Site to Site VPN encrypted (1490 to 23900)

YS2019 · ‎2019-09-04

Hello,

I have 100 appliance of FW 1490,

and 1 Central FW 23900.

all my network on the same subnet 192.168.0.0/16

and the 10 appliance of 1490 are on my branches - 192.168.100-200.0/16

I need to build site to site VPN encrypted, when i need to allow network between the branches,

I set up VPN site to site for example.

1490 site - 192.168.100.0/24 to 192.168.0-100.0/16 and it work fine,

the problem is that i cant do 1490 (192.168.100.0/24) to all class B 192.168.0.0/16,

I use VPN domain on my 23900,

what is the best way to encrypt all site with site to site vpn and allow encrypted network between the branches,

for example i need 192.168.100.0/24 to talk with 192.168.105.0/24

Thanks

Maarten_Sjouw · ‎2019-09-04

It sounds as if you are not managing the 1400's from the same management?
What you are trying to achieve is not good practice, creating a network with overlapping ranges.
I would instead try to split the offnet locations into the second part of the /16 and split the network into 192.168.0.0/17 and 192.168.128.0/17 and use /24's out of the latter to assign to the locations, this way your 23900 has the first 127 networks assigned to it in the VPN domain and each 1490 (100 or 10?) starting from 192.168.128.0/24. Or when you only have 10 just assign 192.168.128/18 to the central site as well and use 192.168.192/18 to split into /24's for the offnets, you then have 64 networks available for future growth.

Regards, Maarten

Are you a member of CheckMates?

Site to Site VPN encrypted (1490 to 23900)