Solved

How to route multiple identical networks thru one router (VPN)

Posted on 2006-11-28
6
275 Views
Last Modified: 2013-11-29
I need to solve the following problem:

Customer Site (192.168.1.x) --> Router IP 123.123.123.123 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site (10.10.10.x)

Now I have to clone the hole network multiple times (all sites keep its IP net), AND using the same external IP (1.1.1.1) of the central site to establish the VPN tunnel, BUT all networks (A,B,C) must stay isolated from each other.

Customer Site A (192.168.1.x) --> Router IP 123.123.123.123 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site A (10.10.10.x)
Customer Site B (192.168.1.x) --> Router IP 166.166.166.166 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site B (10.10.10.x)
Customer Site C (192.168.1.x) --> Router IP 231.231.231.231 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site C (10.10.10.x)

Since I have only one external IP address (1.1.1.1), I obviously need an option to bind each tunnel to a LAN port on the router to isolate the networks.

I don't know, if this is even possible or not.
0
Comment
Question by:Gryzn
  • 3
  • 2
6 Comments
 
LVL 1

Expert Comment

by:davidecooper1967
ID: 18027453


What type of devices are at the remotes?  

DC
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 18027460
You need to NAT the Customer Sites to a different net.  Say, like this:

Customer Site A (192.168.1.x)--172.16.1.0/24
Customer Site B (192.168.1.x)--172.16.2.0/24
Customer Site C (192.168.1.x)--172.16.3.0/24

Then, you have tunnels set up to your central site.  In your central site network core, you could have a summary route for your customer NATs - 172.16.0.0/16 send it to your VPN box.
0
 

Author Comment

by:Gryzn
ID: 18027785
@davidcooper1967

Currently some Zywall's, Symmatec Appliances and so on...

@pseudocyber

do you mean: ?

Customer Site A (192.168.1.x) --> NATING to 172.16.1.0/24 -->Router IP 231.231.231.231 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site A (10.10.10.x)
Customer Site B (192.168.1.x) --> NATING to 172.16.2.0/24 -->Router IP 231.231.231.231 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site B (10.10.10.x)
Customer Site C (192.168.1.x) --> NATING to 172.16.3.0/24 -->Router IP 231.231.231.231 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site C (10.10.10.x)

???

So I need two routers at customers side? But there is still no isolation on the central site...


0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 27

Accepted Solution

by:
pseudocyber earned 500 total points
ID: 18028430
Yes, but the router IP's at each customer site would need to be unique.  

You could enforce "isolation" at your central vpn site by not allowing the different tunnels to route to each other.
0
 

Author Comment

by:Gryzn
ID: 18028577
This is the point. I cannot isolate it, because the router (on central site) has only ONE IP internaly (10.10.10.1), which is the gateway for (A,B and C) ...

I need a dedicated VPN Tunnel to LAN Port assignment or a way to simulate it some how.
0
 

Author Comment

by:Gryzn
ID: 18194048
Even if it seems to be possible by using a mutliple gateway router in combination with a layer3 switch...

Seems too complicated to to realize it.

0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What To Do With Surplus Rack Server, Controller and Switches? 13 50
null0 7 26
Dns issues 4 37
Internet Service Provider 3 50
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question