home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.dcom.vpn      VPN protocols, clients, awesomeness      2,348 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 1,623 of 2,348   
   Mike Drechsler - SPAM PROTECTED EMA to Gert Wurzer   
   Re: VPN between 3 zywalls   
   24 May 05 16:04:39   
   
   From: mike-newsgroup@-DELETETHISPART-.upcraft.com   
      
   Gert Wurzer wrote:   
   > Hi!   
   >   
   > Maybe anyone knows a soultion for the following problem:   
   >   
   > I want to establish a VPN between a headquarter and 2 offices (3   
   > different IP subnets). Each location uses a zywall as internet router   
   > and firewall.   
   >   
   > First, obviously it's impossible to create 2 VPN rules at the   
   > headquarter, each of them connecting to one office, because the local   
   > subnets of the 2 rules would overlap.   
   >   
   > On the other side, when I share one VPN rule at the headquarter for   
   > both clients, using 0.0.0.0 for the client IP adress (and vice versa)   
   > as it's described in the zywall documentation, it's only possible to   
   > initiate the connection from the client side. This doesn't cover my   
   > needs. I need to initiate the connection from both sides!   
   >   
   > So, are there any other possibilities to master such a scenario with 3   
   > zywalls?   
   >   
   > Any help would be greatly appreciated,   
   > best regards, Gert   
   >   
      
      
   You can create 1 tunnel to each location with fixed IP's can't you?   
      
   Do you want the 2 offices to be able to see each other?  If so then you   
   either need to make a separate tunnel connecting 1 office to the other   
   or you need to setup your IP subnets in such a way that all traffic for   
   the other office goes through the central location first.   
      
   Also it's not obvious that you cannot create 2 VPN rules to the same   
   location.  In many routers this works.  I have setup a VPN where there   
   were 5 separate and distinct tunnel connections between the same 2   
   routers.  If your router supports multiple subnets over the same tunnel,   
   it's actually going to create separate security associations for each   
   subnet pair, but it hides these details from you.   
      
   --   
   WARNING!  Email address has been altered for spam resistance.   
   Please remove the -deletethispart-. section before replying directly.   
   Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca