Screen OS

Hi All,

I would like to create a second VPN tunnel from several remote 5gt to a single NS208 at my data center. Currently the ns208 has a block of 8 public IP addresses. I have created VPNs to the ip assigned to the untrust interface but now need to create another VPN to on of the other IP addresses available in my block.

Can this be done with a MIP or sub interface perhaps? i've tried a few different things but am not making much progress

thanks

Just confirmed sub interface will not work because the new IP i want to use is in the same subnet as the untrust interface ... back to the drawing board i guess

I am not sure where to go next with this. i have reached the limit of my knowledge on this subject. If anyone else has any ideas that can point me in the right direction that would be great,

Hi!

Does it really make sense to create another VPN tunnel between the same devices? I cannot imagine a situation where it is required/usefull.

Theoretically you might do it this way:

1. "set ignore-subnet-conflict" on the VR, where the Untrust interface is located.

2. create a new loopback interface and assign a free public IP from the Untrust network: xxx.xxx.xxx.xxx/32.

3. repeat 1 and 2 on the remote GW because you cannot configure two remote GWs with the same IP. If there are no free IPs on the remote GW, you can try to configure this alternative GW as a one of the type "Dynamic IP".

4. Terminate VPN on the loopback interfaces.

Kind regards,

Edouard

Thanks for your input, after a week of tinkering i have come to the conclusion that i need to find another way to accomplish my goal. the problem with what i was tryingto do was that since it is a route based VPN, i can not point a route for a specific subnet to two different tunnels. so my intial idea was flawed from the start.

i willl start another post with the entire scenario and maybe someone can give me some insights into how to solve the problem.

thanks