NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Fritz Box 7490 to SRX5308 - VLAN over VPN
Hi, I hope you can help me. I've got a business network with an SRX5308, and home office with an AVM Fritz Box 7490. On the business side, I've got VLAN Default 10.0.0.0/24 VLAN 72 192.68.72.0/...
Now I get what you wanted to accomplish: from Site A === passing through ===> MainSite === going to ===> Site B is not possible. It would be best if you just configure a VPN connection directly between Site A and Site B.
Regards,
DaneA
NETGEAR Community Team
Hi DaneA,
many thanks for taking the time to reply. I wasn't aware that I can define multiple VPN policies for the same IKE policy - thank you!
This has now worked for the 72 VLAN when I duplicate the VPN policy and specify that subnet.
What I cannot get to work now is the access to the business VPN tunnels. Is that supposed to work?
My design now looks like this:
MAIN SRX 10.0.0.0/24:
- VLAN 72 192.168.72.0/24
- Connected to SiteB (another SRX) 192.168.55.0/24
- Connected to SiteC (a Draytek) 192.168.100.0/24
My homeoffice is connected through the AVM Fritzbox, and is now capable of communicating with 10.0.0.0/24 and 192.168.72.0/24.
What I cannot get to work using the same methology is to access the remote VPNs on 55 and 100. Is that supposed to work the same way?
Thank you very much for your help!
I don't really expect a reply very soon for a good reason - I wish you and everyone reading this a Merry Christmas and some quality time with your families.
Were you able to try to create new IKE/VPN policies (either by using the VPN Wizard or manual configuration) to be able to establish a VPN tunnel between the 55 and 100?
Regards,
DaneA
NETGEAR Community Team
Unfortunately not. As I wrote:
"This has now worked for the 72 VLAN when I duplicate the VPN policy and specify that subnet.
What I cannot get to work now is the access to the business VPN tunnels. Is that supposed to work?"
Thanks for your time.
Is this how your VPN setup looks like:
On the Main site, the 3 WAN ports of the SRX5308 connects to a respective VPN tunnel as shown above.
Regards,
DaneA
NETGEAR Community TeamHi DaneA
this is almost right, with the exception of only 1 (main) WAN port being used. WAN 2 is only a failover for the 100 Mbps line on WAN1. So all Tunnels terminate on WAN1.
VLAN 72 (192.168.72.0/24) is defined next to the default VLAN 10.0.0.0/24 on Main Site, and accessed from Site A, which is 192.168.178.0/24. This is working fine using your suggestion.
What I was wondering is if it is possible to access the tunnels (and if so, how) like this:
Site A to Site B via Main Site. It's been a little while, but I think I tried:
- Duplicating the working VPN policies from Site A to Main with a target network of 192.168.55.0
- Duplicating the working VPN policy from Site B to Main Site, with a target network of 192.168.178.0/24 (Site A).
That didn't seem to work as easily as accessing the VLAN from Site A.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
