Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
667
Views
0
Helpful
2
Replies

Multiple IPSEC Tunnel on Multiple WAN ports

smbsupport
Level 1
Level 1

‎07-03-2016 03:29 PM - edited ‎03-05-2019 04:21 AM

Hi,

We're looking for a possible solution to a problem we have connecting  to different sites.

We currently have a draytek router that has a constant LAN to LAN IPSEC tunnel to an external firewall but now we need to have a an option to create a second IPSEC connection to the same firewall but different servers (natting happening on the other end which we have no control over). The work around for this given to us is to have a 2nd router/external IP which then connect via ipsec to the firewall.

I'm wondering if it's possible to get a router/firewall with 2 WAN ports and configure each wan port with one of the 2 external IP's, have all the local users connected to WAN1 with a LAN2LAN ipsec and then create rules to allow certain individual ips on the internal range to be able to dial another ipsec tunnel via WAN2 while still connected to WAN1?

Ideal solution im looking for:

192.168.0.0/24 --> lan to lan IPSEC tunnel to firewall via WAN1

have 10 IPS with 192.168.0.x -->lan to lan IPSEC to firewall via WAN1 and on demand dial up IPSEC to firewall via WAN2

In my head this seems doable but just want to confirm or if anyone has better ideas i'd appreciate the input, we have not bought any hardware for this yet so again any recommendations for a basic user will be greatly appreciated!

hope this makes sense.

Mo

Labels:
0 Helpful
2 Replies 2

cwhite0013
Level 1
Level 1

‎07-03-2016 05:02 PM

Hello,

Just to be clear on what you are trying to accomplish. You currently have an L2L setup that encrypts traffic from your local subnet 192.168.0.0/24 to the remote end. Now you would also like to have traffic from another subnet, for example 192.168.1.0/24, to be sent over the tunnel. Is that correct? If so, you basically just need to define the the new subnet in your interesting traffic ACL and make sure you no NAT that traffic.

0 Helpful

smbsupport
Level 1
Level 1
In response to cwhite0013

‎07-04-2016 02:25 AM

Hi cwhite0013,

Thanks for getting back to me and apologies for not being clear.

The first assumption is correct, we have an L2L setup that encrypts traffic from your local subnet 192.168.0.0/24 to the remote end, but what were trying to achieve is to have the around 10 users/IP on the same subnet to also be able to have a client based IPSEC dial up to another remote end via a second WAN port with different external IP address.

Reason for this is that the remote end cannot accept 2 IPSEC requests on the same IP if there is a L2L already in place from the same IP source. 

Hope that clarifies things.

0 Helpful
Customers Also Viewed These Support Documents