L2TP connection while active IPsec VPN
I'm new to WatchGuard and also to the community and would like to start with a question about IPsec in combination with L2TP.
For a better understanding, I use fantasy IPs and names to better describe the problem.
We have two branches over here:
- Branch A with a firebox and a public IP address of 18.104.22.168
- Branch B with a firebox and public IP address 22.214.171.124
For branch A also L2TP Mobile Client VPN is configured --> reachable at vpn.address.com (using the same public IP address 126.96.36.199) where 10.10.10.0/24 is configured as internal subnet.
Clients which want to connect to the VPN receive an IP address within this subnet by the firebox.
Branch A and B are connected with each other via an IPsec VPN tunnel (using the IPs 188.8.131.52 and 184.108.40.206 for Phase 1 of the IPsec VPN) for other business cases.
The access on both sides of the VPN to the different subnets is working well.
Now a client of branch B needs to connect to the L2TP subnet of branch A. I think a possible way to realize this, is to make sure that the client doesn't use the IPSec VPN but using the public internet connection to reach 10.10.10.0/24 while connecting to vpn.address.com. As the external interface (internet) is using the same IP 220.127.116.11 as the VPN (vpn.address.com) I'm not sure on how to configure this without disturbing the communication on the part of the IPSec VPN.
Do you guys get what I'm talking about and do you have an idea on how to configure this properly?
Path the connection should take (in my opinion):
Client of Branch B: 192.168.10.10 --> connect to vpn.address.com --> establish connection to vpn.address.com: 18.104.22.168 trough the internet --> forward the client request to 10.10.10.0/24 --> receive an IP address within this subnet --> connected
If it's possible to share a screenshot with you I can also sketch it for you.
Thank you very much.