Keeping same IP over VPN

Discussion in 'Cisco' started by johnny021@hotmail.com, Dec 14, 2006.

  1. Guest

    We have four office locations that we need to VPN together all of them
    have NS5GT Firewalls. What we want at all four location is the same LAN
    IP scheme.

    For eg; 10.1.2.x scheme

    All locations have static WAN IP. What kind of VPN would be recommended
    and if possible steps to implement them at all four locations.

    Thanks
     
    , Dec 14, 2006
    #1
    1. Advertising

  2. In article <>,
    <> wrote:
    >We have four office locations that we need to VPN together all of them
    >have NS5GT Firewalls. What we want at all four location is the same LAN
    >IP scheme.


    >For eg; 10.1.2.x scheme


    >All locations have static WAN IP. What kind of VPN would be recommended
    >and if possible steps to implement them at all four locations.


    You posted a question involving Checkpoint firewalls to a Cisco
    newsgroup, so I will answer in terms of Cisco equipment.

    With Cisco PIX, ASA, FWSM, or regular Firewall Feature Set on
    routers, you would not be able to do this if all of the NS5GT
    are connecting to the same interface via IPSec, and if all of the
    NS5GT are sending the same untranslated IP range to the Cisco
    equipment. You could possibly get things to work under those
    conditions if the NS5GT could connect out via PPTP to the
    Cisco device: each PPTP connection would be allocated a different
    point-to-point link address.

    If you can get the NS5GT's to NAT the IPs as they send it over
    the VPN towards the Cisco equipment, each NS5GT to a different
    source address (or source net), then all of the Cisco equipment
    types listed above would be able to handle the situation.

    However, if you were to use the Cisco equipment as a hub to
    cross-connect the traffic for the four offices, all tunneling to the
    same interface, then you would you would need a relatively new IOS
    version for the Cisco routers (12.4 probably, 12.3T just might have
    the capability), and you would need PIX software version 7.x
    (which is not available for all the PIX models currently being sold.)

    Cisco has example configurations of setting up VPNs when there are
    overlapping address ranges, and a few times in the past I have posted
    PIX configurations for this purpose. I have not, though, posted
    any hub-and-spoke configurations.

    Cisco has a feature in newer router IOS versions, DMVPN,
    Dynamic Multipoint VPN, which would be well suited for a spoke and
    hub configuration, but it probably requires Cisco equipment at all
    points.


    If you are asking about cross-connecting the four NS5GT -without-
    using any additional equipment, then you have asked in the wrong
    newsgroup ;-)
     
    Walter Roberson, Dec 14, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Odhammar

    PIX VPN-VPN thru same interface

    Odhammar, Nov 4, 2003, in forum: Cisco
    Replies:
    9
    Views:
    620
    Walter Roberson
    Nov 6, 2003
  2. Deebrief

    Re Keeping 2 websites live at same time

    Deebrief, Apr 27, 2006, in forum: Computer Support
    Replies:
    5
    Views:
    354
    Deebrief
    Apr 28, 2006
  3. pasatealinux
    Replies:
    1
    Views:
    2,105
    pasatealinux
    Dec 17, 2007
  4. Theo Markettos

    VOIP over VPN over TCP over WAP over 3G

    Theo Markettos, Feb 3, 2008, in forum: UK VOIP
    Replies:
    2
    Views:
    1,026
    Theo Markettos
    Feb 14, 2008
  5. ensnare
    Replies:
    0
    Views:
    1,658
    ensnare
    Jan 24, 2009
Loading...

Share This Page