Solved

VPN issue with new ISP and zyxel firewall

Posted on 2012-04-13
2
594 Views
Last Modified: 2012-04-18
Hi all,

I hope you can help.

old set up
internet - modem - Zyxel firewall - LAN
VPN worked fine using 2x external static IP addresses. VPN was terminated on the firewall.

New setup
Fibre broadband from Plusnet/BT
internet - BT fibre modem - Netgear 1000v3 router - Zyxel router - LAN
only 1 external IP address.
Internal 10.2.4.* address between router and firewall

No change to the other end of the VPN.

VPN will not connect.

I have had a discussion with another person who tells me I need 2x external IPs and to put the Netgear ruoter in to Bridge mode. Is this the best option? If so I have a couple of questions.

1. How do I put the Netgear router in to Bridge mode?
2. Will the router behave like it has 1 IP address both on the External ethernet port and the internal LAN port to the firewall?
3. Is there anything else I will need to do?

I hope someone can help,
Many thanks in advance.
Gareth
0
Comment
Question by:gareth629
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 37845607
Units that are a combined modem and router can be put in bridge mode which effectively makes them a basic modem.  I don't belive that is possible with your configuration and the Netgear unit.  The reason for this is you VPN will not work unless the Zyxel is assigned a public IP.  There are 3 options:
1) Remove the Netgear completly from the configuration.  That may not be possible with your new service provider
2) Obtain 2 or more IP's from the ISP and configre the Netgear with 1:1 NAT to assign a public IP to the Zyxel
3) Put the Zyxel in the DMZ zone of the Netgear
0
 
LVL 40

Expert Comment

by:noci
ID: 37845801
If ALL traphic goes through the zywall anyway you only need one address.
If the modem cannot be set in bridge mode then try to configure 1:1 nat on it.
If bridged mode cannot work try enabling NAT traversal on the IPSEC VPN tunnel.
Then "regular" UDP packets will be used to wrap the ESP packets.

Now there may be another options: [ NL ]
My fibrechannel is delivered as a multi VLAN trunk line (802.1q) 100Mbps ethernet. [ limited to 50/50 mbps] so setting up the right vlans on my firewall suffices  no modem needed anynmore.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question