?
Solved

How to route multiple identical networks thru one router (VPN)

Posted on 2006-11-28
6
Medium Priority
?
289 Views
Last Modified: 2013-11-29
I need to solve the following problem:

Customer Site (192.168.1.x) --> Router IP 123.123.123.123 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site (10.10.10.x)

Now I have to clone the hole network multiple times (all sites keep its IP net), AND using the same external IP (1.1.1.1) of the central site to establish the VPN tunnel, BUT all networks (A,B,C) must stay isolated from each other.

Customer Site A (192.168.1.x) --> Router IP 123.123.123.123 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site A (10.10.10.x)
Customer Site B (192.168.1.x) --> Router IP 166.166.166.166 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site B (10.10.10.x)
Customer Site C (192.168.1.x) --> Router IP 231.231.231.231 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site C (10.10.10.x)

Since I have only one external IP address (1.1.1.1), I obviously need an option to bind each tunnel to a LAN port on the router to isolate the networks.

I don't know, if this is even possible or not.
0
Comment
Question by:Gryzn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 1

Expert Comment

by:davidecooper1967
ID: 18027453


What type of devices are at the remotes?  

DC
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 18027460
You need to NAT the Customer Sites to a different net.  Say, like this:

Customer Site A (192.168.1.x)--172.16.1.0/24
Customer Site B (192.168.1.x)--172.16.2.0/24
Customer Site C (192.168.1.x)--172.16.3.0/24

Then, you have tunnels set up to your central site.  In your central site network core, you could have a summary route for your customer NATs - 172.16.0.0/16 send it to your VPN box.
0
 

Author Comment

by:Gryzn
ID: 18027785
@davidcooper1967

Currently some Zywall's, Symmatec Appliances and so on...

@pseudocyber

do you mean: ?

Customer Site A (192.168.1.x) --> NATING to 172.16.1.0/24 -->Router IP 231.231.231.231 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site A (10.10.10.x)
Customer Site B (192.168.1.x) --> NATING to 172.16.2.0/24 -->Router IP 231.231.231.231 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site B (10.10.10.x)
Customer Site C (192.168.1.x) --> NATING to 172.16.3.0/24 -->Router IP 231.231.231.231 --> VPN Tunnel --> Router IP 1.1.1.1 --> Central Site C (10.10.10.x)

???

So I need two routers at customers side? But there is still no isolation on the central site...


0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 27

Accepted Solution

by:
pseudocyber earned 1000 total points
ID: 18028430
Yes, but the router IP's at each customer site would need to be unique.  

You could enforce "isolation" at your central vpn site by not allowing the different tunnels to route to each other.
0
 

Author Comment

by:Gryzn
ID: 18028577
This is the point. I cannot isolate it, because the router (on central site) has only ONE IP internaly (10.10.10.1), which is the gateway for (A,B and C) ...

I need a dedicated VPN Tunnel to LAN Port assignment or a way to simulate it some how.
0
 

Author Comment

by:Gryzn
ID: 18194048
Even if it seems to be possible by using a mutliple gateway router in combination with a layer3 switch...

Seems too complicated to to realize it.

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Make the most of your online learning experience.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month15 days, 8 hours left to enroll

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question