Hello everyone, I've been lucky enough to be assigned the task to change the settings on a firewall (Clavister 8.81) for an upgrade in internet connectivity. There are two sites, each with his own line, that talk to each other via a VPN configured at firewall level (both Clavister). Due to the upgrade we got two new routers with new public IPs. The whole thing should just boil down to change the public IP on the firewall configuration and be done, but some problems surfaced. The router guy told me that he can't configure the new routers (Cisco) in the same way as the old ones. Result: I can't make head or tail in the configuration. I know firewalls but I'm not an expert and had never heard of this Clavister product before, let alone used it. What I need to know is if the proposed configurations (by the router guy) are usable to estabilish a VPN or not, and if yes, how.
Here's the configuration at the moment (the working one) on both routers: Router: Public ip on the port that talks to the firewall (the address is the network base) Firewall: Public IP on the port that talks to the router (first address on the available pool) Private IP on the port talking to LAN (on the same subnet)
The above works, but the router guy tells me that he can't do it. Here are the configurations he created and that I couldn't put in working status.
A) On one site: Router: Public ip on the port that talks to the firewall (the address is the network base) Firewall: Public IP on the port that talks to the router (first address on the available pool) Private IP on the port talking to LAN (on the same subnet on the LAN itself)
On the other site: Router: Private ip on the port that talks to the firewall (different subnet than the LAN (192.168.3.x vs 192.168.1.x) Firewall: Private IP on the port that talks to the router (same subnet as the router but different than the LAN) Private IP on the port talking to LAN (on the same subnet as the LAN itself)
B) On both sites: Router: Private ip on the port that talks to the firewall (on the same subnet as the LAN itself) Firewall: Private IP on the port that talks to the router (on the same subnet on the LAN itself) Private IP on the port talking to LAN (on the same subnet on the LAN itself)
In case A both sites can access the internet but the VPN can't be estabilished. In case B I had problem in accessing the internet in the first place, had to change the default gateway on the machine I was testing from and point directly to the router (I first had to move the cable from the wan port on the firewall to the switch otherwise the router was unreachable) thus bypassing the firewall for outgoing traffic (bad thing). I dropped the ball at this point. I tried several configuration but I suspect that the with these configuration the VPN simply can't go on (and maybe they break other things too). Or maybe, given my low experience, I am doing something wrong. Any ideas?
Thanks Ettore