We help IT Professionals succeed at work.

how does the VPN thingie work in reality?

452 Views
Last Modified: 2012-05-10
So I have received two identical firewalls from HQ (netgear prosafe)

I have set them up and am about to configure a VPN between our two local offices, here are my questions:

1 - When I enable the VPN, does that equal as if i was connecting the two offices to each other with network cable? As in will that office now be getting their DHCP addresses from the other office, have access to network resources, printers etc?

2 - is there anything I need to do in the other office to make the two networks see eachother except for setting up the VPN tunnel?
Comment
Watch Question

This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
SO as I understand it:

1 - As soon as i successfully create the VPN connection, magically the server in office-X will start thinking that it is on the local LAN here in the office-Y, and will start acting accordingly

2 - I will use the firewall to run DHCP at office-X and I will use the domain controller here at office-Y and this is the best way forward?

3 - Does the firewall differentiate between local internet connection and going through the "mother server" back at the office-Y? (as in it will use the local connection at office-x for internet requests instead of trying to go over the VPN, and use our gateway here at office-Y)

Think of it this way:

Office X
192.168.1.x/24
DHCP using Netgear

Office Y
192.168.10.x/24
DHCP using PDC

You'll need to creating some routing on the firewall in order to let office x resources know that they can reach office y resources through the P2P connection. I've typically done this using my core switch act as the default gateway for the specific location. This routing will also let each specific office go out it's own Internet breakout (using a quad-zero ip route), if that's what you want to do.

To answer your questions:

1. They will know about each other once you tell each respective resource how to reach the other.

2. It's my opinion that this is the best method for DHCP.

3. The FW should, based on your routing for each location.

Author

Commented:
Ok, so I got the link up and running.

It is basically working as far as that I can ping the server in the other office, and i successfully connected to one of the network printers from one office to the other (by typing in the local IP and the internal web server showed the status page and what not).

However - I could not connect to the server via "\\server_name\share_name

or at least it timed out.... It did ask me for access password - which was strange since the user that was logged on to the computer i was trying from should have full access rights to the network and the shared folder - so some sort of connection was definitely made.

It might have timed out or something....

however, surely there must be something that I can do to make the routing easier - i thought to myself.

so, look at the included image and tell me, should i not put some routes in there?
For example, my AD-DC is on 192.168.0.2 and is named "server.domain_name.local", should I not put one of those routes  in there?
routing.jpg
Oliver TANGIRILead Network Engineer
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Commented:
For computers at location X be able to obtain their IP from DHCP server located in Y, then you should configure your router in location X to be DHCP relay (RFC 1542). Basically, when the DHCP relay intercept a DHCP request, it transfer this request to DHCP server. The DHCP server should be configured using two scopes, as X and Y network setup.

For SMB access accross VPN, I think you should review firewall rules.
You probably did not configured your router/firewall to accept SMB to go from X to Y, and reverse. Look on each firewall.
For troubleshooting purpose, you could set up rules to allow all :
- from X to Y on router X
- from X to Y on router Y

- from Y to X on router X
- from Y to X on router Y

Author

Commented:
@Tasmat
Where would i set up this SMB access?
I mean ON THE FIREWALL obviously, but what 'setting' am i looking for to enable/disable SMB features across the VPN?

Commented:
You need to review the firewall rules.
SMB use TCP port 445.
But in order to enable access to share, more ports should be open between the source network and the destination network.
We haven't the firewall model, difficult to help you more

Author

Commented:
oh, sorry, it's a NETGEAR ProSafe VPN Firewall FVS336GV2
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
The VPN pass through is enabled by default...

I am running spiceworks on a server here in the other office, and it goes out and uses WMI to read infor from the machines. I have successfully run a scan on the network on 'the other side', so clearly IP is passing through well enough...

Look, maybe I am dumb. Is there anything I can do to test if some feature is blocked or not between the offices?

In the settings for the firewall it kind of feels like there shouldn't really be any more settings, since the mode that I am using is especially created for site-to-site...
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.