Solved

Site-to-Site VPN with ISA, IP-range already taken

Posted on 2011-03-25
3
550 Views
Last Modified: 2012-05-11
Hi,

We have to set up a Site2Site VPN with a customer using ISA Server, but our internal IP range is already used on their router for another site-to-site VPN, so they linked our setup to a new range.

What are my options on ISA Server to route the ip-range they are going to use for us to our real internal range?

Basically:

Customer sends to 10.226.10.x
our internal range is 192.168.10.x

how to make our isa server translate 10.226.10.x to 192.168.10.x.

Or does this mean our only option would be to change our internal range completely?

Regards,
Joachim
0
Comment
Question by:joachimcarrein
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 2

Expert Comment

by:leetpriest
ID: 35215216
What type of hardware are they using on their side for the VPN?
0
 
LVL 13

Expert Comment

by:kdearing
ID: 35215821
All the sites really need to use different subnets, otherwise routing between sites won't work properly.
0
 
LVL 2

Accepted Solution

by:
leetpriest earned 500 total points
ID: 35216810
You can achieve this with NAT, you should not, and do not ever need to change your internal subnet. Resubnetting your internal network is far more of an administrative headache than simply creating a few static translations.

As for doing this on an ISA server, I'm not sure if it can be done. ISA server isn't as versatile as it boasts. And as I'm sure you'll find, you will have problems with that VPN once it goes idle if the remote side has forced Dead Peer detection. At any rate, you should request that your peer translate your traffic inbound on his device.

Although probably the best solution for you is to ditch the isa server completely and buy a real firewall.

0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question