Link to home
Start Free TrialLog in
Avatar of PredatorGR
PredatorGR

asked on

How i can access the remote network behind a VPN connection between 2 endpoints?

I have already setted up and running a VPN connection between my office and the remote location.

In my end i have a Watchguard Firebox x1250e and in the other end i have a Zyxel P653HWI-13 modem/router.

The Zyxel has 6 more VPN connections to other remote locations.

What i must do in order to gain access to the other 6 VPN connections? I mean, how i will be able to ping their IPs? Is this possible?

In my local trusted network i have the following:
192.168.2.0/24     255.255.255.0

The Zyxel has:
192.168.0.0/24   255.255.255.0

The other VPN endpoints tha are connected to the Zyxel are:
192.168.11.0/24    255.255.255.0
192.168.12.0/24    255.255.255.0
and so on....


Thanks in advance,
Stathis
Avatar of dpk_wal
dpk_wal
Flag of India image

You need to add multiple routing policy and specify the local and remote subnet on WG as below:

Local                     Remote
192.168.2.0/24      192.168.11.0/24
192.168.2.0/24      192.168.12.0/24
and so on

You would use the same gateway; it is advisable to use different tunnel for each routing policy; however; not enforced strictly. You should also allow access for all the subnets in the ANY or the specific service you have already configured for the VPN.

On Sonicwall; you would need to add mutliple local and remote subnet in the same manner as above and also allow in the policy.

Please implement and update.

Thank you.
Avatar of PredatorGR
PredatorGR

ASKER

dpk wal thanks for your comment, i user WSM 10.2.2 and Fireware 10.2.2, where exactly do i have to enter the routes in Policy Manager?

Please note that the other end uses a Zyxel router, not a Sonicwall.
Also, which gateway i should prefer?
In Policy Manager; go to VPN->Branch Office Tunnels; click Add; from gateway drop-down select the gateway you have added for Zyxel; here you specify the local and remote subnets; as I said earlier in a single tunnel you can add multiple local/remote subnets or you can add one tunnel each for every local/remote subnets.

As you have ver 10.x the policies can be added using the wizard. For Zyxel also you need to add local/remote subnet pair.

Thank you.
Thanks for the info, i've done all this but i get the following error when i try to ping an IP behind the router.

2008-10-03 21:29:05 Deny 192.168.2.2 192.168.11.112 icmp-Echo   1-Trusted Ktest/IPsec  SA deleted or negotiation failed, firewall drop    (Ping-00)  rc="201"       Traffic
ASKER CERTIFIED SOLUTION
Avatar of dpk_wal
dpk_wal
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial