1 Reply Latest reply on Sep 22, 2011 10:29 PM by rcamm

    Multiple WAN IP's SG560



      We have a SG560 (firmware 3.1.4u5). The setup is pretty simple. we use pppoe on Port B and get a fixed IP (x.x.x.229) direct from provider. In front of the SG560 there is a Zyxel router in bridged mode. the 4 ports on the SG560 are configured in switche-mode, attached to the LAN switch. Our provider gives us 2 fixed ip's, "x.x.x.229 + x.x.x.230". So the first ip is alredy taken by Port B (pppoe).


      Now, a new device will be set into the network. it's a vpn router with 2 interfaces. one interface should direct be facing the internet with fixed IP "x.x.x.230". the other interface should be in a DMZ. Clients from the LAN should be able to connect via this vpn-device to external partner (remotedesktop). And yes, the appliance MUST be configured with the second fixed ip from provider.


      The first step for me I guess is to change the 4 Port switch on the SG into a 1 LAN and 3 isolated Ports device, right? For the DMZ Port I have no problems, also setting the Packet Filter for it. But how do I pass the second available IP of the provider to the first interface of the vpn-appliance? I do not get it. Any ideas?


      How about this?
      Port B: PPPoE DHCP fixed IP from provider -> x.x.x.229
      Port 1: LAN, internal XP Vista 7 clients -> 172.16.x.x
      Port 2: DMZ, for second interface of vpn appliance -> 192.168.x.x
      Port 3: WAN, first fixed ip from provider -> x.x.x.229  -> connected to an independent switch


      Port 1: WAN, second fixed ip from provider -> x.x.x.230 -> connected to the independent switch above
      Port 2: DMZ, connected to Port 2 of SG560


      Will this work? Other ideas are very welcome.

      Thank you.


      Nachricht geändert durch skratchi on 22.09.11 01:56:35 CDT
        • 1. Re: Multiple WAN IP's SG560

          This scenario is a bit complex for this forum to be able to provide you with a solution, but I can point you down possible paths.


          your proposed solution will not work.


          The problem is how to get the VPN WAN packets onto the PPPoE link.


          You can't use bridging because it is PPPoE. And you can't use routing with just the 2 addresses


          options are from the information we have:


          1. More publically routable addresses on a different subnet that you can route through to the VPN router


          2. Give the VPN device a private address and use 1-1 NAT.


          3. Don't use the 3rd party VPN device and terminate the VPN's on the ITM device


          Hope this helps you down the right path