(EDIT) i've realised this question looked quite complex so here's the simple version with the full detail in the remaining paragraphs.
Simply, can I have a VPN endpoint on Eth4 (External) with a local network of Eth1 (also external) and still be able to access the tunnel from Eth0 (LAN)? If so what do I need to configure? (I already have the tunnel working but can't access it from LAN)
My original question with more detail is below.
Hi I'm in the process of replacing our existing security solution with an Astaro ASG 220 cluster and the design of our legacy network has left me with a dilema regarding IPSEC VPN's, attached is a diagram losely outlining our current setup with L representing our LAN subnet and X and Y representing 2 sets of external addresses we own.
Below that is the setup I'm aiming for with the ASG cluster replacing both routes.
Now the issue I have is that we have IPSEC VPN's coming in on the ADSL line with an endpoint of Y.Y.Y.194/28 and an internal network of X.X.X.96/27. Which gives us the benefit of having it available to all our LAN IP's without actually using our LAN as the internal network as we do on the leased line.
I've managed to configure a tunnel on the ASG cluster using Eth4 as the endpoint and eth1 as the internal network which connects but I'm unable to access it from my LAN
so I guess the question in all this is, is whether this will work and I'm just missing a route or whether I'll need to either expose our internal LAN as the internal network (which I know is an issue with at least 1 customer due to a conflict) or is their another solution available (having the internal network in a DMZ? but I'm not familiar with configuring this setup)
Thanks in advance
Mark
This thread was automatically locked due to age.
