PredatorGR
asked on
How i can access the remote network behind a VPN connection between 2 endpoints?
I have already setted up and running a VPN connection between my office and the remote location.
In my end i have a Watchguard Firebox x1250e and in the other end i have a Zyxel P653HWI-13 modem/router.
The Zyxel has 6 more VPN connections to other remote locations.
What i must do in order to gain access to the other 6 VPN connections? I mean, how i will be able to ping their IPs? Is this possible?
In my local trusted network i have the following:
192.168.2.0/24 255.255.255.0
The Zyxel has:
192.168.0.0/24 255.255.255.0
The other VPN endpoints tha are connected to the Zyxel are:
192.168.11.0/24 255.255.255.0
192.168.12.0/24 255.255.255.0
and so on....
Thanks in advance,
Stathis
In my end i have a Watchguard Firebox x1250e and in the other end i have a Zyxel P653HWI-13 modem/router.
The Zyxel has 6 more VPN connections to other remote locations.
What i must do in order to gain access to the other 6 VPN connections? I mean, how i will be able to ping their IPs? Is this possible?
In my local trusted network i have the following:
192.168.2.0/24 255.255.255.0
The Zyxel has:
192.168.0.0/24 255.255.255.0
The other VPN endpoints tha are connected to the Zyxel are:
192.168.11.0/24 255.255.255.0
192.168.12.0/24 255.255.255.0
and so on....
Thanks in advance,
Stathis
ASKER
dpk wal thanks for your comment, i user WSM 10.2.2 and Fireware 10.2.2, where exactly do i have to enter the routes in Policy Manager?
Please note that the other end uses a Zyxel router, not a Sonicwall.
Please note that the other end uses a Zyxel router, not a Sonicwall.
ASKER
Also, which gateway i should prefer?
In Policy Manager; go to VPN->Branch Office Tunnels; click Add; from gateway drop-down select the gateway you have added for Zyxel; here you specify the local and remote subnets; as I said earlier in a single tunnel you can add multiple local/remote subnets or you can add one tunnel each for every local/remote subnets.
As you have ver 10.x the policies can be added using the wizard. For Zyxel also you need to add local/remote subnet pair.
Thank you.
As you have ver 10.x the policies can be added using the wizard. For Zyxel also you need to add local/remote subnet pair.
Thank you.
ASKER
Thanks for the info, i've done all this but i get the following error when i try to ping an IP behind the router.
2008-10-03 21:29:05 Deny 192.168.2.2 192.168.11.112 icmp-Echo 1-Trusted Ktest/IPsec SA deleted or negotiation failed, firewall drop (Ping-00) rc="201" Traffic
2008-10-03 21:29:05 Deny 192.168.2.2 192.168.11.112 icmp-Echo 1-Trusted Ktest/IPsec SA deleted or negotiation failed, firewall drop (Ping-00) rc="201" Traffic
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Local Remote
192.168.2.0/24 192.168.11.0/24
192.168.2.0/24 192.168.12.0/24
and so on
You would use the same gateway; it is advisable to use different tunnel for each routing policy; however; not enforced strictly. You should also allow access for all the subnets in the ANY or the specific service you have already configured for the VPN.
On Sonicwall; you would need to add mutliple local and remote subnet in the same manner as above and also allow in the policy.
Please implement and update.
Thank you.