- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: SRX5308 Multi-homing working strangely
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I have an SRX5308 configured to be the gateway for our local network. DHCP is disabled on the Netgear firewall, and is taken care of by a Windows Server 2012 R2 domain controller instead.
Recently, we've run into an issue where we are running out of IP addresses. I decided to solve this problem by creating a Superscope on the local DHCP server.
Scope 1 (original): 10.1.50.x
Subnet: 255.255.255.0
Gateway (SRX5308): 10.1.50.254
Scope 2 (new scope): 10.1.60.x
Subnet: 255.255.255.0
Gateway (SRX5308): 10.1.60.254 (added as a secondary IP via LAN Multi-homing)
Scope 3 (remote scope in a remote location, connected via IPSec VPN): 10.1.51.x
Subnet: 255.255.255.0
Gateway (FVS336GV2): 10.1.51.254
If I am leased out an IP address on the original scope of 10.1.50.x, I have no issues. I can connect to the internet, and I can reach any server (including remote servers over the IPSec VPN).
If I am leased out an IP address on the new secondary scope of 10.1.60.x, I have random issues. Although I can connect to the internet, and I can reach SOME of the servers on the 10.1.50.x scope... I can't reach all of them. For example, I cannot reach 10.1.50.20 (an ESXi host), but I can reach 10.1.50.5 (the DHCP domain controller). I can ping both gateways (10.1.50.254 and 10.1.60.254), but I cannot ping or reach any of the servers in the remote location (10.1.51.x). One user reported to me that he could not connect to one of his client sites via VPN if he was on the 10.1.60.x scope.
What's going on here? There are no firewall rules on either side to only allow a specific scope to reach specific servers.
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi T-Support,
Welcome to the community!
Would you kindly consider redesigning your existing network? If yes, then I would recommend using VLANs instead of Multi-homing. It is because enabling routing between VLANs is possible. Then, on the IPSec VPN setup, it will be necessary to add a VPN policy for the extra subnet as per this link.
Regards,
DaneA
NETGEAR Community Team
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi T-Support,
Welcome to the community!
Would you kindly consider redesigning your existing network? If yes, then I would recommend using VLANs instead of Multi-homing. It is because enabling routing between VLANs is possible. Then, on the IPSec VPN setup, it will be necessary to add a VPN policy for the extra subnet as per this link.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: SRX5308 Multi-homing working strangely
Hello Dane,
Thanks for your reply. What do you mean by "redesigning my exisiting network?"
Edit: if I were to redesign it by your suggestion, how would it be configured?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: SRX5308 Multi-homing working strangely
Update: I followed your tutorial link on VPN policies, and now the VPN works over the second subnet. I did not realize I had to create the policy on both ends, duh! Thanks for that.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: SRX5308 Multi-homing working strangely
Thank you for that.
But what about my earlier question? I asked to your first reply: What do you mean by "redesigning my exisiting network?"
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: SRX5308 Multi-homing working strangely
I see. If I cannot reconfigure the network setup, is it possible to make this work with Multi-homing?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: SRX5308 Multi-homing working strangely
Hi T-Support,
For me, the current network setup is kinda not easy to deal with. You may want to consult NETGEAR Support and they might help you with it.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: SRX5308 Multi-homing working strangely
Thanks for your assistance, Dane.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content