Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Subscribers 28 subscribers
  • Views 4437 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-to-Site VPN behind DSL Router

marco_47d

Hello, 

i am facing the situation to build a site to site vpn to our HQ. In the branch office we just have a DSL Connection with DSL Router. 

The DSL Router get the public ip an is connected to the XG Firewall using a private network like 192.168.1.0/24 

 

When i initial a site to site configuration i need give the Interface of the local VPN Tunnel start point so that will be my LAN Interface with

a private ip from 192.168.1.x network. Will the VPN work ? Cause the 192.168.1.x network will be natted behind the DSL Router. When i would

use a RED Device i think its not a problem to place it in the local private network and let it build the connection automatic but i am not sure how

that works with the site to site VPN. 

 

Would be great to get help in that point. The DSL Router we use is a fritzbox 7590.

 

Thanks an regards

Marco



This thread was automatically locked due to age.
Parents
  • +1

    Site to site and red works similar, just that the red saves you from getting fixed IP in the "red site", and you can you simple router in the "red site"

    Each site has a different LAN IP, and the site to site or red will route the "other site" IP to be used locally.

  • 0 in reply to Hayim Caspy

    Hello, i think i need some more help in that topic. My HQ has a fix ip and my branch has a DSL Connection with dynamic ip. 

    I need a solution to build a site to site vpn tunnel betwenn both locations. I was thinking about using DynDNS feature of Sophos

    for the branch office but i am not sure if i understand that feature correct. I not see that the hostname i can choose for the dyndns

    will be verified. There is just the need to use xyz.myfirewall.co what happend if 2 customer use the name hostname ? How will be a check

    that this is not happening and in generell is the feature a good way to connect site-to-site with dynamic ip ? 

     

    BR

    Marco

Reply
  • 0 in reply to Hayim Caspy

    Hello, i think i need some more help in that topic. My HQ has a fix ip and my branch has a DSL Connection with dynamic ip. 

    I need a solution to build a site to site vpn tunnel betwenn both locations. I was thinking about using DynDNS feature of Sophos

    for the branch office but i am not sure if i understand that feature correct. I not see that the hostname i can choose for the dyndns

    will be verified. There is just the need to use xyz.myfirewall.co what happend if 2 customer use the name hostname ? How will be a check

    that this is not happening and in generell is the feature a good way to connect site-to-site with dynamic ip ? 

     

    BR

    Marco

Children
  • +2 in reply to marco_47d

    Hi  

    If you have a dynamic IP, you can configure * in the remote gateway in IPsec VPN policy at Headoffice and Initiate the tunnel from the Branch office. Please also configure Local and Remote ID (IPaddress) at IPsec configuration at HO and BO.

    HO Local ID: 1.1.1.1
    HO Remote ID:2.2.2.2

    BO Local ID: 2.2.2.2
    BO Remote ID:1.1.1.1

  • +1 in reply to marco_47d

    You don't need any dynamic DNS for this type of setup, have the VPN definition at the core to be setup with it's Gateway type to be  "Respond only" and the edge site's VPN as "initiate the connection". At the core have the remote gateway address set as "*", use an "ID Type" as a private IP Address (for example) on both ends and matching Pre-Shared key. I use this sort of setup often for 4G sites so it will work for yourself.

     

    Regards