- CheckMates
- :
- Products
- :
- Quantum
- :
- Remote Access VPN
- :
- IPSec VPN with multiple subnets
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPSec VPN with multiple subnets
Hello,
I need some guidance on one of our IPSec tunnels. Right now it is up and running fine, but we need to add additional IP addresses on our internal net.
Current configuration:
Our internal=10.201.8.0-10.207.255.254 Their internal=10.199.101.0 /29
They have a single server at 10.199.101.2
I have a group created that we need to add to our internal. The group contains 9 static IP addresses for workstations that need to connect to 10.199.101.2. The 9 IP nodes in the group contain two different subnets (10.193.28.x addresses and 10.64.24.x addresses)
Is there a way to do this without creating a second VPN tunnel? Do we need to have all those static IP’s in the same subnet?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Create a network group, for example "my-VPNdoamin", add in this group all current and later created subnets.....which you are already doing....
Think in subnet terms and not in static IP terms...... the 2 subnets have to still be defined at the remote site too...
So when the tunnel negotiate is negotiated in subnets terms....not single hosts, on both side local and remote.
Then use security policy access control to "allow" or "deny" specific hosts access with service and application.
Yes, you can still create the VPN tunnel in indvidual single hosts (inside the VPN Domain group)....
but you have make sure every single host you add on your side HAS to be DEFINEDand added on the remote side too....
VPN tunnels parameters have to match exactly on both sides.....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Jason,
I will recommend you follow the steps provided by Sal_Previtera and make use of the VPN admin guide if needed. Also you cannot create two tunnel to the same remote peer.
