09-25-2012 06:04 AM - edited 09-25-2012 06:06 AM
How can I setup second VPN connection on untrust zone which has already another VPN interface?
If yes, can I use the same untrust IP address(wich I got from my ISP) as the first VPN using for the second tunnel or should I provide different IP address?
For example I have: 220.127.116.11 (UnTrust IP address).
Should I define : 18.104.22.168?Or can I use the 22.214.171.124.
I'm using ScreenOS WebUI Version: 6.2.0r5.0 (Firewall+VPN)
Thanks in advance,
Solved! Go to Solution.
09-25-2012 06:29 AM
Hi if you set up the tunnel and use unnumbered it borrows the ip address of the interface the tunnel is bound for. You can find out about this on kb4492
09-25-2012 06:34 AM
09-25-2012 07:01 AM
Thanks a lot for quick response, I did as you suggested, since there is first VPN interface defined on Policy, do I have to change or add another policy rule?
Thanks in advance,
09-25-2012 07:37 AM
Stac sorry, since I'm relatively new to the VPN/FireWall stuff and here in forum, how is secure to post all the configuration, is there any certain part from config file that do you want to see?
09-25-2012 07:47 AM
You could edit out the public ip addresses and any company names from the config.
If you want to set up another vpn, then yes you need another policy from your internal network to the clients network as the described in the kb article.
09-25-2012 09:34 AM
I got confused now, I have already Trust Zone define for the first VPN interface on plociy.
Trust ---> Untrust
Should I define additional policy for the same IP address: 192.168.0.0/24 ?
Is it makes sense?
09-26-2012 12:48 AM
I think you are mixing up VPN's and interface, they are two different things.
Do you want to create another interface? Or do you want to create a second vpn?
09-27-2012 06:12 AM
Where does the second vpn go to?
Did you set up a new network internally on your firewall for the new vpn?
09-27-2012 06:36 AM - edited 09-27-2012 07:41 AM
The second VPN should be to another external site.
I didn't set up network internally. I thought that I can use the same network which I have now for the first VPN.
09-27-2012 12:16 PM
Yes you can use the same internal network with a hub and spoke vpn, you should consider your firewall as the hub.
You can read about it in the following document