[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 617
  • Last Modified:

Site-to-Site VPN with ISA, IP-range already taken

Hi,

We have to set up a Site2Site VPN with a customer using ISA Server, but our internal IP range is already used on their router for another site-to-site VPN, so they linked our setup to a new range.

What are my options on ISA Server to route the ip-range they are going to use for us to our real internal range?

Basically:

Customer sends to 10.226.10.x
our internal range is 192.168.10.x

how to make our isa server translate 10.226.10.x to 192.168.10.x.

Or does this mean our only option would be to change our internal range completely?

Regards,
Joachim
0
Joachim Carrein
Asked:
Joachim Carrein
  • 2
1 Solution
 
leetpriestCommented:
What type of hardware are they using on their side for the VPN?
0
 
kdearingCommented:
All the sites really need to use different subnets, otherwise routing between sites won't work properly.
0
 
leetpriestCommented:
You can achieve this with NAT, you should not, and do not ever need to change your internal subnet. Resubnetting your internal network is far more of an administrative headache than simply creating a few static translations.

As for doing this on an ISA server, I'm not sure if it can be done. ISA server isn't as versatile as it boasts. And as I'm sure you'll find, you will have problems with that VPN once it goes idle if the remote side has forced Dead Peer detection. At any rate, you should request that your peer translate your traffic inbound on his device.

Although probably the best solution for you is to ditch the isa server completely and buy a real firewall.

0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now