• February 24, 2025, 10:41:18 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: site to site vpn  (Read 5024 times)

bboyce

  • Level 1 Member
  • *
  • Posts: 2
site to site vpn
« on: July 21, 2010, 07:48:08 AM »
I have a dfl800 and need a little help with a site to site vpn I am trying to setup. I am setting up a vpn tunnel between my organization and another company for access to specific servers. We have a range of routable ip addresses available to use and I want to use a different ip for the tunnel than the one that we use as the primary outgoing ip(lets say it is 10.10.1.1 and I want to use 10.10.1.2 for the tunnel), is this possible? I am not using wan2 at the moment, could I use that one for the tunnel?

Lets say the connection is setup and the tunnel is good to go. How can I make sure that users wanting to get to server x.x.x.x on the otherside of the tunnel are then directed out the ip 10.10.1.2 instead of going through the primary outgoing interface.

Hopefully that all makes sense, thanks.
Logged

danilovav

  • Level 4 Member
  • ****
  • Posts: 424
  • Alexandr Danilov
Re: site to site vpn
« Reply #1 on: July 21, 2010, 12:05:06 PM »
Could you please make a network schema?
Logged
BR, Alexandr Danilov

bboyce

  • Level 1 Member
  • *
  • Posts: 2
Re: site to site vpn
« Reply #2 on: July 23, 2010, 05:11:13 AM »
My normal traffic goes out on 1.2.3.4, I want to create a secure tunnel to a vendor that only allows routable ip addresses into their dmz through the tunnel. I can't use 1.2.3.4 as the routable ip address to create the tunnel with because they offer other services we use that are not part of the secure connection. I need to use 1.2.3.5 for the tunnel to connect to the vendor over the secure conneciton and 1.2.3.4 for everything else.

Basically traffic going to 5.6.7.8 needs to use the secure tunnel on 1.2.3.5 and all other traffic needs to go out like normal on 1.2.3.4.

I am not using wan2 so I could assign 1.2.3.5 to that location but all the documentation I could find online about setting up a site to site vpn shows passing internal 192.x.x.x on both sides and the vendor doesn't allow non routable ip addresses. And I couldn't figure out how to make sure traffic intended for a specific IP could be routed through the tunnel.
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: site to site vpn
« Reply #3 on: July 26, 2010, 08:53:43 AM »
PBR tables will allow you to differentiate traffic through whatever routes you want.

There is nothing different about using a routable address in an IPsec tunnel, just be mindful of your routes, which you will have to be anywho due to the above.
Logged
non progredi est regredi