NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Which firewall for static routing?
Hi, in our office we have two separated LANs:
- one VPN LAN, managed by a Cisco router which purpose is to connect us to our company VPN. No internet connection possible. IP Range: 10.12.65.0/24
- another totally separated LAN to connect to internet managed by a ADSL router, IP range 192.168.0/24
If you want to connect to VPN, you must use a cable to connect to LAN (you must manually set a 10.12.65.x IP address because no DHCP is present). If you want to connect to the internet you must detach the cable and connect to ADSL wifi (yes, unbelievable)
So, to get rid of this absurdity I would like to buy a firewall/router/something that can manage two different routes: if the destination IP is 10.0.0.0/8 (VPN hosts), routes to Cisco router. Otherwise (internet), to ADSL router.
In order to achieve this, what device should I buy?
Hi Spinubai,
I have inquired your concern to a higher tier support. Any of our current VPN firewalls mentioned in this data sheet supports static routing and can accomplish your goal. I also believe that your current router(s) can fit in to your requirements as well. However, for VPN to work, you will need add routes on the remote side. But from what you have mentioned, you have no control of the corporate VPN. This will not work, regardless of what device you have, for as long as you have no control over the remote side, in order to add the route on that end.
A simpler option is to add a secondary address, as long as they are on the same LAN for example, and then be connected to both. You would want to increase the metric for the secondary address so that the internet traffic does not flow out the VPN, but then they could use both resources together. Here is a simple guide to do so:
How to add a secondary IP address to a computer
Regards,
DaneA
NETGEAR Community Team
4 Replies
Hi Spinubai,
Welcome to the community! :)
Just want to know if your VPN connection with the Cisco router and the ADSL WiFI router have different Internet Service Providers?
Kindly check this link to check out the different models of NETGEAR VPN Firewalls.
About VPN connection between a NETGEAR VPN Firewall and a Cisco device, I have not yet encountered setting it up. However, these links I found online below might help as reference guides. Please take note that the NETGEAR devices used on these links are already EOL or End-of-Life but still applicable to be used as reference guides.:
Configuring a Site-to-Site IPsec VPN Tunnel between a Cisco ASA5520 and a NETGEAR FVS338
Netgear ProSecure UTM to Cisco ASA 5505 VPN Guide
Let me also share this link for further reference: NETGEAR's Index of VPN documentation
Regards,
DaneA
NETGEAR Community Team
Yes, we have two different ISPs. I saw the VPN firewalls you linked, but I cannot replace the Cisco Router, which is managed by our Company headquarters, with another device. I strictly need something to route to Cisco or to ADSL router depending on which is the destination IP range. Which is the most suitable router?
Hi Spinubai,
I have inquired your concern to a higher tier support. Any of our current VPN firewalls mentioned in this data sheet supports static routing and can accomplish your goal. I also believe that your current router(s) can fit in to your requirements as well. However, for VPN to work, you will need add routes on the remote side. But from what you have mentioned, you have no control of the corporate VPN. This will not work, regardless of what device you have, for as long as you have no control over the remote side, in order to add the route on that end.
A simpler option is to add a secondary address, as long as they are on the same LAN for example, and then be connected to both. You would want to increase the metric for the secondary address so that the internet traffic does not flow out the VPN, but then they could use both resources together. Here is a simple guide to do so:
How to add a secondary IP address to a computer
Regards,
DaneA
NETGEAR Community Team
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
