NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
externaluse
Dec 21, 2016Aspirant
Fritz Box 7490 to SRX5308 - VLAN over VPN
Hi, I hope you can help me. I've got a business network with an SRX5308, and home office with an AVM Fritz Box 7490. On the business side, I've got VLAN Default 10.0.0.0/24 VLAN 72 192.68.72.0/...
- Jan 10, 2017
Now I get what you wanted to accomplish: from Site A === passing through ===> MainSite === going to ===> Site B is not possible. It would be best if you just configure a VPN connection directly between Site A and Site B.
Regards,
DaneA
NETGEAR Community Team
externaluse
Dec 23, 2016Aspirant
Hi DaneA,
many thanks for taking the time to reply. I wasn't aware that I can define multiple VPN policies for the same IKE policy - thank you!
This has now worked for the 72 VLAN when I duplicate the VPN policy and specify that subnet.
What I cannot get to work now is the access to the business VPN tunnels. Is that supposed to work?
My design now looks like this:
MAIN SRX 10.0.0.0/24:
- VLAN 72 192.168.72.0/24
- Connected to SiteB (another SRX) 192.168.55.0/24
- Connected to SiteC (a Draytek) 192.168.100.0/24
My homeoffice is connected through the AVM Fritzbox, and is now capable of communicating with 10.0.0.0/24 and 192.168.72.0/24.
What I cannot get to work using the same methology is to access the remote VPNs on 55 and 100. Is that supposed to work the same way?
Thank you very much for your help!
I don't really expect a reply very soon for a good reason - I wish you and everyone reading this a Merry Christmas and some quality time with your families.
DaneA
Jan 08, 2017NETGEAR Employee Retired
Were you able to try to create new IKE/VPN policies (either by using the VPN Wizard or manual configuration) to be able to establish a VPN tunnel between the 55 and 100?
Regards,
DaneA
NETGEAR Community Team
- externaluseJan 08, 2017Aspirant
Unfortunately not. As I wrote:
"This has now worked for the 72 VLAN when I duplicate the VPN policy and specify that subnet.
What I cannot get to work now is the access to the business VPN tunnels. Is that supposed to work?"
Thanks for your time.
- DaneAJan 09, 2017NETGEAR Employee Retired
Is this how your VPN setup looks like:
On the Main site, the 3 WAN ports of the SRX5308 connects to a respective VPN tunnel as shown above.
Regards,
DaneA
NETGEAR Community Team- externaluseJan 10, 2017Aspirant
Hi DaneA
this is almost right, with the exception of only 1 (main) WAN port being used. WAN 2 is only a failover for the 100 Mbps line on WAN1. So all Tunnels terminate on WAN1.
VLAN 72 (192.168.72.0/24) is defined next to the default VLAN 10.0.0.0/24 on Main Site, and accessed from Site A, which is 192.168.178.0/24. This is working fine using your suggestion.
What I was wondering is if it is possible to access the tunnels (and if so, how) like this:
Site A to Site B via Main Site. It's been a little while, but I think I tried:
- Duplicating the working VPN policies from Site A to Main with a target network of 192.168.55.0
- Duplicating the working VPN policy from Site B to Main Site, with a target network of 192.168.178.0/24 (Site A).
That didn't seem to work as easily as accessing the VLAN from Site A.
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!