Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 11558 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote XG VPN route

ViciousMagician1116

I have one main XG in the head office.  As of right now I also have 2 remote smaller Xg's that are connecting via ipsec back to the head office XG.  I have in the connection settings each remote network listed but they are not able to route to each other.  Is there something I am missing?  Can 2 remote XG's allow lan access to each other in a setup like this?



This thread was automatically locked due to age.
Parents
  • 0

    Hi Vic,

    yep it is possible.

    some Points to check:

    - VPN Definition in Branch A "Site2Site Branch-A to HeadOffice":

    Local Networks: "Net_Branch-A"

    Remote Networks: "Net_Branch-B, Net_HeadOffice"

     

    - VPN Definition in HeadOffice "Site2Site Branch-A to HeadOffice":

    Local Networks: "Net_Branch-B, Net_HeadOffice"

    Remote Networks: "Net_Branch-A"

     

    - VPN Definition in Branch B "Site2Site Branch-B to HeadOffice":

    Local Networks: "Net_Branch-B"

    Remote Networks: "Net_Branch-A, Net_HeadOffice"

     

    - VPN Definition in HeadOffice "Site2Site Branch-B to HeadOffice":

    Local Networks: "Net_Branch-A, Net_HeadOffice"

    Remote Networks: "Net_Branch-B"

     

    - Firewall Rule Head Office "VPN to VPN Net_Branch-A and Net_Branch-B to Net_Branch-B and Net_Branch-A"

    - Firewall Rule Branch-A "LAN to VPN Net_Branch-A to Net_Branch-B"

    - Firewall Rule Branch-A "VPN to LAN Net_Branch-B to Net_Branch-A"

    - Firewall Rule Branch-B "LAN to VPN Net_Branch-A to Net_Branch-B"

    - Firewall Rule Branch-B "VPN to LAN Net_Branch-B to Net_Branch-A"

     

    should work.

     

    if you additionally want to be able to manage the XG Firewalls through the Tunnel / to use your Head Offices Domain Services you'll Need to configure NAT Rules and IPsec Route for System Context.

    System IPSEC-Route:

    console> system ipsec_route add net <headofficesubnet>/<netmask> tunnelname <vpn_HeadOffice>

     

    System NAT-Rule (to tell wich internal IP to use for communication to head Office):

    console> set advanced-firewall sys-traffic-nat add destination <headofficesubnet> netmask <netmask> snatip <internal-IP-Of-XG>

     

     

    Yours Lukas

Reply
  • 0

    Hi Vic,

    yep it is possible.

    some Points to check:

    - VPN Definition in Branch A "Site2Site Branch-A to HeadOffice":

    Local Networks: "Net_Branch-A"

    Remote Networks: "Net_Branch-B, Net_HeadOffice"

     

    - VPN Definition in HeadOffice "Site2Site Branch-A to HeadOffice":

    Local Networks: "Net_Branch-B, Net_HeadOffice"

    Remote Networks: "Net_Branch-A"

     

    - VPN Definition in Branch B "Site2Site Branch-B to HeadOffice":

    Local Networks: "Net_Branch-B"

    Remote Networks: "Net_Branch-A, Net_HeadOffice"

     

    - VPN Definition in HeadOffice "Site2Site Branch-B to HeadOffice":

    Local Networks: "Net_Branch-A, Net_HeadOffice"

    Remote Networks: "Net_Branch-B"

     

    - Firewall Rule Head Office "VPN to VPN Net_Branch-A and Net_Branch-B to Net_Branch-B and Net_Branch-A"

    - Firewall Rule Branch-A "LAN to VPN Net_Branch-A to Net_Branch-B"

    - Firewall Rule Branch-A "VPN to LAN Net_Branch-B to Net_Branch-A"

    - Firewall Rule Branch-B "LAN to VPN Net_Branch-A to Net_Branch-B"

    - Firewall Rule Branch-B "VPN to LAN Net_Branch-B to Net_Branch-A"

     

    should work.

     

    if you additionally want to be able to manage the XG Firewalls through the Tunnel / to use your Head Offices Domain Services you'll Need to configure NAT Rules and IPsec Route for System Context.

    System IPSEC-Route:

    console> system ipsec_route add net <headofficesubnet>/<netmask> tunnelname <vpn_HeadOffice>

     

    System NAT-Rule (to tell wich internal IP to use for communication to head Office):

    console> set advanced-firewall sys-traffic-nat add destination <headofficesubnet> netmask <netmask> snatip <internal-IP-Of-XG>

     

     

    Yours Lukas

Children
No Data