NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Lsands's avatar
Lsands
Tutor
Sep 06, 2021
Solved

IPSec site-to-site with multiple VLANS

Problem: I can't ping a VLAN at another site. 

from Federation 192.168.1.x, I can ping JCC 192.168.0.x, but I can't ping 192.168.4.x

from JCC 192.168.0.x, I can ping Federation 192.168.1.x, but I can't ping 192.168.5.x

I'm not sure that I have correctly setup the VPN. Any suggestions are greatly appreciated.

TIA.

 

I'm have two sites, each with a BR500 running firmware V5.10.0.5. 

I've created the IPSec VPN Rules on each router, maping 0.0 = 1.0 and 4.0 = 5.0

Netgear Insight shows a 'connected' state for each rule.

Every 4-5 minutes I see a log entry in the BR500:

[IPSec VPN] CHILD_SA conn1 established with SPIs c50f0ea7_i cf3d1269_o, Monday, September 06, 2021 10:01:17

[IPSec VPN] CHILD_SA conn0 established with SPIs cefe13b8_i c173cb8a_o, Monday, September 06, 2021 10:01:17

[IPSec VPN] IKE_SA conn0[1] established between 172.2.200.58==24.163.52.97, Monday, September 06, 2021 10:01:17

[IPSec VPN] initiating IKE_SA conn0[1] to 24.163.52.97, Monday, September 06, 2021 10:01:17

[Internet connected] IP address: 172.2.200.58, Monday, September 06, 2021 10:01:12

 

The firewall on each router allows the two VLANS to communication

 

Topology:

 

 

 

 

 

  • JeraldM's avatar
    JeraldM
    Sep 13, 2021

    Hi @Lsands,

     

    Thanks for the quick follow-up!

     

    In this case, I'd recommend to open a support ticket by going to my.netgear.com so our Support Team can further assist you.

     

     

     

    Regards, 

     

    JeraldM

    NETGEAR Community Team

4 Replies

  • Lsands's avatar
    Lsands
    Tutor
    Sep 06, 2021

    Update: I revised the IPSec config for the Cameras to route 192.168.4.0 to 192.168.1.0
    Briefly, I was able to ping the device 192.168.4.10 and then the IPSec connection reset and the ping went back to 'request timeout'. Something in the IPSec config is dropping the connection and after 5 minutes it reconnects.

    Any ideas on this?

    • JeraldM's avatar
      JeraldM
      NETGEAR Employee Retired
      Sep 13, 2021

      Hi Lsands,

       

      Kindly provide a physical topology (what devices are used that connect to the BR500s and how they are connected) and the logs as well for further checking.

       

       

      Regards, 

       

      JeraldM

      NETGEAR Community Team

      • Lsands's avatar
        Lsands
        Tutor
        Sep 13, 2021

        At the location Federation, I have only 1 device. It's a WAC540 access point.

        The location JCC has 35 devices and 4 VLANS.

        The logs are just what is shown above. 

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More