SRX5308 Firewall example

Here is an example of a box to box VPN configuration:

http://kb.netgear.com/app/answers/detail/a_id/24278

Here is for client to box:

http://kb.netgear.com/app/answers/detail/a_id/24245/related/1


What kind of setup would you like to accomplish?

About setting up box-to-box IPSec VPN, check these links below as reference guides: https://drive.google.com/file/d/0B4PuVEYxkQ5oZk1aR0tJbTh0TTg/view?usp=sharing http://kb.netgear.com/app/answers/detail/a_id/24278/~/configuring-a-box-to-box-vpn-on-prosafe%2Fprosecure-routers About setting up client-to-box IPSec VPN, check this link below: http://kb.netgear.com/app/answers/detail/a_id/24245/related/1 About setting up PPTP VPN Tunnel, check this link below: http://kb.netgear.com/app/answers/detail/a_id/24288/~/configuring-a-pptp-vpn-tunnel-to-prosafe%2Fprosecure-routers About setting up L2TP VPN Tunnel, check this link below: http://kb.netgear.com/app/answers/detail/a_id/24393/related/1

You asked "What do I want to accomplish?"
First: I have two SRX5308 routers for Site-A and Site-B. Both sites have internet access. Site-A is the main office where the servers are, Site-B has to access Site-A through a VPN tunnel.
Second: Site-A is also a VPN access point for VPN-client software to login.
Third: The firewalls have to allow - LogMeIn, RDP, FTP, and VPN-client to pass through.

I have an idea on how to configure this as I have existing Cisco routers to refer too (the Cisco's are slow). However, the old setup uses an internet gateway and is different.

argylegp wrote:
First: I have two SRX5308 routers for Site-A and Site-B. Both sites have internet access. Site-A is the main office where the servers are, Site-B has to access Site-A through a VPN tunnel. Second: Site-A is also a VPN access point for VPN-client software to login. Third: The firewalls have to allow - LogMeIn, RDP, FTP, and VPN-client to pass through.

1. You can achieve this by setting up Box-to-Box VPN connection.

2. This can be done by the Client-to-Box setup.

Examples are on the links that I posted above.

3. You will need to setup port forwarding for these. Check the link below for instructions:

http://kb.netgear.com/app/answers/detail/a_id/1002/~/port-forwarding-on-the-fvs318v3

Thanks for the info.

One more question: How do the VPN clients, in a client-to-box scenario, get an IP address that is in the same range as the servers? So that the client VPN link puts them directly into the internal network.

On the client software, you will have to enter the internal IP of the remote network. http://support1.gearguy.com/useruploads/images/Client_create_3%281%29.png Check this link below: http://kb.netgear.com/app/answers/detail/a_id/24245/~/client-to-box-vpn

Does this mean the Client-VPN will pull an internal IP address from the internal network DHCP?

The answer would be no, the reason why you need to enter the External IP of the Remote network is for the client to identify the network and devices connected to it. As far as I know, it creates its own random IP (like a VPN IP which is not on the same range as the IP on the remote network). I know there is a deeper explanation to that.

Not unless you are using Mode Config.

Read my LAN Subnets NOT to Use tutorial for an explanation. LogMeIn should requires no router setttings. You should not open 3389 (RDP) to the Internet. It's a huge security issue. If the public needs access to the FTP then feel free to open the port(s). VPN Passthrough is only for outbound initiated VPN Client tunnels. It has nothing to do with inbound (to the SRX) VPN Client tunnel access. You may have to adjust the software firewalls on the servers to allow the VPN Client subnet access. It all depends on how they are setup.