NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

chiragk11's avatar
chiragk11
Aspirant
Nov 23, 2016

Restrict User to VLAN after VPN - Not working

Hello,   On SRX5308  I have created a IPSec VPN connection using Mode Config and IKE policy. I am able to VPN in. However, I can access all Subnets - even though I have specified the Subnet as 10.5...
srx5308
Troubleshooting
chiragk11's avatar
chiragk11
Aspirant
Nov 23, 2016

Never mind the last post #2. It seemed to work when I first connected, but after a minute, I was able to access entire network - so I back to square 1.

 

DaneA's avatar
DaneA
NETGEAR Employee Retired
Dec 05, 2016

Hi chiragk11,

 

Just to add, to possibly set the VPN to access only a specific VLAN other than the default VLAN, the setting for this to work is in the VPN Policy under Traffic Selection.  By default, when creating the policy using the VPN wizard,  it will use the IP address of the default VLAN.  However, if you change this to the network address of the desired VLAN, it will allow access to that VLAN through the VPN.  Inter VLAN routing must be turned off in the VLAN settings if the desired effect is to not be able to access other VLAN’s.

 

On the figure below,  from the working policy; note that 192.168.245.0 is the network address of the secondary VLAN and not the LAN IP address of the default VLAN.  Also note, Mode Config is not being used.  Just use the VPN wizard on both the SRX5308 on each side.  

 

 

 

Regards,

 

DaneA

NETGEAR Community Team

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More