It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

Fully Transparent Tunnel Setup

  • Last updated on

The simplest site-to-site TINA VPN tunnel setup is a transparent connection of two networks with different address ranges. This setup should not be noticeable by the connected networks. The following figure illustrates a fully transparent VPN tunnel. This article provides example settings for creating a site-to-site TINA VPN tunnel for this environment. The article does not cover the routing configuration between both VPN servers. Unless overlapping addresses are used, the VPN tunnels do not interfere with the routing configuration.

trans_tn01.png

VPN Server 1 Settings

TabSettingValueComment
BasicTransport

UDP&TCP (or whatever is needed)

-

Encryption

AES (or whatever is needed)

May be unencrypted for intranet connections only aiming at routing assistance.

AdvancedTunnel Timeout 
  • For intranet: 10
  • For Internet-like connections: 30
-
Local NetworksCall DirectionActive or Passive 

Converse to the partner’s configuration.

Network Address

10.0.20.0/24

-
LocalIP Address or Interface Used for Tunnel AddressDynamic (via routing)

Only one IP address is assumed on the outside interface.

Remote Networks

Remote Network

10.0.21.0/24-
RemoteRemote Peer IP Addresses

192.168.3.101

-

VPN Server 2 Settings

TabSettingValueComment
BasicTransport

UDP&TCP (or whatever is needed)

-

Encryption

Same value as on the local side

May be unencrypted for intranet connections only aiming at routing assistance.

AdvancedTunnel Timeout 
  • For intranet: 10
  • For Internet-like connections: 30
-
Local NetworksCall DirectionActive or Passive

Converse to the partner’s configuration.

Network Address

10.0.21.0/24

-
LocalIP Address or Interface Used for Tunnel AddressDynamic (via routing)

Only one IP address is assumed on the outside interface.

Remote Networks

Remote Network

10.0.20.0/24-
RemoteRemote Peer IP Addresses

192.168.3.1

-

Access Rules

You must create Pass access rules on both systems to allow traffic between the local and partner networks.