Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Configure Zyxel Firewall to get VPN working. Is it as tricky as i think ?

Posted on 2015-01-29
6
Medium Priority
?
300 Views
Last Modified: 2015-05-14
Hi,

we have a customer that is using a zyxel-firewall behind a small router (AVM Fritzbox). Now he wants to use vpn behind the zyxel-firewall.
The problem is, that he uses 192.168.1.x as subnet and also some remote-vpn-user uses this subnet too. So i try to explain the situation:

Remote user 192.168.1.101 -> Remote Router (192.168.1.1) -> Internet -> WAN-IP Office -> Router FRitzbox 192.168.1.1 -> Zyxel -> Draytek VPN Server -> Fileserver (192.168.1.150)

This would be the wanted situation. The remoteuser wants to be able to use the shares of the Fileserver. We are not be able to change the subnet of the remote-net nor the subnet of the office.

What have i to do, to get this "construction" working ? which IP should have the draytek... I am not very familiar with the zyxel-Firewall and only a bit with static routes etc... So please, explain it for dummies :-)

We don´t want to use pptp (because of security). I would prefer ipsec.

Thanks for thinking about it !

loosain
0
Comment
Question by:loosain
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 98

Expert Comment

by:John Hurst
ID: 40577306
Remote user 192.168.1.101 -> Remote Router (192.168.1.1) -> Internet -> WAN-IP Office -> Router FRitzbox 192.168.1.1 -> Zyxel -> Draytek VPN Server -> Fileserver (192.168.1.150)

This is not going to work. The remote user needs to change subnet (192.168.100.101 or some such). VPN cannot resolve same subnets.

Can the office change?  It might not be that hard.
0
 

Author Comment

by:loosain
ID: 40583627
It is hard, because the customer have many excel-sheets combined. Some of them with unc-path, some with ip...
So this would be a problem.

But maybe it is a solution to give this server a second ip-adress. The remote-users only want to access one server. So if i give them the ip-adress 192.168.50.x, the clients could access the server over 192.168.50.100 e.g.

is there any problem i don´t see at the moment ?
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 40583667
If you can give the server a second IP it might work, but then you would have to route in the server.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:loosain
ID: 40583675
What do you mean with "route in the server" ?
I could access the server by \\192.168.59.100\share
The server should answer, shouldn´t it ?
0
 
LVL 98

Accepted Solution

by:
John Hurst earned 2000 total points
ID: 40583701
The server will (should) answer on the new IP with no problem. If it can also talk to the .1 traffic you should be fine. Try it and see how it works.
0
 

Author Closing Comment

by:loosain
ID: 40778109
Maybe this will be the solution, but we are going to change the IP-net...
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question