Announcement

Collapse
No announcement yet.

Second VPN tunnel question

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Second VPN tunnel question

    Hello,

    We have two Cisco 2801 routers, one in each office which are in physically separate sites. They are running the latest releases and firmware.

    Site A has a T1 (1.5MB) Internet connection; Site B has a 3/1 MB DSL using PPPoA protocol.

    Site A connects to Site B via a VPN tunnel which is active and working fine. Site A gateway IP has a private IP ending in 0.2 Site B Gateway has a private IP ending in 1.2.

    We have installed HWIC expansion cards in both 2801 routers and have connected identical Internet connections as described above, so Site A now has two T1 connections and Site B has two DSL connections. We want to bring up a second VPN tunnel over the two new Internet connections and use this pipe exclusively for SIP phone traffic. In this case, Site A would have a Gateway private IP ending in 0.3 Site B would have a Gateway private IP ending in 1.3.

    Concept is data would be routed to x.2 Gateways and SIP phone traffic would be routed via x.3 Gateway keeping them separate.

    While Site A has two different public IP's on the T1, the modems on the Site B DSL connections supply the same private IP on their private side (192.168.0.1) into the router on Site B. I am told that as long as this condition exists a second VPN cannot be made active. According to the DSL provider they cannot change the IP's to anything different.

    In my mind, routing is done by interface, not IP, but I do not have the expertise to argue this.

    Is it possible to bring up a second VPN tunnel under these conditions. If so, how?

    Thanks.
    Last edited by shadragon; 4th January 2010, 17:51.

  • #2
    Re: Second VPN tunnel question

    I would be very surprised to find that the internal IP's could not be changed..

    I suspect you need to either get past the 1st tier of support or have them give you access to the modems.

    Comment


    • #3
      Re: Second VPN tunnel question

      Can't the modem be placed in bridge mode?
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: Second VPN tunnel question

        >>In my mind, routing is done by interface, not IP, but I do not have the expertise to argue this.

        Routing is a layer 3 technology, and IP is layer 3. Routing is indeed done according to IP, more specifically the destination IP (unless you're doing policy routing and then the source can be taken into account as well). If you want traffic to exit a particular interface, then you can do so using static routing, filtering, and/or manipulation of the routing protocol parameters (this depends on the routing protocol in use and the layer 1/2 technologies).
        Scott Pickles
        Systems Engineer
        VPN Systems, Inc.
        www. vpnsystems. com
        *******************
        CCNA - CCDA - BCMSN

        Comment

        Working...
        X