VPN issue with new ISP and zyxel firewall

Hi all,

I hope you can help.

old set up
internet - modem - Zyxel firewall - LAN
VPN worked fine using 2x external static IP addresses. VPN was terminated on the firewall.

New setup
Fibre broadband from Plusnet/BT
internet - BT fibre modem - Netgear 1000v3 router - Zyxel router - LAN
only 1 external IP address.
Internal 10.2.4.* address between router and firewall

No change to the other end of the VPN.

VPN will not connect.

I have had a discussion with another person who tells me I need 2x external IPs and to put the Netgear ruoter in to Bridge mode. Is this the best option? If so I have a couple of questions.

1. How do I put the Netgear router in to Bridge mode?
2. Will the router behave like it has 1 IP address both on the External ethernet port and the internal LAN port to the firewall?
3. Is there anything else I will need to do?

I hope someone can help,
Many thanks in advance.
Gareth
Gareth McKeeCEO/OwnerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob WilliamsCommented:
Units that are a combined modem and router can be put in bridge mode which effectively makes them a basic modem.  I don't belive that is possible with your configuration and the Netgear unit.  The reason for this is you VPN will not work unless the Zyxel is assigned a public IP.  There are 3 options:
1) Remove the Netgear completly from the configuration.  That may not be possible with your new service provider
2) Obtain 2 or more IP's from the ISP and configre the Netgear with 1:1 NAT to assign a public IP to the Zyxel
3) Put the Zyxel in the DMZ zone of the Netgear
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nociSoftware EngineerCommented:
If ALL traphic goes through the zywall anyway you only need one address.
If the modem cannot be set in bridge mode then try to configure 1:1 nat on it.
If bridged mode cannot work try enabling NAT traversal on the IPSEC VPN tunnel.
Then "regular" UDP packets will be used to wrap the ESP packets.

Now there may be another options: [ NL ]
My fibrechannel is delivered as a multi VLAN trunk line (802.1q) 100Mbps ethernet. [ limited to 50/50 mbps] so setting up the right vlans on my firewall suffices  no modem needed anynmore.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.