VPN To Second Subnet Problem...

  • Thread starter Thread starter Bill
  • Start date Start date
B

Bill

Hello,

I've been working on this issue for over a month now, and have come to
seek some help. I've drawn out a diagram of our current network and
have included as much information / details as possible.

http://www.tulencomputers.co.uk/network.jpg

Our company network has been modified over many years, and although it
would be better to completly redesign it, it is not currently an
option. Your help is greatly apreciated, and thank you all in advance.

Regards,

Bill Williams
 
---Cause of problem.---
LAN2 cannot get past the NAT1. Nothing actually wrong,..it is just the way
NAT is designed to work. This is the wrong place for NAT to exist.

---Solution---
NAT1 must be eliminated and its position replaced by VPN1. VPN1 has its
192.168 address replaced with a 10.0.0.x address. This gives a "clean" VPN
path between the two LANS.

The Static Route on NAT2 will be eliminated and replaced by a Static Route
on Client B (all of them) that says:

"All traffic to 10.0.3.x must be sent the the VPN1 (10.0.0.x) address."

NAT2's external side will connect only to Cable Modem and no longer VPN1.

---Summary---
In your diagram, you would delete NAT1 and slide VPN1 down into its place.
Remove one of NAT2's arrows so that it no longer goes outbound to VPN1, but
only goes outbound to Cable Modem. Adjust all addresses, Rules, and Routes
accordingly.

This is the only logical way I can see this working that doesn't become so
hopelessly convoluted that no one would understand it.
 
Back
Top