Hi group.
Well we have gone ahead and rented space from a second data center for our new DR site.
What we are going to do is replicate all of our virtual machines from SiteA to SiteB. These virtual machines will be replicated identically meaning that their lan addresses of 192.168.1.X will not be changing. In the event of a disaster, our plan is to switch over to siteB by powering up the virtual machines and simply changing external DNS to the new routable IP addresses and having NAT preconfigured on the SiteB astaro.
This is where some difficulty comes in.
We have an astaro to astaro VPN setup.
SiteA (production) uses LAN Addresses in the 192.168.1.X range.
SiteB (DR) uses LAN addresses in the 192.168.2.X range, but only for the equipment that the VM's and will reside on. The VM's themselves will be 192.168.1.X.
So, I reconfigured the astaro inside interface to ethernet vlan and made the appropriate changes on my switch. Servers on both networks at site B (1.X and 4.x) can get out to the internet, but my 4.X network will no longer communicate over the VPN to site A, because it is confused with two 1.X networks now.
I'm thinking this is easily solved with 2 physical firewalls, but obviously I don't want to do that if I don't have to.
What I need to do is tell the astaro that all my devices on 4.X network at site B, when they need to communicate with 1.X, they should use the vpn and not the direct connection on the astaro itself.
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
