NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
SRX5308 VPN and double WAN
Hello, So I have a SRX5308 configured with 2 WAN for load balancing. Here's my network : I want to set up a VPN. I follow different tutorials and it doesn't work. When I open the tunned i...
Going back to the network diagram you posted, you mentioned that the two devices connected to the ISPs are switches. I believe these switches are Layer 3 switches which are connected to the WAN ports of the SRX5308. The WAN IP address that is registered on the SRX5308 are Private IP Addresses. With regard to this, I'm afraid it seems that the client-to-box VPN you want to achieve is not possible with your current network setup.
For client-to-box VPN to work, refer to the network setup below as an example:
The local IP address of the Remote PC or laptop where the ProSAFE VPN Client software is installed should be different from the local subnet of the SRX5308. Based from the network diagram you posted, the local network address of the SRX5308 is 192.168.1.0, so the local IP address of the Remote PC or laptop where the ProSAFE VPN Client software is installed should be different from it (from the example above, it should be on 10.10.10.6).
Regards,
DaneA
NETGEAR Community Team
Hi Cercer01,
Welcome to the community! :)
Based from the network diagram you posted, since the SRX5308 is behind another router, you will need to either open ports on the routers to allow VPN connection or connect the SRX5308 to the DMZ ports of the routers to allow VPN access.
Also, on the part that says Local ID and Remote ID on the ProSAFE VPN Client software, it should be like this below:
Local ID: myvpn_remote.com
Remote ID: myvpn_local.com
Regards,
DaneA
NETGEAR Community Team
Going back to the network diagram you posted, you mentioned that the two devices connected to the ISPs are switches. I believe these switches are Layer 3 switches which are connected to the WAN ports of the SRX5308. The WAN IP address that is registered on the SRX5308 are Private IP Addresses. With regard to this, I'm afraid it seems that the client-to-box VPN you want to achieve is not possible with your current network setup.
For client-to-box VPN to work, refer to the network setup below as an example:
The local IP address of the Remote PC or laptop where the ProSAFE VPN Client software is installed should be different from the local subnet of the SRX5308. Based from the network diagram you posted, the local network address of the SRX5308 is 192.168.1.0, so the local IP address of the Remote PC or laptop where the ProSAFE VPN Client software is installed should be different from it (from the example above, it should be on 10.10.10.6).
Regards,
DaneA
NETGEAR Community Team
Sorry when you said "SRX5308 is behind another router" I though you were talking about "my network" not the box connected to the ISP. I'm gonna try with 10.10.10.6 local IP.
The 10.10.10.6 local IP address that I mentioned on previous response is just an example. Just for clarification and before you make some changes, kindly answer the questions below:
a. Based from the network diagram you posted, what are the devices connected to the ISP which are connected to the SRX5308? Are they Layer 3 switches or routers? What is the brand and model of it?
b. What is the current local IP address of the PC / laptop you are using where the ProSAFE VPN Client software is installed?
c. What is the current firmware version of the SRX5308?
Regards,
DaneA
NETGEAR Community Team
a. In France this device is called a "box" it's an all-in-one device which include internet, telephone, router, firewall, ...
b. It was 192.168.1.60 this is why I change the IP for 10.10.10.6 to have a different network.
c. 4.3.1-22
Since you mentioned that the 'boxes' between the ISPs and SRX5308 are all-in-one devices which includes internet, telephone, router & firewall; then its confirmed that the SRX5308 is behind another router/firewall. Like what I have previously replied unto you, you will need to do either of the following:
a. Open ports on the 'box' to allow VPN connection.
b. Connect the SRX5308 to the DMZ ports of the 'box' to allow VPN access.
c. If a & b above still does not work, set the 'box' to full-bridge mode so that the Public WAN IP Address will be registered to the SRX5308. Kindly refer again to the network diagram from my recent response.
Kindly access the articles below and use it as your reference guide:
ProSAFE VPN Client: Client to Box Configuration
Configure an IPv4 IPSec VPN Connection between a Gateway and a Client - read pages 8-15
Also, I suggest that you upgrade the firmware of the SRX5308 to the latest v4.3.5-3. You can download firmware version 4.3.5-3 here. Be reminded to reset the SRX5308 back to factory defaults after upgrading the firmware then reconfigure it from scratch in order to start clean using the latest firmware version.
Regards,
DaneA
NETGEAR Community Team
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
