I have a corporate network that we'll add VPNs to:
The present configuration looks like this:
Internet | DSL Modem | Linksys BEFSR41 NAT Remote site | | WinProxy Computer Dedicated Line (Internet Gateway) | | | Router / LAN Gateway-----------+ | LAN | Clients
A new configuration to implement a site-to-site VPN might like this:
Internet | DSL Modem | Linksys BEFSR41 or ??? NAT Remote site | | | | +----------------+ | | | | WinProxy Computer VPN Router Dedicated Line (Internet Gateway) | | | | | Router / LAN Gateway-------+------------------+ | LAN | Clients
Another configuration might look like this:
Please view in a fixed-width font such as Courier.
Internet | DSL Modem | Linksys BEFSR41 or ??? NAT Remote site | | | | +----------------+ ------------+ | | | | | WinProxy Computer VPN1 Router VPN2 Router Dedicated Line (Internet Gateway) | | | | | | | Router / LAN Gateway-------+-------------+--------------+ | LAN | Clients
The clients have software installed that interface with one of the VPNs.
The Router / LAN Gateway directs traffic from the clients to the Internet Gateway for most things, to VPN1 or VPN2 routers depending on the application.
It appears that the Linksys BEFSR41 isn't going to support even one VPN passthrough. (It's there for a reason) So, I'm trying to find a similar device that will handle both one or two separate VPN applications. I believe the correct term is "VPN passthrough".
I'm reading what I can find to understand what to buy to replace the BEFSR41. The Linksys website says: The BEFVP41 allows upto 70 IPSec tunnels, but still only supports one IPSec connection at a time Another option suggested is BEVP41.
I'm not sure if I'm up against a fundamental limitation of how things work or just unsure of which replacement device would be appropriate. I get the impression that I *don't* want the Linksys or front end NAT device to do anything with the VPNs - just let them work. Is that what's referred to as "passthrough"? I also get the impression that a "tunnel" in the Linksys would be another thing and not what I want.
So, it appears my issue is: Can I implement more than one VPN through the NAT device at the same time? If not, what other options might there be (with a bias to keeping a NAT device at that location in the network topology).
Maybe some suggestions and pointers?