loosain
asked on
Configure Zyxel Firewall to get VPN working. Is it as tricky as i think ?
Hi,
we have a customer that is using a zyxel-firewall behind a small router (AVM Fritzbox). Now he wants to use vpn behind the zyxel-firewall.
The problem is, that he uses 192.168.1.x as subnet and also some remote-vpn-user uses this subnet too. So i try to explain the situation:
Remote user 192.168.1.101 -> Remote Router (192.168.1.1) -> Internet -> WAN-IP Office -> Router FRitzbox 192.168.1.1 -> Zyxel -> Draytek VPN Server -> Fileserver (192.168.1.150)
This would be the wanted situation. The remoteuser wants to be able to use the shares of the Fileserver. We are not be able to change the subnet of the remote-net nor the subnet of the office.
What have i to do, to get this "construction" working ? which IP should have the draytek... I am not very familiar with the zyxel-Firewall and only a bit with static routes etc... So please, explain it for dummies :-)
We don´t want to use pptp (because of security). I would prefer ipsec.
Thanks for thinking about it !
loosain
we have a customer that is using a zyxel-firewall behind a small router (AVM Fritzbox). Now he wants to use vpn behind the zyxel-firewall.
The problem is, that he uses 192.168.1.x as subnet and also some remote-vpn-user uses this subnet too. So i try to explain the situation:
Remote user 192.168.1.101 -> Remote Router (192.168.1.1) -> Internet -> WAN-IP Office -> Router FRitzbox 192.168.1.1 -> Zyxel -> Draytek VPN Server -> Fileserver (192.168.1.150)
This would be the wanted situation. The remoteuser wants to be able to use the shares of the Fileserver. We are not be able to change the subnet of the remote-net nor the subnet of the office.
What have i to do, to get this "construction" working ? which IP should have the draytek... I am not very familiar with the zyxel-Firewall and only a bit with static routes etc... So please, explain it for dummies :-)
We don´t want to use pptp (because of security). I would prefer ipsec.
Thanks for thinking about it !
loosain
ASKER
It is hard, because the customer have many excel-sheets combined. Some of them with unc-path, some with ip...
So this would be a problem.
But maybe it is a solution to give this server a second ip-adress. The remote-users only want to access one server. So if i give them the ip-adress 192.168.50.x, the clients could access the server over 192.168.50.100 e.g.
is there any problem i don´t see at the moment ?
So this would be a problem.
But maybe it is a solution to give this server a second ip-adress. The remote-users only want to access one server. So if i give them the ip-adress 192.168.50.x, the clients could access the server over 192.168.50.100 e.g.
is there any problem i don´t see at the moment ?
If you can give the server a second IP it might work, but then you would have to route in the server.
ASKER
What do you mean with "route in the server" ?
I could access the server by \\192.168.59.100\share
The server should answer, shouldn´t it ?
I could access the server by \\192.168.59.100\share
The server should answer, shouldn´t it ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Maybe this will be the solution, but we are going to change the IP-net...
This is not going to work. The remote user needs to change subnet (192.168.100.101 or some such). VPN cannot resolve same subnets.
Can the office change? It might not be that hard.