Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 26 subscribers
  • Views 2730 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED on same subnet

cpb_dd

Hi

I want to add 2 reds to my HQ network on the same subnet.

HQ : 10.0.0.0 /16 network

Branche 1 : 10.0.10.0 / 16 network

Branche 2 : 10.0.20.0 / 16 network

My RED tunnels are online.

Can ping from my XG to red's, but can't ping pc's behind RED.

 

So my ARP broadcast don't go between.

How can i fix this on an XG?

Found this, but is for UTM: https://community.sophos.com/products/unified-threat-management/f/remote-ethernet-device-red/57503/red-devie---headquater-and-remotesite-on-same-subnet



This thread was automatically locked due to age.
Parents
  • +1

    Hi cpb,

    Unfortunately you cannot (should not) use the REDs in that fashion. You should never have multiple interfaces existing on the same subnet of which you have Port1, reds1 and reds2 all existing on you 10.0.0.0/16 network. The routing and arping will go completely crazy and definitely not a recommended solution.

    The only way to get the RED networks to exist on the same subnet range as head office is to bridge the two REDs with the main LAN interface that the 10.0.0.0/16 is on. Beware, when you bridge them, any configuration bound to the interfaces you're bridging will be destroyed like the DHCP servers etc if you were using any so you will have to remake them.

    But then you will not be able to separate them as 10.0.10.x and 10.0.20.x as they would all exist on the same subnet. If you do do the bridge, you will have to make a firewall rule which will allow communications across the bridge. So if you have labelled the port and all REDs as LAN then you will need to make a LAN to LAN allow rule.

    However, I would recommend setting the two RED branches to 10.10.0.0/16 and 10.20.0.0/16 so they exist in completely separate subnets. Unless you have a configuration compatibility need for all existing on the same subnet?

    Also, when you ping the RED interface IP, you are not actually pinging the RED, you are in fact just pinging the virtual interface of the XG.

    I hope that helps!

    Emile

Reply
  • +1

    Hi cpb,

    Unfortunately you cannot (should not) use the REDs in that fashion. You should never have multiple interfaces existing on the same subnet of which you have Port1, reds1 and reds2 all existing on you 10.0.0.0/16 network. The routing and arping will go completely crazy and definitely not a recommended solution.

    The only way to get the RED networks to exist on the same subnet range as head office is to bridge the two REDs with the main LAN interface that the 10.0.0.0/16 is on. Beware, when you bridge them, any configuration bound to the interfaces you're bridging will be destroyed like the DHCP servers etc if you were using any so you will have to remake them.

    But then you will not be able to separate them as 10.0.10.x and 10.0.20.x as they would all exist on the same subnet. If you do do the bridge, you will have to make a firewall rule which will allow communications across the bridge. So if you have labelled the port and all REDs as LAN then you will need to make a LAN to LAN allow rule.

    However, I would recommend setting the two RED branches to 10.10.0.0/16 and 10.20.0.0/16 so they exist in completely separate subnets. Unless you have a configuration compatibility need for all existing on the same subnet?

    Also, when you ping the RED interface IP, you are not actually pinging the RED, you are in fact just pinging the virtual interface of the XG.

    I hope that helps!

    Emile

Children
No Data