Solved

Site to site VPN over 3 sites

Posted on 2014-04-05
8
1,269 Views
Last Modified: 2014-04-05
I have a VPN setup with 3 Sites. 1 Main Office has a static IP and 2 satellite offices have Dynamic IP addresses.

All sites are using a sonicwall TZ190 Router.

MAIN Office can PING site 2 and 3
Site 2 can PING site 1
Site 3 can PING site 1

Are there any setting on the router I'm not aware of that would allow site 2 and 3 to ping each other through the main office router VPN setup?
0
Comment
Question by:Computers4me
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
8 Comments
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 39980643
I think you mean that you have a VPN device at each of 3 sites and that you have 2 VPNs.  One for each remote site to the main site.
So, if I'm right, then you may want to consider setting up a 3rd VPN between the two remote sites.  After all, they all have the necessary devices and setting up another VPN (i.e. "tunnel") isn't much to do now that you've already done it a couple of times.
That should take care of it.

But you did say that you want to go through the main site.  I wouldn't recommend it under the circumstances that you have complete control over the other VPNs.  But, just for completeness, I'll mention this:
In some cases I have 3rd party VPN devices that are NOT under my control - let's just say at a main site.  And, I might want to communicate to the far end of its tunnel from a remote site.  In that case one would need to go through the main site.
So it would be:
Remote site <> VPN1 <> Main Site <> {VPN2} <> 3rd party site.

I've shown VPN2 in brackets because I have no control over it.
In this case what I'd want to do is launch a packet from the Remote site, have it arrive at the Main site and be forwarded to the 3rd party site and to get responding packets back at the Remote site via the Main site.

In the cases that I've tried this, it didn't work.  I have heard explanations of why it cannot work and I have heard explanations of how it can be made to work.  In the end I abandoned the quest and still don't know if it can work.  I do know that the devices I had been using would not do it.

So, I'm naturally a little leery of "going through the Main site"......
It's harder to do if it's possible.
0
 

Author Comment

by:Computers4me
ID: 39980676
What I have set up now is a HUB and Spoke topology and would like to setup more of a mesh topology
0
 

Author Comment

by:Computers4me
ID: 39980677
The 2 sites I would create a 3rd VPN for are both Dynamic External addresses. I understand if I had static addresses at all 3 locations I would be fine.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:Computers4me
ID: 39980682
I would then have to setup either site 2 or 3 router with a DDNS name and setup a 3rd VPN using the DNS Name rather then IP address. ( Sonicwall tz190 supports DDNS VPN)
0
 

Author Comment

by:Computers4me
ID: 39980707
I tried just that. I created a DDNS for one of the  dynamic sites and created an aggressive mode vpn tunnel from site 2 to site 3 and it works. It's an IT miracle. LOL
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 39980727
Yes, the dynamic IPs with DDNS should work fine.
So, the 3rd VPN should be easy enough to do..... right?

I don't know how to quite differentiate between hub and mesh (I understand the words and their implication) when the real objective is to *connect*.    But it sounds like you're on the right track by suggesting a mesh.  I would rather think that a true mesh would be where one could connect between nodes going in a variety of directions / hops.  Here there would be no hops through interim nodes - just dedicated tunnels between (all) nodes.
0
 
LVL 11

Accepted Solution

by:
Miftaul earned 500 total points
ID: 39980770
in SonicWALL SiteToSite VPN, we defile a "Local subnet" and a "Remote Subnet" in the "Network" Tab.

On the Spoke1 routers, create an "Address Group" which includes both "Main Office" Subnet and  other spoke2 network subnet. Then in the SiteToSite VPN "Network Tab", specify this address group as the destination network in the "Network" Tab.

Do this on the spoke2 as well. Now Spoke1 and Spoke2 should be able to communicate with each other over the Main Office VPN.

The other way of accomplishing this is to create Tunnel interface and running some sort of routing protocol.

We can also create another tunnel between Spoke1 and Spoke2.
0
 

Author Closing Comment

by:Computers4me
ID: 39980815
I tried your suggestion of creating the group and adding both other networks and works great. This way I don't need to utilize a DDNS name. Thank you all for your help.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question