Reply

SRX5308 Multi-homing working strangely

T-Support
Aspirant

SRX5308 Multi-homing working strangely

Hello,

 

I have an SRX5308 configured to be the gateway for our local network. DHCP is disabled on the Netgear firewall, and is taken care of by a Windows Server 2012 R2 domain controller instead.

 

Recently, we've run into an issue where we are running out of IP addresses. I decided to solve this problem by creating a Superscope on the local DHCP server.

 

Scope 1 (original): 10.1.50.x

Subnet: 255.255.255.0

Gateway (SRX5308): 10.1.50.254

 

Scope 2 (new scope): 10.1.60.x

Subnet: 255.255.255.0

Gateway (SRX5308): 10.1.60.254 (added as a secondary IP via LAN Multi-homing)

 

Scope 3 (remote scope in a remote location, connected via IPSec VPN): 10.1.51.x

Subnet: 255.255.255.0

Gateway (FVS336GV2): 10.1.51.254

 

If I am leased out an IP address on the original scope of 10.1.50.x, I have no issues. I can connect to the internet, and I can reach any server (including remote servers over the IPSec VPN).

 

If I am leased out an IP address on the new secondary scope of 10.1.60.x, I have random issues. Although I can connect to the internet, and I can reach SOME of the servers on the 10.1.50.x scope... I can't reach all of them. For example, I cannot reach 10.1.50.20 (an ESXi host), but I can reach 10.1.50.5 (the DHCP domain controller). I can ping both gateways (10.1.50.254 and 10.1.60.254), but I cannot ping or reach any of the servers in the remote location (10.1.51.x). One user reported to me that he could not connect to one of his client sites via VPN if he was on the 10.1.60.x scope.

 

What's going on here? There are no firewall rules on either side to only allow a specific scope to reach specific servers.

Message 1 of 11

Accepted Solutions
DaneA
NETGEAR Moderator

Re: SRX5308 Multi-homing working strangely

Hi T-Support,

 

Welcome to the community! Smiley Happy

 

Would you kindly consider redesigning your existing network?  If yes, then I would recommend using VLANs instead of Multi-homing.  It is because enabling routing between VLANs is possible.  Then, on the IPSec VPN setup, it will be necessary to add a VPN policy for the extra subnet as per this link

 

 

Regards,

 

DaneA

NETGEAR Community Team

View solution in original post

Message 2 of 11

All Replies
DaneA
NETGEAR Moderator

Re: SRX5308 Multi-homing working strangely

Hi T-Support,

 

Welcome to the community! Smiley Happy

 

Would you kindly consider redesigning your existing network?  If yes, then I would recommend using VLANs instead of Multi-homing.  It is because enabling routing between VLANs is possible.  Then, on the IPSec VPN setup, it will be necessary to add a VPN policy for the extra subnet as per this link

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 2 of 11
T-Support
Aspirant

Re: SRX5308 Multi-homing working strangely

Hello Dane,

 

Thanks for your reply. What do you mean by "redesigning my exisiting network?"

 

Edit: if I were to redesign it by your suggestion, how would it be configured?

Message 3 of 11
T-Support
Aspirant

Re: SRX5308 Multi-homing working strangely

Update: I followed your tutorial link on VPN policies, and now the VPN works over the second subnet. I did not realize I had to create the policy on both ends, duh! Thanks for that.

Message 4 of 11
DaneA
NETGEAR Moderator

Re: SRX5308 Multi-homing working strangely

Hi T-Support,

 

I am glad that the VPN works over the 2nd subnet.  Smiley Happy Welcome!

 

 

Cheers,

 

DaneA

NETGEAR Community Team

Message 5 of 11
T-Support
Aspirant

Re: SRX5308 Multi-homing working strangely

Thank you for that. Smiley Very Happy

 

But what about my earlier question? I asked to your first reply: What do you mean by "redesigning my exisiting network?"

Message 6 of 11
DaneA
NETGEAR Moderator

Re: SRX5308 Multi-homing working strangely

Hi T-Support,

 

What I mean is consider implementing VLANs instead of setting up Multi-homing.  Its because for me, I think that would be a smarter way.  

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 7 of 11
T-Support
Aspirant

Re: SRX5308 Multi-homing working strangely

I see. If I cannot reconfigure the network setup, is it possible to make this work with Multi-homing?

Message 8 of 11
DaneA
NETGEAR Moderator

Re: SRX5308 Multi-homing working strangely

Hi T-Support,

 

For me, the current network setup is kinda not easy to deal with.  You may want to consult NETGEAR Support and they might help you with it.  

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 9 of 11
T-Support
Aspirant

Re: SRX5308 Multi-homing working strangely

Thanks for your assistance, Dane.

Message 10 of 11
DaneA
NETGEAR Moderator

Re: SRX5308 Multi-homing working strangely

Hi T-Support,

 

You're welcome! Smiley Happy

 

Feel free to post your future concerns and inquiries here in the community.

 

 

Cheers,

 

DaneA
NETGEAR Community Team

Message 11 of 11
Top Contributors
Discussion stats
  • 10 replies
  • 6987 views
  • 0 kudos
  • 2 in conversation
Announcements