Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

Re: In site to site VPN I need all internet traffic to exit site A.

dhalliday
Initiate
Initiate
‎2016-05-11 07:22 PM
‎2016-05-11 07:22 PM

In site to site VPN I need all internet traffic to exit site A.

I have 2 sites connected via a pair of SRX5308's

 

A = 192.168.1.0/24 

WAN IP = 1.1.1.1

 

B = 192.168.2.0/24

WAN IP = 2.2.2.2 

 

Now what I need to do is have all traffic from B go to site A even traffic destined for the internet. That is I need the internet traffic to come out of our network with the IP address 1.1.1.1 even if it originated from network B.

 

On my ASA's I setup a route 1.1.1.1 to the ISP and then a default 0/0 to 192.168.1.1 this way the ASA knows how to get to the VPN peer as it is a more precise route but sends everything else over the tunnel to the remote end which then hairpin routes the internet trafic back out of its own WAN port.

 

I can not however figure out how to so the same on the pair of SRX5308 they either fail to bring up the tunnel or route internet out of the local site B address.

 

Anyone have any ideas?

 

I need to do this because we are doing logging and tracking of internet traffic at site A via tapping the upsteam to various IDS solutions and dont want to (can't) duplicate this at all our remote sites. 

 

Thanks,

 

Dave.

 

Model: SRX5308|PROSAFE Gigabit Quad WAN SSL & IPSEC VPN Firewall
Message 1 of 3
0 Kudos
Reply

Accepted Solutions
dhalliday
Initiate
Initiate
‎2016-05-12 09:40 PM
‎2016-05-12 09:40 PM

Re: In site to site VPN I need all internet traffic to exit site A.

After some more thought and testing I have come up with a workable solution to my own problem. I will share it here in case it may help others. 

 

1) Use the wizard on both ends to set up a normal VPN that connects the two lan segments 192.168.1.0 and 192.168.2.0

2) Go to VPN-VPN Policy on the remote site router192.168.2.1 and hit Edit

   a) Uncheck Netbios

   b) Select "Any" from the Remote IP dropdown.

   c) Apply the change

3) Go to VPN->VPN Policy on the head end site (192.168.1.1) and hit Edit

   a) Uncheck Netbios

   b) Select "Any" from the Local IP dropdown

   c) Apply the change

 

Now all traffic wil go down the VPN tunnel and exit to the internet at the head end site. Hope this helps other with the same issue. 

 

 

 

 

 

 

View solution in original post

Message 2 of 3
Reply

All Replies
dhalliday
Initiate
Initiate
‎2016-05-12 09:40 PM
‎2016-05-12 09:40 PM

Re: In site to site VPN I need all internet traffic to exit site A.

After some more thought and testing I have come up with a workable solution to my own problem. I will share it here in case it may help others. 

 

1) Use the wizard on both ends to set up a normal VPN that connects the two lan segments 192.168.1.0 and 192.168.2.0

2) Go to VPN-VPN Policy on the remote site router192.168.2.1 and hit Edit

   a) Uncheck Netbios

   b) Select "Any" from the Remote IP dropdown.

   c) Apply the change

3) Go to VPN->VPN Policy on the head end site (192.168.1.1) and hit Edit

   a) Uncheck Netbios

   b) Select "Any" from the Local IP dropdown

   c) Apply the change

 

Now all traffic wil go down the VPN tunnel and exit to the internet at the head end site. Hope this helps other with the same issue. 

 

 

 

 

 

 

Message 2 of 3
Reply
JohnRo
NETGEAR Employee Retired
‎2016-05-13 08:58 AM
‎2016-05-13 08:58 AM

Re: In site to site VPN I need all internet traffic to exit site A.

Hello dhalliday, 

 

Welcome to the community! 

 

Thank you for sharing your solution, I am sure this will help other community members if they come up with the same issue. 

 

Cheers, 

Message 3 of 3
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 2 replies
  • ‎2016-05-11 07:22 PM
  • 5096 views
  • 3 kudos
  • 2 in conversation
Announcements