VPN issue with new ISP and zyxel firewall

Hi all,

I hope you can help.

old set up
internet - modem - Zyxel firewall - LAN
VPN worked fine using 2x external static IP addresses. VPN was terminated on the firewall.

New setup
Fibre broadband from Plusnet/BT
internet - BT fibre modem - Netgear 1000v3 router - Zyxel router - LAN
only 1 external IP address.
Internal 10.2.4.* address between router and firewall

No change to the other end of the VPN.

VPN will not connect.

I have had a discussion with another person who tells me I need 2x external IPs and to put the Netgear ruoter in to Bridge mode. Is this the best option? If so I have a couple of questions.

1. How do I put the Netgear router in to Bridge mode?
2. Will the router behave like it has 1 IP address both on the External ethernet port and the internal LAN port to the firewall?
3. Is there anything else I will need to do?

I hope someone can help,
Many thanks in advance.
Gareth
gareth629Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Rob WilliamsConnect With a Mentor Commented:
Units that are a combined modem and router can be put in bridge mode which effectively makes them a basic modem.  I don't belive that is possible with your configuration and the Netgear unit.  The reason for this is you VPN will not work unless the Zyxel is assigned a public IP.  There are 3 options:
1) Remove the Netgear completly from the configuration.  That may not be possible with your new service provider
2) Obtain 2 or more IP's from the ISP and configre the Netgear with 1:1 NAT to assign a public IP to the Zyxel
3) Put the Zyxel in the DMZ zone of the Netgear
0
 
nociSoftware EngineerCommented:
If ALL traphic goes through the zywall anyway you only need one address.
If the modem cannot be set in bridge mode then try to configure 1:1 nat on it.
If bridged mode cannot work try enabling NAT traversal on the IPSEC VPN tunnel.
Then "regular" UDP packets will be used to wrap the ESP packets.

Now there may be another options: [ NL ]
My fibrechannel is delivered as a multi VLAN trunk line (802.1q) 100Mbps ethernet. [ limited to 50/50 mbps] so setting up the right vlans on my firewall suffices  no modem needed anynmore.
0
All Courses

From novice to tech pro — start learning today.