Solved

How i can access the remote network behind a VPN connection between 2 endpoints?

Posted on 2008-10-03
6
1,170 Views
Last Modified: 2013-11-16
I have already setted up and running a VPN connection between my office and the remote location.

In my end i have a Watchguard Firebox x1250e and in the other end i have a Zyxel P653HWI-13 modem/router.

The Zyxel has 6 more VPN connections to other remote locations.

What i must do in order to gain access to the other 6 VPN connections? I mean, how i will be able to ping their IPs? Is this possible?

In my local trusted network i have the following:
192.168.2.0/24     255.255.255.0

The Zyxel has:
192.168.0.0/24   255.255.255.0

The other VPN endpoints tha are connected to the Zyxel are:
192.168.11.0/24    255.255.255.0
192.168.12.0/24    255.255.255.0
and so on....


Thanks in advance,
Stathis
0
Comment
Question by:PredatorGR
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22635312
You need to add multiple routing policy and specify the local and remote subnet on WG as below:

Local                     Remote
192.168.2.0/24      192.168.11.0/24
192.168.2.0/24      192.168.12.0/24
and so on

You would use the same gateway; it is advisable to use different tunnel for each routing policy; however; not enforced strictly. You should also allow access for all the subnets in the ANY or the specific service you have already configured for the VPN.

On Sonicwall; you would need to add mutliple local and remote subnet in the same manner as above and also allow in the policy.

Please implement and update.

Thank you.
0
 

Author Comment

by:PredatorGR
ID: 22636244
dpk wal thanks for your comment, i user WSM 10.2.2 and Fireware 10.2.2, where exactly do i have to enter the routes in Policy Manager?

Please note that the other end uses a Zyxel router, not a Sonicwall.
0
 

Author Comment

by:PredatorGR
ID: 22636273
Also, which gateway i should prefer?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 32

Expert Comment

by:dpk_wal
ID: 22636438
In Policy Manager; go to VPN->Branch Office Tunnels; click Add; from gateway drop-down select the gateway you have added for Zyxel; here you specify the local and remote subnets; as I said earlier in a single tunnel you can add multiple local/remote subnets or you can add one tunnel each for every local/remote subnets.

As you have ver 10.x the policies can be added using the wizard. For Zyxel also you need to add local/remote subnet pair.

Thank you.
0
 

Author Comment

by:PredatorGR
ID: 22636640
Thanks for the info, i've done all this but i get the following error when i try to ping an IP behind the router.

2008-10-03 21:29:05 Deny 192.168.2.2 192.168.11.112 icmp-Echo   1-Trusted Ktest/IPsec  SA deleted or negotiation failed, firewall drop    (Ping-00)  rc="201"       Traffic
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 22639703
Let me back track a bit; so the setup is as below:


Firebox------------VPN-------------Zyxel-------VPN----dev1
                                                    |         |
                                                    |         |
                                                  VPN     VPN
                                                    |         |
                                                    |         |
                                                 dev2    dev3
and so on...

if above is the setup; then what I adviced earlier would not work; I was thinking that Zyxel has multiple subnet; but reading the question again carefull I think above is the setup.

If so, then Zyxel acts as central hub and every other device communicates to each other through Zyxel. There are two ways in which you wish can be accomplished:
1. Create VPN between the individual devices, rather than through zyxel.
2. If you wish to have zyxel act as central device [called VPN crunchiing as well], have configuration as below:
Firebox -- all the settings currently are adequate
Zyxel, it would have entries like
VPN gateway firebox; local subnet 192.168.0.0/24;.11.0/24, .12.0/24, so on; remote 192.168.2.0/24
And also reverse; for each device as:
VPN gateway dev1; local 192.168.0.0/24, .2.0/24; remote 192.168.11.0/24
VPN gateway dev2; local 192.168.0.0/24, .2.0/24; remote 192.168.12.0/24
and so on
Finally on each device, you would have settings as:
VPN gateway Zyxel; local 192.168.11.0/24, remote 192.168.0.0/24, .2.0/24

I am not sure if Zyxel or other devices would support this configuration; you might want to consider implementing option 1 instead.

Thank you.
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question