Remote lan access to mobile VPN client network

I have a rather odd situation where I need access to a resource on a client side network, when said client is connected via Mobile VPN.

Normally, when a client connects to our Firebox, they can access all our resources but in this case, we need to access a resource on their end when they connect:

Main office Firebox (192.168.15.0/24) <---Mobile VPN IPSec (192.168.18.100) --->Remote client network (192.168.1.0/24) ---> Printer

I need access from the main office to a respurce on the remote client network.
Is that at all possible?

Comments

  • Here is the only way that I can see a way to test this:
    1) split tunneling mode on the Mobile VPN IPSec setup in Fireware
    2) the 192.168.1.0/24 subnet can not be used anyplace in the Firebox config
    3) add a route on the firebox for the 192.168.1.x printer IP addr with the Mobile VPN IPSec client IP addr (192.168.18.100) as the gateway
    4) make sure that the client PC firewall would not deny packets from 192.168.15.0/24
    5) make sure that any needed firewall policies exist for the packets to the 192.168.1.x printer

  • If this does not work, then possibly you could set this up as a BOVPN type connection.

  • Thanks for the suggestion Bruce. I'll give it a bash.

Sign In to comment.