cancel
Showing results for 
Search instead for 
Did you mean: 

Separate External connections inter mutiple internal VLANs

Not applicable

Separate External connections inter mutiple internal VLANs

When we installed the external VPN device we were sim[ple looking for remote access. Since that time we have a lot more people connecting and there are some security concerns. In order to have more control over the internal resource we would like to separate the external connections into separate VLANs.

So for example a company resource connects they will be in VLAN 1 and a contractor connects in and they will be on VLAN 2. Now on my firewall I have more control over what resources VLAN 1 and VLAN 2 have access to internally.

To accomplish this I have created two new VLANs internally.

On the Mag2600 I need some guidance as to what settings need to be created as I cant seem to find any good documents outlining the requirements for this.

1. Do I need to have separate external IP address that they connect to in order to route this traffic? I have create them but am not sure if this is necessary since I could use the user role vlan assignment?

2. Do I need to create separate internal IP address on the separate subnets? If so it wont let me do this as it says that the virtual IP's are not part of the primary subnet.

3. Do I have to have one large subnet assigned to the mag say a /23 and then segregate it from there?

Appreciate if someone can point me in the right direction - after completed I will post results for future use. FYI - We are using a DHCP server, not via mag.

Thanks
John
Tags (1)
1 REPLY 1
Moderator

Re: Separate External connections inter mutiple internal VLANs

On the Mag2600 I need some guidance as to what settings need to be created as I cant seem to find any good documents outlining the requirements for this.

1. Do I need to have separate external IP address that they connect to in order to route this traffic? I have create them but am not sure if this is necessary since I could use the user role vlan assignment?
>>>You do not need multiple external IPs unless you want to segregate the inbound traffic as well

2. Do I need to create separate internal IP address on the separate subnets? If so it wont let me do this as it says that the virtual IP's are not part of the primary subnet.
>>>Yes, you will need to create new IPs on each of the VLANs. You will need to create the VLANs at System>Network>VLAN

3. Do I have to have one large subnet assigned to the mag say a /23 and then segregate it from there?
>>>If it can work without VLAN tagging, yes; otherwise, you will need to use the VLAN settings for each role