- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Accessing specific VLAN after VPN based on user
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Accessing specific VLAN after VPN based on user
Hello
I have an SRX 5308. I have 3 VLANs defined.
Default = 192.168.3.1
VLAN10 = 10.50.10.1
VLAN20 = 10.50.20.1
I need to define IPSec VPN, such that when user1 logs in, he gets the Default VLAN.
When user2 logs in, he gets VLAN10 and user3 gets VLAN20.
I was able to create an IKE Policy and Mode Config to get into Default VLAN. When I login as user1, I can get access to all Default VLAN resources - so this works as desired.
So I created a similar setup created a new Mode Config - and here I set different IP range in mode config - I even tried copying exact same DNS and IP info (not the range as it would not allow 2 mode config with same IP range)
Here are the screen shots. First 2 are the IKE policy and Mode Config that work.
Second two are the ones that dont work.
FYI - I am using Shrew VPN client
My VPN log seems to show this with the policy that does not work.
I have created identical profiles (except the FQDN and shared key), I am at a loss....
Please advise...
Wed Nov 23 08:53:53 2016 (GMT +0000): [SRX5308] [IKE] ERROR: Ignore information because ISAKMP-SA has not been established yet.
Wed Nov 23 08:53:43 2016 (GMT +0000): [SRX5308] [IKE] INFO: Received Malformed packet of payload length 36460 and total length 40.
IN THE BELOW MODE CONFIG, I HAVE TRIED TO CHANGE THE DNS and LOCL PRIMARY to various values (VLAN ip, router ip etc), but none seems to work
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Accessing specific VLAN after VPN based on user
Hi chiragk11,
Kindly try to use the VPN Wizard on the SRX5308 to create both IKE and VPN policies for each VLAN.
Let us know the results.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Accessing specific VLAN after VPN based on user
I did try the VPN Wizard. But the configuration it created to start did not even let me connect.
Can you help provide some details on what values to set if I want to allow - any remote IP, using the User database, and allow access to specific vlan - say 10.50.10.0, AND Specifically disallow access to 10.50.20.0
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Accessing specific VLAN after VPN based on user
Hi chirag11,
I just want to follow-up. Were you able to access and read my response on the link I've provided? If yes, were you able to try it? If ever you were able to try it, kindly share the results.
Regards,
DaneA
NETGEAR Community Team