Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

VPN Question

Posted on 2013-11-17
7
Medium Priority
?
237 Views
Last Modified: 2013-11-28
Hi all experts,

Need to advise, please refer to the attached.

currently i have 5 branches connected to our main HQ through Policy based Site to Site VPN.

Please teach me how to enable Site A users to access resource to Site D, without having the need to create another Site to Site VPN for Site A and Site D. I believe the traffic will somehow needed to direct to Singapore and forwarded to Site D?

Please advise
Book1.xlsx
0
Comment
Question by:YeoBoonWah
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 39655660
if all sites already have VPN connection to the HQ site, then what you need to do against the requirement is just to enable routing between subnet 1.1.1.1 to 4.4.4.4.

this can be done by either adding one routing item if not existing, or allowing related fire rules if the routing between the subnets is already enabled.
0
 

Author Comment

by:YeoBoonWah
ID: 39655675
Hi bbao,

sorry, as i am very new and learning to this. Please bear with me. When you say enable routing, i presume you are talking about static route?

But for the IP address / Gateway address, what IP should i input?

I am seeing on the Routing Entries > Configuration.

IP address: Should i put 1.1.1.1 and the Gateway i should put the Gateway Public IP of 4.4.4.4?

Best Regards
0
 
LVL 37

Accepted Solution

by:
bbao earned 1500 total points
ID: 39656193
> i presume you are talking about static route?

yes.

> But for the IP address / Gateway address, what IP should i input?

it really depends on the configuration details at your Singapore HQ site, you haven't disclosed the required info from your given diagram.

basically, assume the HQ facing internal router at Site A is 1.1.1.1, then the Site A facing internal HQ router should have an IP address in the subnet such as 1.1.1.2. similarly, four more IPs are there on the same router if the router does have direct or VPN connections to site B, C, D and the HQ site.

in this scenario, if Site A's default gateway is 1.1.1.2 and Site B's default gateway is something like 4.4.4.5, and the HQ router has no firewall rules to restrict its default routing, all hosts at Site A should be able by default to access the host at Site D. if they can't, as summarised earlier you should check the following things:

1. default gateway of Site A
2. routing table of HQ router
3. default gateway of Site B
4. firewall rules of HQ router

BTW, it is a bit interesting and unusual to use Excel to draw a technical diagram. :=)
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 

Author Comment

by:YeoBoonWah
ID: 39658160
hi bbao,

thanks. attached is the configuration of our Main HQ/and 2 other sites, for your better advise.

KL: 192.168.5.0
JB: 192.168.4.0
Main: 203.116.90.0
HQ-cfg.txt
KL-cfg.txt
JB-cfg.txt
0
 

Author Comment

by:YeoBoonWah
ID: 39668197
upz for advice.
0
 
LVL 37

Expert Comment

by:bbao
ID: 39669571
i know you modified the configuration to mask original IP addresses for security consideration, but are you sure you have correctly matched the IPs in pairs?

probably because i am not that familiar with Juniper command lines, i got confused on the IP addresses in the given configuration files. the addresses seem not logically paired or matched.

for example, the default gateway of KL is 1.1.1.245 and for JB it is 4.4.4.41, and the IPs should be configured on corresponding ethernet interfaces at HQ's router. but the IPs are actually appeared in HQ's VPN settings... 1.1.1.245 and 4.4.4.41 should be public IP addresses in order to reach HQ's public IP across the internet, not IPs for VPN.

the HQ router has two physical interfaces, 5.5.5.98/28 and 203.116.90.1/24. i guess the latter one is for external IP as it is an IP of Singapore, and 5.5.5.98 is for internal LAN. BTW, i would guess you missed masking this real IP... :-))

the default gateway of HQ is 5.5.5.97. not sure the fake IP is for public or internal, too.

so basically, the confused IPs can't let me understand your correct settings, therefore no suggestions could be provided. sorry.
0
 
LVL 37

Expert Comment

by:bbao
ID: 39684644
B? you got the configurations verified?
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question