hi ,my Problem :I connect my Notebook via VPN IPsec to my Netgear srx5308 !I use IKE + Policies ( no modeConfig ).The connecttion work fine but i cant ping any other PC and also it isnt possible to ping the SRX !WAN1 217.xxx.xxx.xxxVLan1192.168.1.0 / 255.255.255.0- SRX -> 192.168.1.1VLan 2192.168.21.0 / 255.255.255.0- PC1 -> 192.168.21.100- DS1812 -> 192.168.21.250VPN-Client SHREW ( and also Netgear Client , same Situation)- VPN-Client -> 172.xx.xx.2 (vodafone / iphone share )( Active IPsec SA(s) .. )( i can chnage it .. to self selcted IP 10.0.10.2 etc. but also no effect )Why i cant ping any other device !? any idea ... ?PS:more info SRX - VPN PoilciesTraffic Selection 192.168.1.1255.255.255.0Remote IP : ANYFQDN : remote.com

Read my LAN Subnets NOT to Use tutorial. Change traffic selector to .0 and try again. Just like a regular VPN, you need additional VPN policies for each additional LAN subnet.

hi ,i also try it with .0same result !if you use the wizard he fill it auto. with 192.168.1.1 ...but i wasnt sure its correct .. thats the reason why i also try it with .0 !any other idea !??and thx for the tip with ... single polic. for each VLan !!

Test with Internet connection other than iPhone. Your carrier may be blocking VPN. You have to test from outside of your LAN as well.

hmmm..ok , but it also dosent work with a client from landline !and i dont think that the carrier block VPN ...but i will check this also .. againbut today it will be not possible

PS:but the connection are working well !!!normaly the carrier maybe can block to build up a VPN !!but he cant block the connection to my internal ... network PCs!or iam wrong !?

VPN IPsec work fine but i cant see any other PC

43 Replies

jmizoguchi
Virtuoso
Jan 05, 2013
Ahh... I couldn't see well earlier .... I'm on pc now probably some to do with your DNS. looks like you are using own DNS server Got to many of LAN DHCP SERVCER screenshot. you only need the one actually you are using confusing :)
jmizoguchi
Virtuoso
Jan 05, 2013
Make network digaram I see router's IP is 192.168.21x and 192.168.100x so not sure 192.168.1.1 I seen as DNS server under DHCP setup
xmaster2002
Aspirant
Jan 05, 2013
See ... The NAS are current not so important !
The most important thing are current that i am able to ping anything ...
First what i want are to ping the SXR 192.168.1.1 ... Than i am happy !
2. Step are to ping the NAS with ip 192.168.21.250

In case that it,must be i can change the ips but normally
I want that the SRX will use the 192.168.1.1

3. Step are to ping the ip 192.168.1.100

Curreny i have a stable VPN connection and all looks good but 0 chancr to reach anything with the VPN !

And i cant finde the,misstake why i am not able to ping the srx i thing normally all are fine for this min. Setup !
I cant understanf it !!!!

Send from my Lumia920
xmaster2002
Aspirant
Jan 05, 2013
Ok ...

SRX are the DHCP for
Vlan 192.168.1.0
And
Vlan 192.168.21.0

The SRX use the ip 192.168.1.1
Also at the same Vlan are a DIR-855 with 192.168.1.100
( whats behind the DIR-855 are not intresst )

At the 2. Vlan are
A Server with ip 192.168.21.100
And the Synology DS1812 with ip 192.168.21.250

Thats more or less the topology ....

If i want that a special Server are availble to the VPN useres or public i bring him into the network 192.168.21.0

The DNS entries are only given by me ..,i dont config. A special one !
jmizoguchi
Virtuoso
Jan 05, 2013
Both end with 192.168.21x will not tunnel each other
xmaster2002
Aspirant
Jan 05, 2013
Ok you mean : i cant reach 192.168.21.x
But why i cant reach 192.168.1.0 !?
jmizoguchi
Virtuoso
Jan 05, 2013
I saw both end has 192.168.21x in each side so you can not reach 192.168.21. From each side to other side of 192.168.21.x

All tunnel must have different lan subnet

Ex.
A-192.168.1.x, 192.168.21.x
B-192.168.2.x, 192.168.22.x

You now create multiple VPN rules to communicate however you want
xmaster2002
Aspirant
Jan 05, 2013
Ok !

And if i forget now 192.168.21.x
( we ignore this now totally )
( i can understand that 21.x creat me a problem and will need more config )
But why 192.168.1.x dosent work !?
Normally it should work ! Or i am totaly wrong and stupid ! ??

If i only want to reach via VPN
192.168.1.x
Why this dosent work !?
jmizoguchi
Virtuoso
Jan 06, 2013
That should work fine between ex. 192.168.1.x (site a) and 192.168.2.x (site b)
adit
Mentor
Jan 06, 2013
Don't use remote.com and local.com in your setup. They are routable and not controlled by you. Use what is in the tutorial.

Forum Discussion

VPN IPsec work fine but i cant see any other PC

43 Replies

Related Content

ReadyCloud dont work in chrome

WC9500 Discovery doesn't work

IPSEC VPN Client 5.1 not working

Wifi schedule (off overnight) option not working via Insight (works in local)

Getting SRX5308 VPN IPSec to work with Android (when using DynDNS)

NETGEAR Academy

ProSupport for Business