Reply

Lan 2 Lan connection setup

King-Marqy
Aspirant

Lan 2 Lan connection setup

Can anybody advise me? We've got two SRX5308 on different sites (A+B). The sites are currently connected using VPN but this is unstable. The provider of the fibre connection has made a direct connection on port 4 of the modems. This direct connection works, when plugging in my laptop on site B it recieves an IP from site A. VLAN's are used, one site A a corp VLAN of 192.168.178.x, on site B a corp VLAN of 192.168.225.x range. We want to disable VPN and configure the SRX5308's to send traffic to the new connection that the modem's have. So modem port 4 on site A is connected to the switch (wich is connected to LAN port 1 on the SRX. On site B the modem port 4 is connected to LAN port 2 on the SRX (port 1 is currenctly connected to the switch on site B and has al the VLAN's). How do we configure the SRX on site A and B? Only a connection of VLAN corp is needed. VLAN's are ste on the ports (switch and SRX) and static route was configured but we arn't able to get traffic back. Can somebody tell me what must be configured or if the setup is ok? Again, the connection of the modems port 4 between the sites is ok... WAN port 1 on both SRX's are connected to port 1 of the modems, providing internet.

Please any help would be great! 

Model: SRX5308|PROSAFE Gigabit Quad WAN SSL & IPSEC VPN Firewall
Message 1 of 13
JohnC_V
NETGEAR Moderator

Re: Lan 2 Lan connection setup

Hi King-Marqy,

 

Welcome to our community! Smiley Happy

 

It would be better if you can share your network topology to better understand your issue.

 

Regards,

 

JohnCarloV

NETGEAR Community Team

Message 2 of 13
King-Marqy
Aspirant

Re: Lan 2 Lan connection setup

Ok, thanks. Here's a drawing:

Site A is connected to B using port 1 and VPN tunnel. New situation must be, no VPN tunnel, direct connection trogh port 4 on modem site A and B (this works, when connecting to port 2 of modem on site B an IP 192.168.178.x is given to my Macbook Pro. Thing is, i've tried to connect port 4 of the modem (patch) to LAN port 2 at site B and configure the SRX for translation... This didn't work, but there is a chance that some VPN tunnel configuration is conflicting with this.. But any config suggestions would be very appreciated. Port LAN2 at Site B has a static IP in the 178 range (192.168.178.253). 

1.jpg

 

Message 3 of 13
JohnC_V
NETGEAR Moderator

Re: Lan 2 Lan connection setup

@King-Marqy,

 

As per my understanding, you now have 2 ISPs per site and it was connected to the port 4 of the modem going to port 28 of the M4100 switch. What you wanted now is to move your connections to this modem and remove the VPN from the SRX5308. It means that you wanted the fiber connection to be your main line. Is that correct?

 

Regards,

 

JohnCarloV

NETGEAR Community Team

Message 4 of 13
King-Marqy
Aspirant

Re: Lan 2 Lan connection setup

Well we have fiber as main and cable as backup line. The fiber modem is using port 1 for internet and port 4 for the direct lan connection. Currently VPN tunnel over fiber and if fiber failes over cable. The direct lan connection is however configured by the fiber provider on their modems port 4, so yes we want fiber to be the main line and we also know that if this failes the lan2lan connection won’t work over cable. Thanks for the repelt!
Message 5 of 13
King-Marqy
Aspirant

Re: Lan 2 Lan connection setup

Situation is going to be different. On site b internet connection is going away, only the lan 2 lan via fiber is going to stay (from a to b).
Message 6 of 13
SamirD
Prodigy

Re: Lan 2 Lan connection setup

There's no reason the vpn should be unstable unless there's other routing issues, which I think there are possibly a lot (network loops and more) with the current layout.

 

What are you trying to accomplish because I think there's a much, much simpler way to do this as there are a lot of 'just not right' connections in that diagram.

Message 7 of 13
King-Marqy
Aspirant

Re: Lan 2 Lan connection setup

Currently the connection between A and B are active over port 4 of the fibre modem. Discard Site-B's backup ISP (Ziggo), it's not there (mistake). We want to have site A and B connected over the lan2lan connection. Site B will use Site A gateway to the internet. That's all. It would be great if the corp VLAN's could be intact, that means that we don't have to renumber (IP) Site B.

Message 8 of 13
SamirD
Prodigy

Re: Lan 2 Lan connection setup

By lan2lan connection, are you referring to a vpn tunnel over the fibre connections?

 

So basically you're just wanting all traffic from site B to go out via site A's connection, correct?  Vlans intact if possible?

Message 9 of 13
King-Marqy
Aspirant

Re: Lan 2 Lan connection setup

Thanks for your reply!

 

No, it's a lan2lan connection (no VPN tunnel). When connecting to modem port 4 on site B it recieves an IP of site A (that works already).

Yes all trafic from B must go to site A, so that:

1) B uses A to go to the internet (site B's own current internet connection is going away, just leaving the direct connection between the modems)

2) Corp netwerk site A must be able to connect to Corp B -> 2 different VLAN's, corp A VLAN 178, corp B VLAN 225, both sites managed VLAN's are 1, both have an additional VLAN for the guest WIFI network: Site A VLAN 165, site B VLAN 235. For the IP range of teh VLAN's see my picture in the other post.

3) Yes VLAN's intact if possible!!! Smiley Happy it saves renumbering servers, printers and a lot more....

Message 10 of 13
SamirD
Prodigy

Re: Lan 2 Lan connection setup

Okay, so something isn't right here.  What are these fibre modems?  Because if they connect to the Internet, either they are providing some sort of tunnel between the sites or something else is because you cannot just route packets over the Internet like that unless everything has static Internet IPs.

 

Message 11 of 13
King-Marqy
Aspirant

Re: Lan 2 Lan connection setup

The fibre modems do have a connection to the internet (port 1 is gateway) and port 4 is configured to each other. The provider has this configured (kind of tunnel?). So port 4 is connected to the switch (VLAN178 untagged) on site A, port 4 on the modem of site B is connected to my macbook pro and i recieve an IP from the DHCP server on site A. A kind of direct connection. So my question is, if I connect the UTP cable from port 4 to the SRX5308, how does the config looks? Do i use LAN port 2 on the SRX or WAN port2 on site B? 

Message 12 of 13
SamirD
Prodigy

Re: Lan 2 Lan connection setup

Interneting.  I've never heard of such a setup.  But I do know what's wrong.  You have too many dhcp servers accessible by each client on site B--this is why it sometimes works and sometimes doesn't depending on what IP address the client on site B gets.

 

If you want all the traffic, including Internet to go through site A, the solution is remarkably simple--remove the srx from site B and connect port 4 from the fibre modem directly to the switch on site B.  This will make ALL dhcp requests, and all traffic go through site A since essentially site B appears 'local' to site A.  Now be careful!  If this is not exactly what you want, don't try this as it will completely break everything on site B. Smiley Surprised

 

Message 13 of 13
Discussion stats
  • 12 replies
  • 2237 views
  • 0 kudos
  • 3 in conversation
Announcements