Solved

Site-to-Site VPN with ISA, IP-range already taken

Posted on 2011-03-25
3
472 Views
Last Modified: 2012-05-11
Hi,

We have to set up a Site2Site VPN with a customer using ISA Server, but our internal IP range is already used on their router for another site-to-site VPN, so they linked our setup to a new range.

What are my options on ISA Server to route the ip-range they are going to use for us to our real internal range?

Basically:

Customer sends to 10.226.10.x
our internal range is 192.168.10.x

how to make our isa server translate 10.226.10.x to 192.168.10.x.

Or does this mean our only option would be to change our internal range completely?

Regards,
Joachim
0
Comment
Question by:joachimcarrein
  • 2
3 Comments
 
LVL 2

Expert Comment

by:leetpriest
ID: 35215216
What type of hardware are they using on their side for the VPN?
0
 
LVL 13

Expert Comment

by:kdearing
ID: 35215821
All the sites really need to use different subnets, otherwise routing between sites won't work properly.
0
 
LVL 2

Accepted Solution

by:
leetpriest earned 500 total points
ID: 35216810
You can achieve this with NAT, you should not, and do not ever need to change your internal subnet. Resubnetting your internal network is far more of an administrative headache than simply creating a few static translations.

As for doing this on an ISA server, I'm not sure if it can be done. ISA server isn't as versatile as it boasts. And as I'm sure you'll find, you will have problems with that VPN once it goes idle if the remote side has forced Dead Peer detection. At any rate, you should request that your peer translate your traffic inbound on his device.

Although probably the best solution for you is to ditch the isa server completely and buy a real firewall.

0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now