• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 305
  • Last Modified:

Configure Zyxel Firewall to get VPN working. Is it as tricky as i think ?

Hi,

we have a customer that is using a zyxel-firewall behind a small router (AVM Fritzbox). Now he wants to use vpn behind the zyxel-firewall.
The problem is, that he uses 192.168.1.x as subnet and also some remote-vpn-user uses this subnet too. So i try to explain the situation:

Remote user 192.168.1.101 -> Remote Router (192.168.1.1) -> Internet -> WAN-IP Office -> Router FRitzbox 192.168.1.1 -> Zyxel -> Draytek VPN Server -> Fileserver (192.168.1.150)

This would be the wanted situation. The remoteuser wants to be able to use the shares of the Fileserver. We are not be able to change the subnet of the remote-net nor the subnet of the office.

What have i to do, to get this "construction" working ? which IP should have the draytek... I am not very familiar with the zyxel-Firewall and only a bit with static routes etc... So please, explain it for dummies :-)

We don´t want to use pptp (because of security). I would prefer ipsec.

Thanks for thinking about it !

loosain
0
loosain
Asked:
loosain
  • 3
  • 3
1 Solution
 
John HurstBusiness Consultant (Owner)Commented:
Remote user 192.168.1.101 -> Remote Router (192.168.1.1) -> Internet -> WAN-IP Office -> Router FRitzbox 192.168.1.1 -> Zyxel -> Draytek VPN Server -> Fileserver (192.168.1.150)

This is not going to work. The remote user needs to change subnet (192.168.100.101 or some such). VPN cannot resolve same subnets.

Can the office change?  It might not be that hard.
0
 
loosainAuthor Commented:
It is hard, because the customer have many excel-sheets combined. Some of them with unc-path, some with ip...
So this would be a problem.

But maybe it is a solution to give this server a second ip-adress. The remote-users only want to access one server. So if i give them the ip-adress 192.168.50.x, the clients could access the server over 192.168.50.100 e.g.

is there any problem i don´t see at the moment ?
0
 
John HurstBusiness Consultant (Owner)Commented:
If you can give the server a second IP it might work, but then you would have to route in the server.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
loosainAuthor Commented:
What do you mean with "route in the server" ?
I could access the server by \\192.168.59.100\share
The server should answer, shouldn´t it ?
0
 
John HurstBusiness Consultant (Owner)Commented:
The server will (should) answer on the new IP with no problem. If it can also talk to the .1 traffic you should be fine. Try it and see how it works.
0
 
loosainAuthor Commented:
Maybe this will be the solution, but we are going to change the IP-net...
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now