- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Can't acces some servers through VPN
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can't acces some servers through VPN
Hi,
I have 2 SRX5308 with a working site to site VPN connection.
Site 1 is the main office with a terminal server (192.168.20.1) etc.
Site 2 is a small office with one client PC (192.168.40.100), printer (192.168.40.102) and a building management system (192.168.40.200). This system has a small webserver to controll the system.
I can acces the terminal server through the VPN. I can ping the printer on site 2 from site 1. I can ping the client PC and both Firewalls.
Everything is working great.
I can't however acces the webserver on site 2 from site 1.
The webserver works on the local client pc. I can ping the webserver from the client pc on site 2. But I can't ping the webserver from site 1.
I've added screenshots of the settings from both sites.
Firmware 1: 4.3.3-8
Firmware 2: 4.3.4-1
Do I need to add something in the firewall?
Thanx!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can't acces some servers through VPN
Hi R-v-E,
Welcome to the community! 🙂
It seems that the IKE / VPN policies are properly configured. Kindly answer the questions below:
a. Are there VLANs configured on site 2? If yes, on what VLAN is the webserver a part of?
b. Is the IP address configured on the webserver a static IP address? Kindly check the IP Address details of it.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can't acces some servers through VPN
Hi R-v-E,
I have just reviewed again the screenshots you have posted and it seems that I have overlooked at site2. There is an error in the site2 IKE policy. Please check the screenshot below. Kindly add a VPN policy via the IPsec VPN Wizard and enter the correct Local WAN1 IP address.
Let us know the results. I look forward to your response.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can't acces some servers through VPN
The ISP on site 2 only offers VDSL with a FritzBox (modem and router). I can't use a diffrent modem. Therefore the Wan IP adress is the one you see in the picture.
So the situation is: ISP --> Modem / Router --> SRX5308 --> PC, printer, webserver
--> Public Wifi via guest network
The router has VPN/IPSEC passthrough.
All IP's are fixed. No DHCP is used.
Site 1 has some VLans but those are for Guests and other stuff. Not in use by me.
Everything works, except the webserver.
Greetings,
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can't acces some servers through VPN
Hi R-v-E,
I suggest you to check the default gateway on the web server. Double-check it whether if that is incorrect or not present at all because this would prevent the web server from replying back over the VPN.
Also, as I have pointed out from the VPN policies (check the screenshot from my previous response) that it has LAN IP on the WAN IP Identifier, you have a double NAT scenario since SRX5308 is not the main router. I suggest you to use FQDN as both the identifiers in the IKE policy and not the LAN IP.
Let us know the results after making the changes as suggested.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can't acces some servers through VPN
Hi R-v-E,
I just want to follow-up on this. Were you able to perform the changes I have suggested? If yes, what are your observations?
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can't acces some servers through VPN
Hi,
I'll be on site later this week. I'll keep you updated.
Greetings
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can't acces some servers through VPN
Hi R-v-E,
I just want to follow-up on this again. Were you able to perform the changes I have suggested? If yes, what are your observations?
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can't acces some servers through VPN
Hi DaneA,
The Default gateway on the webserver is 192.168.40.5
I changed the LAN IP on the WAN IP identifier to FQDN.
But still no acces to the webserver.
The printer on site 2 has a build in webserver. I can acces this webserver. I think the problem isn't in de VPN configuration but I have no idea where to look next.
I will try to forward the port and see if I can acces the webserver just by forwarding the ports.
Greetings.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Can't acces some servers through VPN
Hi R-v-E,
I just want to follow-up. Were you able to access the web server by configuring port forwarding?
Regards,
DaneA
NETGEAR Community Team