multiple VPNs on the same CISCO-NETSCREEN nodes
Posted on 2010-09-14
I've a problem with the VPNs configured on one customer site. I'll try to explain it the best I can...
These are the equipments involved:
Customer site: CISCO 3620
Local site: Netscreen 208
Currently we have configured one IPsec VPN between both sites to communicate the customer network 10.95.0.0/16 with our local network 10.1.27.0/24.
The problem started when we wanted to include a new network in our site (10.1.29.0/24)... we started to talk time ago to deal with this matter but we don't find a common point of view, I have proposed to open our range to 10.1.0.0/16 in the encriptin domain parameter, and then route the new network through the vpn... but they said that they can't do that because they have internal networks in conflict with that range... ok... we decided to use NAT... they gave us a range to configure our site (172.19.1.0/28).
The problem with the encription domain remains the same... I have to change the parameter to allow the phase II negotiations... I don't know the CISCO equipment and then I don't know why they can't configure this parameter with 0.0.0.0/0 and then route only the networks affected (this is that we have done in our netscreen with other customers...).
Now, hundred mails later... we are trying to configure another IPSec VPN to separate the networks affected... (I think we should have another solution but I don't know how can I convice them because I don't know the CISCO world)... the problem is that they said that we have to use another ip public in our site to configure the new VPN ¿¿??... the say that the can't configure another VPN with the same parameters in the negotiatios (the only parameter that is differente is our local network...).... please help me with this matter.
Thanks in advanced