Brian B
asked on
Lefthand SAN Replication over VPN
I am trying to set up a remote copy (replication) between two HP Lefthand 4300 SANs over VPN. I have the links set up, the issue is I don't which ports need forwarding on the routers (Fortinet Fortigate 110s) so the two SANs can talk to each other.
The host SAN is in an internal network with publically addressable IP. In other words, I think to get from the remote to the host is easy, just put in the IP. The remote SAN is in a rented rack and is the only device behind the router/firewall using non-routable IP. So setting up the commincation to this one is the challenge. I tried Lefthand support about what ports need to be forwarded and they sent me a two-page list of the ports it*might* use.
Has someone found an easier way to do this, or better yet if someone has remote copy working over VPN with Lefthand SANs, what did you do?
The host SAN is in an internal network with publically addressable IP. In other words, I think to get from the remote to the host is easy, just put in the IP. The remote SAN is in a rented rack and is the only device behind the router/firewall using non-routable IP. So setting up the commincation to this one is the challenge. I tried Lefthand support about what ports need to be forwarded and they sent me a two-page list of the ports it*might* use.
Has someone found an easier way to do this, or better yet if someone has remote copy working over VPN with Lefthand SANs, what did you do?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
But, in a VPN you wouldn't use the forwarded IP, you'd use the internal IP.
Is this using a VPN?
Is this using a VPN?
ASKER
Yes, it is now using a VPN. I am able to ping the IP of the remote SAN from the internal interface of the local firewall. So I assume this the tunnel is up and passing traffic. Yet the SAN management software can't see the remote SAN. I need to confirm that the gateway settings are correct on the remote SAN, but any other ideas would be appreciated.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I was finally able to get down to the co-loc today and plug right into the switch where the SAN is located. Replication is working and I can see both SANs in the management software. So the problem must have been at the other end and some sort of setting in the tunnel that isn't allowing the management interface to get through. I want to thank everyone for their time and insight though.
ASKER
Closed as per comments.
ASKER
The rule in the GUI looks like this:
Allow (IP of the remote SAN) to (Forwarded IP of the local SAN) for ANY. However my forward is currently set to only allow what I thought was the management port of the SAN. If I set it for all SANs, again I am concerned I might cut myself off from the router.
Having said that, there is no rule now that allow me specific management access. So I'll try it and see.