Solved

How to route multiple identical networks thru one router (VPN)

Posted on 2006-11-28
6
266 Views
Last Modified: 2013-11-29
I need to solve the following problem:

Customer Site (192.168.1.x) --> Router IP 123.123.123.123 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site (10.10.10.x)

Now I have to clone the hole network multiple times (all sites keep its IP net), AND using the same external IP (1.1.1.1) of the central site to establish the VPN tunnel, BUT all networks (A,B,C) must stay isolated from each other.

Customer Site A (192.168.1.x) --> Router IP 123.123.123.123 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site A (10.10.10.x)
Customer Site B (192.168.1.x) --> Router IP 166.166.166.166 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site B (10.10.10.x)
Customer Site C (192.168.1.x) --> Router IP 231.231.231.231 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site C (10.10.10.x)

Since I have only one external IP address (1.1.1.1), I obviously need an option to bind each tunnel to a LAN port on the router to isolate the networks.

I don't know, if this is even possible or not.
0
Comment
Question by:Gryzn
  • 3
  • 2
6 Comments
 
LVL 1

Expert Comment

by:davidecooper1967
Comment Utility


What type of devices are at the remotes?  

DC
0
 
LVL 27

Expert Comment

by:pseudocyber
Comment Utility
You need to NAT the Customer Sites to a different net.  Say, like this:

Customer Site A (192.168.1.x)--172.16.1.0/24
Customer Site B (192.168.1.x)--172.16.2.0/24
Customer Site C (192.168.1.x)--172.16.3.0/24

Then, you have tunnels set up to your central site.  In your central site network core, you could have a summary route for your customer NATs - 172.16.0.0/16 send it to your VPN box.
0
 

Author Comment

by:Gryzn
Comment Utility
@davidcooper1967

Currently some Zywall's, Symmatec Appliances and so on...

@pseudocyber

do you mean: ?

Customer Site A (192.168.1.x) --> NATING to 172.16.1.0/24 -->Router IP 231.231.231.231 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site A (10.10.10.x)
Customer Site B (192.168.1.x) --> NATING to 172.16.2.0/24 -->Router IP 231.231.231.231 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site B (10.10.10.x)
Customer Site C (192.168.1.x) --> NATING to 172.16.3.0/24 -->Router IP 231.231.231.231 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site C (10.10.10.x)

???

So I need two routers at customers side? But there is still no isolation on the central site...


0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 
LVL 27

Accepted Solution

by:
pseudocyber earned 500 total points
Comment Utility
Yes, but the router IP's at each customer site would need to be unique.  

You could enforce "isolation" at your central vpn site by not allowing the different tunnels to route to each other.
0
 

Author Comment

by:Gryzn
Comment Utility
This is the point. I cannot isolate it, because the router (on central site) has only ONE IP internaly (10.10.10.1), which is the gateway for (A,B and C) ...

I need a dedicated VPN Tunnel to LAN Port assignment or a way to simulate it some how.
0
 

Author Comment

by:Gryzn
Comment Utility
Even if it seems to be possible by using a mutliple gateway router in combination with a layer3 switch...

Seems too complicated to to realize it.

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now