We have four office locations that we need to VPN together all of them have NS5GT Firewalls. What we want at all four location is the same LAN IP scheme.
For eg; 10.1.2.x scheme
All locations have static WAN IP. What kind of VPN would be recommended and if possible steps to implement them at all four locations.
Thanks
the sites must be on different subnets, use nat on your wan router, that wan you can connect via internal ip.
Flamer.
Right, therefore he could simply the following network addresses: Location A: 10.1.2.0 Netmask 255.255.255.192 Location B: 10.1.2.64 Netmask 255.255.255.192 Location C: 10.1.2.128 Netmask 255.255.255.192 Location D: 10.1.2.192 Netmask 255.255.255.192
The 4 subnets are /26 (64 addresses, 62 of them usable) but that might be enough.
One should avoid NAT when setting up VPN connections ...
Wolfgang
OK.
No, you don't want that. You want diffrent subnets. If you want to use
10.1.2.x in any of the 4 locations, use 255.255.255.292 (/26) as the netmask.I'd definitely not recommend that. You'll need NAT and you really don't want NAT in a VPN. Use different subnets on all the locations.
Wolfgang
johnny021 wrote that they want it, so yes, they *do* want it. They probably don't want all the problems that go along with it, but they might have some good reason in mind -- e.g., to make it easy to carry a computer between the four locations without having to reconfigure it at all. Or they might simply have been told by a PHB to do it that way.
In general, there is little more reason not to use NAT with a VPN than there is not to use NAT at all. If you do not happen to be using one of the protocols that NAT messes up, then you might as well, technically speaking, NAT your VPN traffic.
There is certainly the point that using a VPN is often a way to -avoid- having to NAT traffic that NAT -does- mess up (e.g., host locations tracked by Microsoft domain registries), but that's not the issue in this situation in which the OP specifically asked to NAT.
The OP did not ask for recommendations on how to get away without doing NAT: the OP asked for recommendations on how to do the NAT anyhow, and asked what equipment would be needed in order to implement it.
I answered the poster in Cisco terms in comp.dcom.sys.cisco, which he had multiposted to (even though Cisco doesn't make NS5GT firewalls...)
It doenst matter post has been posted to which group dont criticise it if you have a solution kindly provide else leave it.
CK Walter Robers> > > snipped-for-privacy@hotmail.com wrote:
In article , CK top-posted, herein corrected:
Well, if you insist:
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.