Two VPNs on a single connection possible?

I am not very familiar with networking and trying to understand our network admin and get a picture of what needs to be done in the following setup:

In the main location, we have two networks physically completely separated with two different ISPs. Each network has a firewall with a public IP (completely independent from each other).

The branch location has one cable internet connection with a modem/router combined. Behind this box are two firewalls with private IP (10.0.1.x) addresses on the WAN ports separating two networks. Firewall1 has a VPN connection established with the network1 in the main office.

I am assuming that firewall1 must be initiating the VPN connection to the main office, because it is located behing the cable/router with a private IP on the WAN port. Am i correct or are there any other options?

What I am trying to do is to establish a second VPN connection between firewall2 (also located behing the cable/router with a private IP on the WAN port) and network2 in the main office.

Can the second connection interfere with the first one in any way (except taking bandwidth)?

Our admin claims that we need to assign static IP addresses for each firewall at the branch location. Is this required? If yes, why?

Thank you for clarification.
LVL 1
sonetincAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Mechanic_KharkovConnect With a Mentor Commented:
If the main office has two separated networks 1 & 2, and both has each own VPN server with it's own external IP, then there is no need to set statically IP's in branch firewalls (VPN clients) to connect to them.
Interferences may be present if networks in the main location is not properly isolated with IP's, or if in the branch location there is complex routing rules to main office networks.
As described, firewalls 1 and 2 are the VPN clients, so it doesn't matter what addresses they have, if their servers are separated well.
Maybe there are some additional network dependencies in Your setup, and the admin only knows about them. (?)
0
 
sonetincAuthor Commented:
This is what I came across yesterday...

"If the Netgear FVS318 has a dynamically obtained WAN IP address, it will not be possible to set up a VPN tunnel to the SonicWALL device, due to the way the Netgear FVS318 calculates the initialization vector for phase two. This is a Netgear issue and cannot be addressed by
SonicWALL."

It seems that Netgear has some issues when one of the ends has a dynamic IP.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.