Keeping same IP over VPN - Firewalls

This is a discussion on Keeping same IP over VPN - Firewalls ; We have four office locations that we need to VPN together all of them have NS5GT Firewalls. What we want at all four location is the same LAN IP scheme. For eg; 10.1.2.x scheme All locations have static WAN IP. ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Keeping same IP over VPN

  1. Keeping same IP over VPN

    We have four office locations that we need to VPN together all of them
    have NS5GT Firewalls. What we want at all four location is the same LAN
    IP scheme.

    For eg; 10.1.2.x scheme

    All locations have static WAN IP. What kind of VPN would be recommended
    and if possible steps to implement them at all four locations.

    Thanks


  2. Re: Keeping same IP over VPN


    johnny021@hotmail.com wrote:
    > We have four office locations that we need to VPN together all of them
    > have NS5GT Firewalls. What we want at all four location is the same LAN
    > IP scheme.
    >
    > For eg; 10.1.2.x scheme
    >
    > All locations have static WAN IP. What kind of VPN would be recommended
    > and if possible steps to implement them at all four locations.
    >
    > Thanks


    the sites must be on different subnets, use nat on your wan router,
    that wan you can connect via internal ip.

    Flamer.


  3. Re: Keeping same IP over VPN

    flamer die.spam@hotmail.com wrote:

    > the sites must be on different subnets,


    Right, therefore he could simply the following network addresses:

    Location A: 10.1.2.0 Netmask 255.255.255.192
    Location B: 10.1.2.64 Netmask 255.255.255.192
    Location C: 10.1.2.128 Netmask 255.255.255.192
    Location D: 10.1.2.192 Netmask 255.255.255.192

    The 4 subnets are /26 (64 addresses, 62 of them usable) but that might be
    enough.

    > use nat on your wan router, that wan you can connect via internal ip.


    One should avoid NAT when setting up VPN connections ...

    Wolfgang


  4. Re: Keeping same IP over VPN

    johnny021@hotmail.com wrote:

    > We have four office locations that we need to VPN together all of them
    > have NS5GT Firewalls.


    OK.

    > What we want at all four location is the same LAN
    > IP scheme.


    No, you don't want that. You want diffrent subnets. If you want to use
    10.1.2.x in any of the 4 locations, use 255.255.255.292 (/26) as the
    netmask.

    > For eg; 10.1.2.x scheme


    I'd definitely not recommend that. You'll need NAT and you really don't want
    NAT in a VPN. Use different subnets on all the locations.

    Wolfgang

  5. Re: Keeping same IP over VPN

    In article ,
    Wolfgang Kueter wrote:
    >johnny021@hotmail.com wrote:


    >> We have four office locations that we need to VPN together all of them
    >> have NS5GT Firewalls.


    >OK.


    >> What we want at all four location is the same LAN
    >> IP scheme.


    >No, you don't want that.


    johnny021 wrote that they want it, so yes, they *do* want it. They
    probably don't want all the problems that go along with it, but they
    might have some good reason in mind -- e.g., to make it easy to carry a
    computer between the four locations without having to reconfigure it at
    all. Or they might simply have been told by a PHB to do it that way.


    >> For eg; 10.1.2.x scheme


    >I'd definitely not recommend that. You'll need NAT and you really don't want
    >NAT in a VPN. Use different subnets on all the locations.


    In general, there is little more reason not to use NAT with a VPN than
    there is not to use NAT at all. If you do not happen to be using
    one of the protocols that NAT messes up, then you might as well,
    technically speaking, NAT your VPN traffic.

    There is certainly the point that using a VPN is often a way to -avoid-
    having to NAT traffic that NAT -does- mess up (e.g., host locations
    tracked by Microsoft domain registries), but that's not the issue
    in this situation in which the OP specifically asked to NAT.

    The OP did not ask for recommendations on how to get away without
    doing NAT: the OP asked for recommendations on how to do the NAT
    anyhow, and asked what equipment would be needed in order to implement it.

    I answered the poster in Cisco terms in comp.dcom.sys.cisco, which
    he had multiposted to (even though Cisco doesn't make NS5GT firewalls...)

  6. Re: Keeping same IP over VPN

    It doenst matter post has been posted to which group dont criticise it
    if you have a solution kindly provide else leave it.






    CK
    Walter Roberson wrote:
    > In article ,
    > Wolfgang Kueter wrote:
    > >johnny021@hotmail.com wrote:

    >
    > >> We have four office locations that we need to VPN together all of them
    > >> have NS5GT Firewalls.

    >
    > >OK.

    >
    > >> What we want at all four location is the same LAN
    > >> IP scheme.

    >
    > >No, you don't want that.

    >
    > johnny021 wrote that they want it, so yes, they *do* want it. They
    > probably don't want all the problems that go along with it, but they
    > might have some good reason in mind -- e.g., to make it easy to carry a
    > computer between the four locations without having to reconfigure it at
    > all. Or they might simply have been told by a PHB to do it that way.
    >
    >
    > >> For eg; 10.1.2.x scheme

    >
    > >I'd definitely not recommend that. You'll need NAT and you really don't want
    > >NAT in a VPN. Use different subnets on all the locations.

    >
    > In general, there is little more reason not to use NAT with a VPN than
    > there is not to use NAT at all. If you do not happen to be using
    > one of the protocols that NAT messes up, then you might as well,
    > technically speaking, NAT your VPN traffic.
    >
    > There is certainly the point that using a VPN is often a way to -avoid-
    > having to NAT traffic that NAT -does- mess up (e.g., host locations
    > tracked by Microsoft domain registries), but that's not the issue
    > in this situation in which the OP specifically asked to NAT.
    >
    > The OP did not ask for recommendations on how to get away without
    > doing NAT: the OP asked for recommendations on how to do the NAT
    > anyhow, and asked what equipment would be needed in order to implement it.
    >
    > I answered the poster in Cisco terms in comp.dcom.sys.cisco, which
    > he had multiposted to (even though Cisco doesn't make NS5GT firewalls...)



  7. Re: Keeping same IP over VPN

    In article <1166265744.134915.275030@l12g2000cwl.googlegroups. com>,
    CK top-posted, herein corrected:

    >Walter Roberson wrote:
    >> In article ,
    >> Wolfgang Kueter wrote:
    >> >johnny021@hotmail.com wrote:


    >> >> We have four office locations that we need to VPN together all of them
    >> >> have NS5GT Firewalls.


    >> The OP did not ask for recommendations on how to get away without
    >> doing NAT: the OP asked for recommendations on how to do the NAT
    >> anyhow, and asked what equipment would be needed in order to implement it.


    >> I answered the poster in Cisco terms in comp.dcom.sys.cisco, which
    >> he had multiposted to (even though Cisco doesn't make NS5GT firewalls...)


    >It doenst matter post has been posted to which group dont criticise it
    >if you have a solution kindly provide else leave it.


    Well, if you insist:

    http://groups.google.ca/group/comp.d...1d107046086985

    My answer was less than 2 hours after the OP's question, and I
    provided information about which equipment would or would
    not be able to handle the situation under various circumstances,
    "naming names" (and software versions.)

+ Reply to Thread