Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
PCNSE
NSE
StrongSwan
802.1q tagging should not be of any concern, unless your plumbing a 2nd interface in the XP server and you want to route that over to the remote site. You diagram is clean , but how your explaining what your trying to accomplish not clear nor make any sense.The XP server will have two network interfaces, but I do not want to confuse the scope in this thread. One interface will be dedicated to connecting to the DSL modem.
2nd what you or what we are think you need is a simple site2site VPN from remote@boston to hub seattle. Right ?There is already a site-to-site IPSEC policy-based tunnel from Seattle to Boston. There are other resources on both end of the tunnel doing other work that require the IPSEC tunnel, but again, their scope will only make this more confusing.
3rd, I would highly advise NOT to use a 192.168.0.0/24 in any network design. You will most likely run into issues nor or later, and more so if you interface into any other external networks. Get off it now, and change it to let' s say 192.168.223.0/24 for example.I totally agree with you on this. However, there is a design requirement that after a modem is factory reset, we have to be able to access them from remote using the default IP of 192.186.0.1. Due to the inherent instability of DSL technology, we have to sometimes reset the modems to factory default state in order to restore operation to the line. We have to utilize " remote hands" at the data center in Boston as we have no actual staff there.
4th, what the heck is a modem ? We have no clue as to what the purpose of that device, is a modem really a modem ( modulate or de-modulate ) or are you really trying to SNAT ( source NAT ) from the remote@boston to the hub@seattle?The DSL modem interfaces the regular POTS line we get from AT&T to Ethernet. Specifically, we are using PPPoE (Point To Point Protocol over Ethernet) to connect to the Internet which is why I' m trying to figure out how to extend the VLANs from Boston back to Seattle. PPPoE is also a layer2 technology. We are not " NAT" ing at all in this scenario. The PPPoE connection from the modem' s Ethernet interface provides a live public IP address to the network interface on the XP server. If the XP server and the modem were local, we could use a simple straight-through Ethernet cable directly into the NIC on the XP server and the Ethernet interface on the DSL modem. Then plug in the POTS line from AT&T into the " DSL" or " WAN" port of the modem. PPPoE is negotiated and the XP box gets a public routable, dynamic IP address. Ultimate, our goal is to duplicate this process, but the modem and the XP server are remote from each other.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.