Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Juniper routing through VPN tunnel

Posted on 2011-09-27
3
435 Views
Last Modified: 2012-05-12
Hi!
I got 3 different WAN locations that need to speak to each other. Now they are connected through one IPSEC VPN and one IP-VPN (delivered by the ISP).   Location A and B, and B and C can talk to each other, but how can I route traffic so that also location A can communicate with location C?
I tried to add different routes on the location A firewall. But no matter what I do I can’t get the traffic through the IPSEC tunnel and forward to location C.
How can I solve this?
   VPN
0
Comment
Question by:elit2007
  • 2
3 Comments
 
LVL 18

Accepted Solution

by:
Sanga Collins earned 500 total points
ID: 36709397
i have a hub - spoke VPN setup like this. At the spokes in order to route through the hub to another spoke i needed routes such as the following. Notice the route statement that have to go more than one hop have a destination IP of 0.0.0.0/0 as long as the ns5gt has policies to allow traffic, the routes will work

Site A
192.168.100.0/24 --> tunnel.1 dest-ip=192.168.100.1
192.168.120.0/24 --> tunnel.1 dest-ip=0.0.0.0      

Site B
192.168.150.0/24 --> tunnel.1 dest-ip =192.168.150.1
192.168.120.0/24 --> SiteC interface. dest-ip = 192.168.120.1

Site C
192.168.150.0/24 --> SiteB interface, dest-ip = 0.0.0.0
192.168.100.0/24 --> SiteB interface, dest-ip = 192.168.100.1
0
 
LVL 1

Author Comment

by:elit2007
ID: 36709453
In the meanwhile I have also figured out that the problem is the missing route on Site C.
Today nothing tells where 192.168.150.0 is located I the site C router.
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 36710325
Since site C may not be a juniper, you may have to point the route to the same gateway as Site B. Te ne5gt upon recieving the traffic will find the route to site A in its route table and send it to the correct place.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Watchguard Firewall Setup 3 93
Mobile VPN IPSEC Watchguard UTM for IOS Devices 4 106
Tagging ports on a managed switch 6 61
Monitor Bandwidth throughput in Fortigate 100D 1 35
I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question