?
Solved

Two VPNs on a single connection possible?

Posted on 2009-04-04
2
Medium Priority
?
264 Views
Last Modified: 2012-05-06
I am not very familiar with networking and trying to understand our network admin and get a picture of what needs to be done in the following setup:

In the main location, we have two networks physically completely separated with two different ISPs. Each network has a firewall with a public IP (completely independent from each other).

The branch location has one cable internet connection with a modem/router combined. Behind this box are two firewalls with private IP (10.0.1.x) addresses on the WAN ports separating two networks. Firewall1 has a VPN connection established with the network1 in the main office.

I am assuming that firewall1 must be initiating the VPN connection to the main office, because it is located behing the cable/router with a private IP on the WAN port. Am i correct or are there any other options?

What I am trying to do is to establish a second VPN connection between firewall2 (also located behing the cable/router with a private IP on the WAN port) and network2 in the main office.

Can the second connection interfere with the first one in any way (except taking bandwidth)?

Our admin claims that we need to assign static IP addresses for each firewall at the branch location. Is this required? If yes, why?

Thank you for clarification.
0
Comment
Question by:sonetinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Accepted Solution

by:
Mechanic_Kharkov earned 1000 total points
ID: 24069732
If the main office has two separated networks 1 & 2, and both has each own VPN server with it's own external IP, then there is no need to set statically IP's in branch firewalls (VPN clients) to connect to them.
Interferences may be present if networks in the main location is not properly isolated with IP's, or if in the branch location there is complex routing rules to main office networks.
As described, firewalls 1 and 2 are the VPN clients, so it doesn't matter what addresses they have, if their servers are separated well.
Maybe there are some additional network dependencies in Your setup, and the admin only knows about them. (?)
0
 
LVL 1

Author Closing Comment

by:sonetinc
ID: 31566659
This is what I came across yesterday...

"If the Netgear FVS318 has a dynamically obtained WAN IP address, it will not be possible to set up a VPN tunnel to the SonicWALL device, due to the way the Netgear FVS318 calculates the initialization vector for phase two. This is a Netgear issue and cannot be addressed by
SonicWALL."

It seems that Netgear has some issues when one of the ends has a dynamic IP.
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question