Asus SL1200 User Manual

122

Chapter 10 - Configuring VPN

ASUS SL1200

10.5.1.3 Establish Tunnel and Verify

• Ping continuously from a host in the LAN behind ISR1 to a host in the

LAN behind ISR2. The first few pings might fail. After a few seconds,

the host in the LAN behind ISR1 should start getting ping response.

10.5.2 Extranet Scenario – firewall + static NAT + VPN for VPN
traffic

In case of the extranet scenario, the networks protected by the routers

could be under different administrative authorities. Hence, there is a

possibility that the IP addresses of both networks are in the same subnet.

The typical extranet set up is shown in Figure 10.6.

Figure 10.6. Typical Extranet Network Diagram

Both networks behind the ISR1 and ISR2 are 192.168.1.0/2

55.255.255.0.

To avoid routing problems in such scenario, network IP addresses must be

mapped to different ones:

• Network 192.168.1.0/255.255.255.0 behind ISR1 is translated to

192.168.11.0/255.255.255.0 before VPN processing.

• Network 192.168.1.0/255.255.255.0 behind ISR2 is translated to

192.168.12.0/255.255.255.0 before VPN processing.