YeoBoonWah
asked on
VPN Question
Hi all experts,
Need to advise, please refer to the attached.
currently i have 5 branches connected to our main HQ through Policy based Site to Site VPN.
Please teach me how to enable Site A users to access resource to Site D, without having the need to create another Site to Site VPN for Site A and Site D. I believe the traffic will somehow needed to direct to Singapore and forwarded to Site D?
Please advise
Book1.xlsx
Need to advise, please refer to the attached.
currently i have 5 branches connected to our main HQ through Policy based Site to Site VPN.
Please teach me how to enable Site A users to access resource to Site D, without having the need to create another Site to Site VPN for Site A and Site D. I believe the traffic will somehow needed to direct to Singapore and forwarded to Site D?
Please advise
Book1.xlsx
ASKER
Hi bbao,
sorry, as i am very new and learning to this. Please bear with me. When you say enable routing, i presume you are talking about static route?
But for the IP address / Gateway address, what IP should i input?
I am seeing on the Routing Entries > Configuration.
IP address: Should i put 1.1.1.1 and the Gateway i should put the Gateway Public IP of 4.4.4.4?
Best Regards
sorry, as i am very new and learning to this. Please bear with me. When you say enable routing, i presume you are talking about static route?
But for the IP address / Gateway address, what IP should i input?
I am seeing on the Routing Entries > Configuration.
IP address: Should i put 1.1.1.1 and the Gateway i should put the Gateway Public IP of 4.4.4.4?
Best Regards
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
hi bbao,
thanks. attached is the configuration of our Main HQ/and 2 other sites, for your better advise.
KL: 192.168.5.0
JB: 192.168.4.0
Main: 203.116.90.0
HQ-cfg.txt
KL-cfg.txt
JB-cfg.txt
thanks. attached is the configuration of our Main HQ/and 2 other sites, for your better advise.
KL: 192.168.5.0
JB: 192.168.4.0
Main: 203.116.90.0
HQ-cfg.txt
KL-cfg.txt
JB-cfg.txt
ASKER
upz for advice.
i know you modified the configuration to mask original IP addresses for security consideration, but are you sure you have correctly matched the IPs in pairs?
probably because i am not that familiar with Juniper command lines, i got confused on the IP addresses in the given configuration files. the addresses seem not logically paired or matched.
for example, the default gateway of KL is 1.1.1.245 and for JB it is 4.4.4.41, and the IPs should be configured on corresponding ethernet interfaces at HQ's router. but the IPs are actually appeared in HQ's VPN settings... 1.1.1.245 and 4.4.4.41 should be public IP addresses in order to reach HQ's public IP across the internet, not IPs for VPN.
the HQ router has two physical interfaces, 5.5.5.98/28 and 203.116.90.1/24. i guess the latter one is for external IP as it is an IP of Singapore, and 5.5.5.98 is for internal LAN. BTW, i would guess you missed masking this real IP... :-))
the default gateway of HQ is 5.5.5.97. not sure the fake IP is for public or internal, too.
so basically, the confused IPs can't let me understand your correct settings, therefore no suggestions could be provided. sorry.
probably because i am not that familiar with Juniper command lines, i got confused on the IP addresses in the given configuration files. the addresses seem not logically paired or matched.
for example, the default gateway of KL is 1.1.1.245 and for JB it is 4.4.4.41, and the IPs should be configured on corresponding ethernet interfaces at HQ's router. but the IPs are actually appeared in HQ's VPN settings... 1.1.1.245 and 4.4.4.41 should be public IP addresses in order to reach HQ's public IP across the internet, not IPs for VPN.
the HQ router has two physical interfaces, 5.5.5.98/28 and 203.116.90.1/24. i guess the latter one is for external IP as it is an IP of Singapore, and 5.5.5.98 is for internal LAN. BTW, i would guess you missed masking this real IP... :-))
the default gateway of HQ is 5.5.5.97. not sure the fake IP is for public or internal, too.
so basically, the confused IPs can't let me understand your correct settings, therefore no suggestions could be provided. sorry.
B? you got the configurations verified?
this can be done by either adding one routing item if not existing, or allowing related fire rules if the routing between the subnets is already enabled.