Solved

VPN issue with new ISP and zyxel firewall

Posted on 2012-04-13
2
589 Views
Last Modified: 2012-04-18
Hi all,

I hope you can help.

old set up
internet - modem - Zyxel firewall - LAN
VPN worked fine using 2x external static IP addresses. VPN was terminated on the firewall.

New setup
Fibre broadband from Plusnet/BT
internet - BT fibre modem - Netgear 1000v3 router - Zyxel router - LAN
only 1 external IP address.
Internal 10.2.4.* address between router and firewall

No change to the other end of the VPN.

VPN will not connect.

I have had a discussion with another person who tells me I need 2x external IPs and to put the Netgear ruoter in to Bridge mode. Is this the best option? If so I have a couple of questions.

1. How do I put the Netgear router in to Bridge mode?
2. Will the router behave like it has 1 IP address both on the External ethernet port and the internal LAN port to the firewall?
3. Is there anything else I will need to do?

I hope someone can help,
Many thanks in advance.
Gareth
0
Comment
Question by:gareth629
2 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 37845607
Units that are a combined modem and router can be put in bridge mode which effectively makes them a basic modem.  I don't belive that is possible with your configuration and the Netgear unit.  The reason for this is you VPN will not work unless the Zyxel is assigned a public IP.  There are 3 options:
1) Remove the Netgear completly from the configuration.  That may not be possible with your new service provider
2) Obtain 2 or more IP's from the ISP and configre the Netgear with 1:1 NAT to assign a public IP to the Zyxel
3) Put the Zyxel in the DMZ zone of the Netgear
0
 
LVL 40

Expert Comment

by:noci
ID: 37845801
If ALL traphic goes through the zywall anyway you only need one address.
If the modem cannot be set in bridge mode then try to configure 1:1 nat on it.
If bridged mode cannot work try enabling NAT traversal on the IPSEC VPN tunnel.
Then "regular" UDP packets will be used to wrap the ESP packets.

Now there may be another options: [ NL ]
My fibrechannel is delivered as a multi VLAN trunk line (802.1q) 100Mbps ethernet. [ limited to 50/50 mbps] so setting up the right vlans on my firewall suffices  no modem needed anynmore.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

823 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question