Symantec SGS420 help.....

[MitecNZ]

Hi Guys,

i have a site running 6x Symantec SGS420 vpn appliances

1 being the centre, and 5x connecting to it, all running perfect.

question is what settings do i need to make on the central unit, to let the other 5x see the ip address of the other 5x

ie, SGS Home1 192.168.10.1 connected to SGS Office 192.168.55.254
SGS Home2 192.168.11.1 connected to SGS Office 192.168.55.254
SGS Home3 192.168.12.1 connected to SGS Office 192.168.55.254
SGS Home4 192.168.12.1 connected to SGS Office 192.168.55.254
SGS Home5 192.168.56.254 connected to SGS Office 192.168.55.254


i can ping all ways but can not see SGS Home 1 from SGS Home 5

any one able to help with setting i need to do to SGS Office so i can acheive this?

thanks in advance

 

[jimbopalmer]

First the simple, but slower way.

I use RV042s, but my changes actually were out on the spoke, not the hub.

Home1 (and all the other Homes) needs to claim subnet 192.168.0.0 with a mask of 255.255.0.0 is at 24.24.24.24 (IP address of SGS Office)

now when you ping 192.168.12.1, your PC will check to be sure that is not in the local subnet (it isn't) and send the packet to the default gateway (your VPN device)
Your vpn device will check it's list of VPN addresses and find one and send it to 192.168.0.0 at the main office.
When the office gets the packet it sees a VPN of 192.168.12.0 with a subnet of 255.255.255.0 to send it to.
Now the packet gets to Home3 and the device on home3 want to reply The reply address is not in it's local subnet so it looks in its VPN table and finds a VPN of 192.168.0.0 with a subnet of 255.255.0.0
the main office gets this packet and sees a 192.168.10 subnet with a mask of 255.255.255.0 and sends it there, your Home1 device realises that this is a local IP and sends it back to your PC.

So the Linksys, Cisco, Netgear, Netopia gear I have used requires no change at the hub, but a much broader subnet at the spokes then the devices set by default. (all the Cisco gear issues a warning that 255.255.0.0 is not a wise mask for 192.168.0.0 but then allows it)

Faster but often more expensive, if you bought devices that allow multiple VPNs, you can configure point to point VPNs from each home to each home. My Netopia devices only allow a single VPN, so I never tried that.

http://arstechnica.com/civis/viewtopic.php?p=2786375

I tried to remain child-like, all I achieved was childish.

Tsar of all the Rushers

 

[MitecNZ]

Hey ya thanks for that, in the last part of you post,:

Faster but often more expensive, if you bought devices that allow multiple VPNs, you can configure point to point VPNs from each home to each home.

that would work, ach of the SGS420 i have can handle 25 VPN connections each,

i could as you said just make another one from home to home, that way it can talk directly to the network at each end, including the hub

cheers

 

[MitecNZ]

hey ya jimbopalmer

tried making a new vpn connection to Home1 192.168.10.1 to Home5 192.168.56.254

connection comes up, as connected, and logs show connected, all good, but cant ping, no repsonse from Home5 and vise versa

using hub/spoke terminology

Spoke: 192.168.10.1 192.168.11.1 192.168.12.1 192.168.13.1 192.168.56.254

Hub: 192.168.55.254


made another connection direct

spoke 192.168.10.1 to 192.168.56.254

connected but can ping from either site?

any ideas, i read enable RIP?