× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Start a New Discussion

Start a New Discussion

Reply

Re: IPSec site-to-site with multiple VLANS

Lsands
Tutor
Tutor
‎2021-09-06 07:21 AM
‎2021-09-06 07:21 AM

IPSec site-to-site with multiple VLANS

Problem: I can't ping a VLAN at another site. 

from Federation 192.168.1.x, I can ping JCC 192.168.0.x, but I can't ping 192.168.4.x

from JCC 192.168.0.x, I can ping Federation 192.168.1.x, but I can't ping 192.168.5.x

I'm not sure that I have correctly setup the VPN. Any suggestions are greatly appreciated.

TIA.

 

I'm have two sites, each with a BR500 running firmware V5.10.0.5. 

I've created the IPSec VPN Rules on each router, maping 0.0 = 1.0 and 4.0 = 5.0

Netgear Insight shows a 'connected' state for each rule.

Every 4-5 minutes I see a log entry in the BR500:

[IPSec VPN] CHILD_SA conn1 established with SPIs c50f0ea7_i cf3d1269_o, Monday, September 06, 2021 10:01:17

[IPSec VPN] CHILD_SA conn0 established with SPIs cefe13b8_i c173cb8a_o, Monday, September 06, 2021 10:01:17

[IPSec VPN] IKE_SA conn0[1] established between 172.2.200.58==24.163.52.97, Monday, September 06, 2021 10:01:17

[IPSec VPN] initiating IKE_SA conn0[1] to 24.163.52.97, Monday, September 06, 2021 10:01:17

[Internet connected] IP address: 172.2.200.58, Monday, September 06, 2021 10:01:12

 

The firewall on each router allows the two VLANS to communication

 

Topology:

 IPSec.png

 

IPSEC rules.png

 

FW Rules.png

 

 

Model: BR500|Insight Instant VPN Router
Message 1 of 5
0 Kudos
Reply

Accepted Solutions
JeraldM
NETGEAR Employee Retired
‎2021-09-13 01:46 PM
‎2021-09-13 01:46 PM

Re: IPSec site-to-site with multiple VLANS

Hi @Lsands,

 

Thanks for the quick follow-up!

 

In this case, I'd recommend to open a support ticket by going to my.netgear.com so our Support Team can further assist you.

 

 

 

Regards, 

 

JeraldM

NETGEAR Community Team

View solution in original post

Message 5 of 5
Reply

All Replies
Lsands
Tutor
Tutor
‎2021-09-06 01:19 PM
‎2021-09-06 01:19 PM

Re: IPSec site-to-site with multiple VLANS

Update: I revised the IPSec config for the Cameras to route 192.168.4.0 to 192.168.1.0
Briefly, I was able to ping the device 192.168.4.10 and then the IPSec connection reset and the ping went back to 'request timeout'. Something in the IPSec config is dropping the connection and after 5 minutes it reconnects.

Any ideas on this?

Message 2 of 5
0 Kudos
Reply
JeraldM
NETGEAR Employee Retired
‎2021-09-13 12:49 PM
‎2021-09-13 12:49 PM

Re: IPSec site-to-site with multiple VLANS

Hi @Lsands,

 

Kindly provide a physical topology (what devices are used that connect to the BR500s and how they are connected) and the logs as well for further checking.

 

 

Regards, 

 

JeraldM

NETGEAR Community Team

Message 3 of 5
0 Kudos
Reply
Lsands
Tutor
Tutor
‎2021-09-13 01:04 PM
‎2021-09-13 01:04 PM

Re: IPSec site-to-site with multiple VLANS

At the location Federation, I have only 1 device. It's a WAC540 access point.

The location JCC has 35 devices and 4 VLANS.

The logs are just what is shown above. 

Message 4 of 5
0 Kudos
Reply
JeraldM
NETGEAR Employee Retired
‎2021-09-13 01:46 PM
‎2021-09-13 01:46 PM

Re: IPSec site-to-site with multiple VLANS

Hi @Lsands,

 

Thanks for the quick follow-up!

 

In this case, I'd recommend to open a support ticket by going to my.netgear.com so our Support Team can further assist you.

 

 

 

Regards, 

 

JeraldM

NETGEAR Community Team

Message 5 of 5
Reply
Top Contributors
See All
Discussion stats
  • 4 replies
  • ‎2021-09-06 07:21 AM
  • 1691 views
  • 1 kudo
  • 2 in conversation
Announcements