NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

externaluse's avatar
externaluse
Aspirant
Dec 21, 2016
Solved

Fritz Box 7490 to SRX5308 - VLAN over VPN

Hi, I hope you can help me. I've got a business network with an SRX5308, and home office with an AVM Fritz Box 7490.

 

On the business side, I've got

VLAN Default 10.0.0.0/24

VLAN 72 192.68.72.0/24

other VLANS of no interest

VPN to another branch office SRX5308 as 192.168.55.0/24

 

Now ideally, I'm trying to access the default VLAN, VLAN 72 and the VPN to the 55 network from my Box at home. I've managed to get the Fritzbox to connect to the SRX (only took about a day playing with their stupid settings) but can't for example access the 72 VLAN.

The setting used on the Fritzbox (from their manual) is set as

accesslist = "permit ip any 10.0.0.0 255.255.255.0", "permit ip any 192.168.72.0 255.255.255.0";

 

Now, on the SRX I can only specify one local network in the VPN policy - how to I tell the SRX to allow access to the VLANs or VPNs?

 

Any help would be greatly appreciated.

Thanks

  • DaneA's avatar
    DaneA
    Jan 10, 2017

    externaluse,

     

    Now I get what you wanted to accomplish:  from Site A === passing through ===> MainSite === going to ===> Site B is not possible.  It would be best if you just configure a VPN connection directly between Site A and Site B.

     

     

    Regards,

     

    DaneA
    NETGEAR Community Team

12 Replies

  • DaneA's avatar
    DaneA
    NETGEAR Employee Retired

    Hi externaluse,

     

    Welcome to the community! :)

     

    Let me share this forum link.  Kindly read and try the suggestions indicated.

     

     

    Regards,

     

    DaneA
    NETGEAR Community Team

    • externaluse's avatar
      externaluse
      Aspirant

      Hi DaneA,

      many thanks for taking the time to reply. I wasn't aware that I can define multiple VPN policies for the same IKE policy - thank you!

       

      This has now worked for the 72 VLAN when I duplicate the VPN policy and specify that subnet.

       

      What I cannot get to work now is the access to the business VPN tunnels. Is that supposed to work?

      My design now looks like this:

       

      MAIN SRX 10.0.0.0/24:

          - VLAN 72 192.168.72.0/24

          - Connected to SiteB (another SRX) 192.168.55.0/24

          - Connected to SiteC (a Draytek) 192.168.100.0/24

       

      My homeoffice is connected through the AVM Fritzbox, and is now capable of communicating with 10.0.0.0/24 and 192.168.72.0/24.

      What I cannot get to work using the same methology is to access the remote VPNs on 55 and 100. Is that supposed to work the same way?

       

      Thank you  very much for your help!

      I don't really expect a reply very soon for a good reason - I wish you and everyone reading this a Merry Christmas and some quality time with your families.

      • DaneA's avatar
        DaneA
        NETGEAR Employee Retired

        externaluse,

         

        Were you able to try to create new IKE/VPN policies (either by using the VPN Wizard or manual configuration) to be able to establish a VPN tunnel between the 55 and 100?

         

         

         Regards,

         

        DaneA
        NETGEAR Community Team

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More