Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 29 subscribers
  • Views 14064 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I setup multiple site-to-site RED tunnels

JohnSmock

I have one XG430 at my data center.

I have 11 remote XG210 and 1 XG115w firewalls at remote offices.

Currently we use IPSEC/GRE tunnels and static routing to connect and route traffic between sites.

I have one site setup (remote XG115w) that uses a RED tunnel to my XG430 at my data center.

I want to change from my IPSEC/GRE tunnels to RED tunnels at all my locations.

When I tried to add a second RED client (XG210 in Los Angeles) to my existing RED server (XG430 in Kansas City) at my data center, my first RED client (XG115w in Orlando) loses its connection while new client tries to connect.  From the logs, it seems that the two RED clients are conflicting when they are both trying to connect.

I feel like I am missing something fundamental in all of this.  I have only used XG firewalls, so I have no history with the UTM series of devices and that seems to be all the information I can find when it comes to setting up RED tunnels in a site to site setup.

Can I even do this?  I was hoping I can setup multiple XG210/115 firewalls to connect back to one single XG430 firewall at data center.  I thought I would be able to setup one server with many clients and just make sure the server and each client use a unique IP address in the same LAN subnet.  In my case I am using 192.168.50.0/24.  My RED server is 192.168.50.1 and my clients will each use a different IP address.

Can someone help explain what I am doing wrong?  Is this just not how it works?  Will I need to setup multiple RED servers at the data center XG430 firewall?  One for each remote client?  If so, does that mean I have to use a different IP address for each end of this setup like I do for my GRE tunnels (which sucks).

Thanks!



This thread was automatically locked due to age.
Parents
  • 0

    John,

    you can have multiple RED connecting back to one XG without any problem (on the datasheet there are a number of recommended RED devices per each XG).

    The best thing to have is that each remote network location is using a different Network IP/Mask, so you do not to create bridge and add more confusion.

    Please share the RED logs and what you have created on XG 430 so we are able to help you.

    Regards

Reply
  • 0

    John,

    you can have multiple RED connecting back to one XG without any problem (on the datasheet there are a number of recommended RED devices per each XG).

    The best thing to have is that each remote network location is using a different Network IP/Mask, so you do not to create bridge and add more confusion.

    Please share the RED logs and what you have created on XG 430 so we are able to help you.

    Regards

Children
  • 0 in reply to lferrara

     

    Just to make sure I am clear, I am not connecting RED devices back to my XG firewall, I am trying to connect XG firewall to XG firewall with RED tunnels.

    Each remote site has a unique local subnet for all devices.  I thought the RED tunnels would all be part of one common WAN subnet that I can use for routing between sites.  We had a setup like that with our old Cisco 800 routers connecting back to a single Cisco 2850 router using DMVPN tunnels.  Each router had a specific IP address, but they were all part of the same subnet or range of IPs.

    Also, we are running SFOS 16.01.2 on all firewalls.

    Here is what I have setup on my XG430 at my data center:

    Here is the RED setup on the one firewall that does work:

    This XG firewall also has a RED connection to a firewall in my Tampa office so I can route traffic directly to them via that path:

    So, I CAN do multiple RED client tunnels from one XG firewall, but each of those RED tunnels uses a different IP subnet.

    Here is sample of the log on my XG430 at my data center when I had added a second RED tunnel from my office in Los Angeles:

  • 0 in reply to JohnSmock

    Here is what I was adding in my Los Angeles firewall that would cause the issues (this is not currently setup, I removed it when I was seeing the conflict):