Configuration Problem.....
I have 4 VPN300's, all 4 are working and forwarding packets between the 4 offices fine. I've set these offices up in a mesh since I only have 4 nodes and the bandwidth at the home office would not be able to support all the traffic passing through.
At each office, I have dialup users coming in using LDAP authentication, the connections are working well. However, unlike the LAN hosts, dialup users can not access any office other than their local. I have set up policy rules that take a remoteuser ip "10.0.100.1", looks at its destination, and then forwards it via a VPN tunnel to the appropriate office(the same one the LAN uses). The packets never make it there. Unlike a local computer in the same LAN which can route packtes to any of the other 3 offices.
I'm looking for an example of remote users accessing multiple offices configured in a mesh topology.
Thank you for your time.
At each office, I have dialup users coming in using LDAP authentication, the connections are working well. However, unlike the LAN hosts, dialup users can not access any office other than their local. I have set up policy rules that take a remoteuser ip "10.0.100.1", looks at its destination, and then forwards it via a VPN tunnel to the appropriate office(the same one the LAN uses). The packets never make it there. Unlike a local computer in the same LAN which can route packtes to any of the other 3 offices.
I'm looking for an example of remote users accessing multiple offices configured in a mesh topology.
Thank you for your time.
0
All Replies
-
0 -
I know I'm missing something really obvious.Rule #4 was a "test" rule to send traffic (192.168.4.x) to the Chesterfield VPN tunnel. I know the tunnel is working as I can ping Chesterfield from any physical host in the LAN.0
-
Hi @Froydor
I guess your scenario should be like this one: Forward VPN client traffic to branch site
There is no "reply" rules in your policy route.
You can try to follow this FAQ and add the rules on your devices and check if client is able receive reply packets after built VPN tunnel.
Note: please also make sure client IP address, and each site IP subnet without any IP overlap.
0
Categories
- All Categories
- 184 Beta Program
- 1.7K Nebula
- 89 Nebula Ideas
- 63 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 51 Switch Ideas
- 915 WirelessLAN
- 27 WLAN Ideas
- 5.4K Consumer Product
- 174 Service & License
- 295 News and Release
- 65 Security Advisories
- 14 Education Center
- 983 FAQ
- 426 Nebula FAQ
- 255 Security FAQ
- 100 Switch FAQ
- 115 WirelessLAN FAQ
- 21 Consumer Product FAQ
- 66 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 68 About Community
- 52 Security Highlight