layer3 switch...

Seems too complicated to to realize it.

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now