VPN Access from different LAN segment.

HI @deanwatson,

I believe you have a client-to-box IPsec VPN to the FVS336Gv3.  I suggest you to create VLANs instead of using the Multi-Homing feature.  Refer to the diagram below as an example:

Once you got the client-to-box VPN working between the FVS336Gv3 and the remote PC, in order to access the VLANs through the VPN tunnel, it is needed to edit the VPN Policy on the FVS336Gv3.  Change the Local LAN to the Supernet 192.168.0.0/16 which includes all VLANs: 192.168.1.0/24, 192.168.50.0/24, 192.168.100.0/24 and 192.168.150.0/24. Refer to the image below: 

Then, on the NETGEAR VPN Client Professional software, it is needed to set the Remote LAN Address to the Supernet 192.168.0.0/16.  Refer to the image below:

Regards,

DaneA

NETGEAR Community Team

@deanwatson,

I just want to follow-up on this.  Let us know if you have further questions.

Otherwise, if ever your concern has been resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!

Regards,

DaneA

NETGEAR Community Team

Hi Dane. Sorry for the delayed response, I have been away from the office for 10 days. Unfortunately, your assumption was wrong. I have a site-site IPSec VPN link, where the connection parameters are prescribed by the other party. All I want to know is whether it is possible for devices on my primary LAN segment 192.168.2.* to access a remote service via the VPN, which has to terminate on 172.17.128.90?

@deanwatson,

Thanks for the feedback.  I apologize for I wrongly understood the network setup described from your initial post.  Kindly post an image or screenshot of the detailed network setup you want to achieve.  

Regards,

DaneA
NETGEAR Community Team

@deanwatson,

Just a follow-up on this.  I have re-read this forum thread.  Correct me if I'm wrong.  As I understand, there is a LAN Multi-homing already setup on the remote site wherein the service is deployed that you want to access via the site-to-site VPN.  I'm afraid that it is not possible to access the service that you want because of the LAN Multi-homing setup.  Still, the best suggestion is to configure the remote site with VLANs.  Refer to the diagram below as an example: 

Just like in my initial response to you,  in order to access the VLANs through the Site-to-Site VPN tunnel, it is needed to edit the VPN Policy of the Local Network on the FVS336Gv3 at the Remote Site.  Change the Local LAN to the Supernet 192.168.0.0/16 which includes all VLANs: 192.168.1.0/24, 192.168.50.0/24, 192.168.100.0/24 and 192.168.150.0/24. This will result to the image below: 

Then on the FVS336Gv3 of the Main Site, set the Remote LAN to the Supernet 192.168.0.0/16 which includes all VLANs when running the VPN Wizard. It will result to the image below: 

Regards,

DaneA

NETGEAR Community Team

@deanwatson,

Just following up again.  Let us know if you have further questions. 

If ever your concern has been addressed or resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!

Regards,

DaneA

NETGEAR Community Team