Solved

VPN issue with new ISP and zyxel firewall

Posted on 2012-04-13
2
585 Views
Last Modified: 2012-04-18
Hi all,

I hope you can help.

old set up
internet - modem - Zyxel firewall - LAN
VPN worked fine using 2x external static IP addresses. VPN was terminated on the firewall.

New setup
Fibre broadband from Plusnet/BT
internet - BT fibre modem - Netgear 1000v3 router - Zyxel router - LAN
only 1 external IP address.
Internal 10.2.4.* address between router and firewall

No change to the other end of the VPN.

VPN will not connect.

I have had a discussion with another person who tells me I need 2x external IPs and to put the Netgear ruoter in to Bridge mode. Is this the best option? If so I have a couple of questions.

1. How do I put the Netgear router in to Bridge mode?
2. Will the router behave like it has 1 IP address both on the External ethernet port and the internal LAN port to the firewall?
3. Is there anything else I will need to do?

I hope someone can help,
Many thanks in advance.
Gareth
0
Comment
Question by:gareth629
2 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
Comment Utility
Units that are a combined modem and router can be put in bridge mode which effectively makes them a basic modem.  I don't belive that is possible with your configuration and the Netgear unit.  The reason for this is you VPN will not work unless the Zyxel is assigned a public IP.  There are 3 options:
1) Remove the Netgear completly from the configuration.  That may not be possible with your new service provider
2) Obtain 2 or more IP's from the ISP and configre the Netgear with 1:1 NAT to assign a public IP to the Zyxel
3) Put the Zyxel in the DMZ zone of the Netgear
0
 
LVL 39

Expert Comment

by:noci
Comment Utility
If ALL traphic goes through the zywall anyway you only need one address.
If the modem cannot be set in bridge mode then try to configure 1:1 nat on it.
If bridged mode cannot work try enabling NAT traversal on the IPSEC VPN tunnel.
Then "regular" UDP packets will be used to wrap the ESP packets.

Now there may be another options: [ NL ]
My fibrechannel is delivered as a multi VLAN trunk line (802.1q) 100Mbps ethernet. [ limited to 50/50 mbps] so setting up the right vlans on my firewall suffices  no modem needed anynmore.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now