NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
externaluse
Dec 21, 2016Aspirant
Fritz Box 7490 to SRX5308 - VLAN over VPN
Hi, I hope you can help me. I've got a business network with an SRX5308, and home office with an AVM Fritz Box 7490.
On the business side, I've got
VLAN Default 10.0.0.0/24
VLAN 72 192.68.72.0/24
other VLANS of no interest
VPN to another branch office SRX5308 as 192.168.55.0/24
Now ideally, I'm trying to access the default VLAN, VLAN 72 and the VPN to the 55 network from my Box at home. I've managed to get the Fritzbox to connect to the SRX (only took about a day playing with their stupid settings) but can't for example access the 72 VLAN.
The setting used on the Fritzbox (from their manual) is set as
accesslist = "permit ip any 10.0.0.0 255.255.255.0", "permit ip any 192.168.72.0 255.255.255.0";
Now, on the SRX I can only specify one local network in the VPN policy - how to I tell the SRX to allow access to the VLANs or VPNs?
Any help would be greatly appreciated.
Thanks
Now I get what you wanted to accomplish: from Site A === passing through ===> MainSite === going to ===> Site B is not possible. It would be best if you just configure a VPN connection directly between Site A and Site B.
Regards,
DaneA
NETGEAR Community Team
12 Replies
- DaneANETGEAR Employee Retired
Hi externaluse,
Welcome to the community! :)
Let me share this forum link. Kindly read and try the suggestions indicated.
Regards,
DaneA
NETGEAR Community Team- externaluseAspirant
Hi DaneA,
many thanks for taking the time to reply. I wasn't aware that I can define multiple VPN policies for the same IKE policy - thank you!
This has now worked for the 72 VLAN when I duplicate the VPN policy and specify that subnet.
What I cannot get to work now is the access to the business VPN tunnels. Is that supposed to work?
My design now looks like this:
MAIN SRX 10.0.0.0/24:
- VLAN 72 192.168.72.0/24
- Connected to SiteB (another SRX) 192.168.55.0/24
- Connected to SiteC (a Draytek) 192.168.100.0/24
My homeoffice is connected through the AVM Fritzbox, and is now capable of communicating with 10.0.0.0/24 and 192.168.72.0/24.
What I cannot get to work using the same methology is to access the remote VPNs on 55 and 100. Is that supposed to work the same way?
Thank you very much for your help!
I don't really expect a reply very soon for a good reason - I wish you and everyone reading this a Merry Christmas and some quality time with your families.
- DaneANETGEAR Employee Retired
Were you able to try to create new IKE/VPN policies (either by using the VPN Wizard or manual configuration) to be able to establish a VPN tunnel between the 55 and 100?
Regards,
DaneA
NETGEAR Community Team
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!