Solved

How to route multiple identical networks thru one router (VPN)

Posted on 2006-11-28
6
271 Views
Last Modified: 2013-11-29
I need to solve the following problem:

Customer Site (192.168.1.x) --> Router IP 123.123.123.123 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site (10.10.10.x)

Now I have to clone the hole network multiple times (all sites keep its IP net), AND using the same external IP (1.1.1.1) of the central site to establish the VPN tunnel, BUT all networks (A,B,C) must stay isolated from each other.

Customer Site A (192.168.1.x) --> Router IP 123.123.123.123 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site A (10.10.10.x)
Customer Site B (192.168.1.x) --> Router IP 166.166.166.166 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site B (10.10.10.x)
Customer Site C (192.168.1.x) --> Router IP 231.231.231.231 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site C (10.10.10.x)

Since I have only one external IP address (1.1.1.1), I obviously need an option to bind each tunnel to a LAN port on the router to isolate the networks.

I don't know, if this is even possible or not.
0
Comment
Question by:Gryzn
  • 3
  • 2
6 Comments
 
LVL 1

Expert Comment

by:davidecooper1967
ID: 18027453


What type of devices are at the remotes?  

DC
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 18027460
You need to NAT the Customer Sites to a different net.  Say, like this:

Customer Site A (192.168.1.x)--172.16.1.0/24
Customer Site B (192.168.1.x)--172.16.2.0/24
Customer Site C (192.168.1.x)--172.16.3.0/24

Then, you have tunnels set up to your central site.  In your central site network core, you could have a summary route for your customer NATs - 172.16.0.0/16 send it to your VPN box.
0
 

Author Comment

by:Gryzn
ID: 18027785
@davidcooper1967

Currently some Zywall's, Symmatec Appliances and so on...

@pseudocyber

do you mean: ?

Customer Site A (192.168.1.x) --> NATING to 172.16.1.0/24 -->Router IP 231.231.231.231 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site A (10.10.10.x)
Customer Site B (192.168.1.x) --> NATING to 172.16.2.0/24 -->Router IP 231.231.231.231 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site B (10.10.10.x)
Customer Site C (192.168.1.x) --> NATING to 172.16.3.0/24 -->Router IP 231.231.231.231 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site C (10.10.10.x)

???

So I need two routers at customers side? But there is still no isolation on the central site...


0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 27

Accepted Solution

by:
pseudocyber earned 500 total points
ID: 18028430
Yes, but the router IP's at each customer site would need to be unique.  

You could enforce "isolation" at your central vpn site by not allowing the different tunnels to route to each other.
0
 

Author Comment

by:Gryzn
ID: 18028577
This is the point. I cannot isolate it, because the router (on central site) has only ONE IP internaly (10.10.10.1), which is the gateway for (A,B and C) ...

I need a dedicated VPN Tunnel to LAN Port assignment or a way to simulate it some how.
0
 

Author Comment

by:Gryzn
ID: 18194048
Even if it seems to be possible by using a mutliple gateway router in combination with a layer3 switch...

Seems too complicated to to realize it.

0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Possible RST Flood on IF X0 Sonicwall 6 190
Failing ALG SIP test for new VoIP phone system 4 49
By pass website on ASA for Websense 4 55
VIRTUAL NETWORKING 3 38
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now