cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

IPSec VPN with multiple subnets

Hello,

I need some guidance on one of our IPSec tunnels. Right now it is up and running fine, but we need to add additional IP addresses on our internal net.

Current configuration:
Our internal=10.201.8.0-10.207.255.254 Their internal=10.199.101.0 /29

They have a single server at 10.199.101.2

I have a group created that we need to add to our internal. The group contains 9 static IP addresses for workstations that need to connect to 10.199.101.2. The 9 IP nodes in the group contain two different subnets (10.193.28.x addresses and 10.64.24.x addresses)

Is there a way to do this without creating a second VPN tunnel? Do we need to have all those static IP’s in the same subnet?

Thanks!

0 Kudos
2 Replies

Re: IPSec VPN with multiple subnets

Create a network group, for example "my-VPNdoamin", add in this group all current and later created subnets.....which you are already doing....

Think in subnet terms and not in static IP terms...... the 2 subnets have to still be defined at the remote site too...

So when the tunnel negotiate is negotiated in subnets terms....not single hosts,  on both side local and remote.

Then use security policy access control to "allow" or "deny" specific hosts access with service and application.

 

Yes, you can still create the VPN  tunnel in indvidual single hosts (inside the VPN Domain group)....

but you have make sure every single host you add on your side HAS to be DEFINEDand added on the remote side too....

VPN tunnels parameters have to match exactly on both sides.....

0 Kudos

Re: IPSec VPN with multiple subnets

Jason,

I will recommend you follow the steps provided by Sal_Previtera and make use of the VPN admin guide if needed. Also you cannot create two tunnel to the same remote peer.

0 Kudos