I need to do a site to site IPSec VPN with an outside vendor so they can access a server on my network. On my end I am using a Cisco RV320 Small Business VPN Router. RV320 Manual
The vendor and I both use the same subnet 10.1.10.0. Neither of us can change our subnet.
My office is pretty small so all network devices were on the default VLAN. No other VLANS were defined.
To try to work around the subnet problem:
- I created a second VLAN - 10.1.12.0.
- I setup the VPN to connect to that VLAN
- I wired the server to LAN3 on the Cisco.
- I used Port Management > VLAN Membership and set Inter VLAN Routing to Disabled for both VLANS.
- For VLAN1 (10.1.10.0) I set LAN1 and LAN2 to untagged / LAN3 and LAN4 to excluded
- For VLAN2 (10.1.12.0) I set LAN1 and LAN2 to excluded / LAN3 and LAN4 to untagged
- For VLAN2 (10.1.12.0_ I set Device Management to disabled
The outside vendor can connect, access the GUI for router (which they shouldn't be able to) but not access the server on port 80.
The way it is setup, it should connect the vendor to my network, and they should just be accessing the 10.1.12.0 subnet. The server they need to access is 10.1.12.13 (static address, the only device on the VLAN besides the router). They can access the GUI of the router but not the server on port 80. Full disclosure - this server has (2) NICs. One has a static IP of 10.1.10.13 and the other 10.1.12.13. Basically, I need the server to be available to both subnets.
Am I missing something? Is what I want to do even possible? Not experienced with this.