Announcement

Collapse
No announcement yet.

Neworking Issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Neworking Issue

    I have a huge network issue that I need to resolve by tomorrow so any help/ideas will be appreciated.

    Here is the network setup:

    Main Site:
    Juniper Netscreen 204 Firewall with 4 Ports.
    eth1 = 192.168.8.1/24
    eth2 = 192.168.9.1/24
    eth3 = WAN IP

    eth1 and eth2 both are connected to a L3 Manged switch with an IP of 192.168.8.76 (Currently there are no VLAN's setup on the switch)

    Remote Site:
    Juniper SSG5:
    bgroup0/eth0/0 = WAN IP
    bgroup2/eth0/2 = 10.5.24.1/24

    - There are multiple VPN's going to eth1 Network and they work ok no issues there.
    - I am trying to setup another VPN to 192.168.9.1/24 network.
    - VPN connects fine from the remote site, however I can not ping any hosts by IP or host name on the 192.168.9.1/24 network from the remote site.

    Here is what I think: I need to create VLAN's on the switch and separate both 192.168.8.x/24 and 192.168.9.x/24 networks or use two switches.

    Any ideas, suggestions will be greatly appreciated. Thank you.

  • #2
    Re: Neworking Issue

    Originally posted by usits View Post
    I am trying to setup another VPN to 192.168.9.1/24 network.
    - VPN connects fine from the remote site, however I can not ping any hosts by IP or host name on the 192.168.9.1/24 network from the remote site.

    Here is what I think: I need to create VLAN's on the switch and separate both 192.168.8.x/24 and 192.168.9.x/24 networks or use two switches.

    Any ideas, suggestions will be greatly appreciated. Thank you.
    You can ping the 192.168.8.0/24 subnet when connected with vpn?
    What's the IP address of the vpn clients?
    How did you setup routing for the vpn clients?

    In the setup you've choosen then i should creating 2 vlans on the switch.
    Setup routing on the switch to route between the 192.168.8.0/24 and the 192.168.9.0/24 subnets.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Neworking Issue

      Is the 192.168.9.0/24 network new? It is able to function and data to and from it (not counting the vpn) is being routed fine?
      Originally posted by usits View Post
      Main Site:
      Juniper Netscreen 204 Firewall with 4 Ports.
      Probably not worth mentioning and I've not used Juniper routers but if you are having trouble on a Sunday night .... are the firewall ports open? (On the eth2 interface?)
      I don't know anything about (you or your) computers.
      Research/test for yourself when listening to free advice.

      Comment


      • #4
        Re: Neworking Issue

        - You can ping the 192.168.8.0/24 subnet when connected with vpn? No I can't
        What's the IP address of the vpn clients? 10.5.25.x/24
        How did you setup routing for the vpn clients? Same exact way as I would setup for clients that are connected to 192.168.8.0/24 subnet. A bit detail about it.
        192.168.9.0/24 = There is a tunnel, #44 that is going to the "eth3" interface which is the WAN interface.
        Then I have a route going to 10.5.25.0/24 via "tunnel.44" and on the remote site I have a "tunnel.1" and the route is going to 192.168.9.0/24 via "tunnel.1".


        In the setup you've choosen then i should creating 2 vlans on the switch.
        Setup routing on the switch to route between the 192.168.8.0/24 and the 192.168.9.0/24 subnets.

        That is what I was thinking about doing, but the problem is that my boss purchased a Netgear switch and I have no experience creating VLAN's on it. Any of you guys have experience with Netgear switches creating VPN's? It is in production too so I have to be very careful about what I do on that switch. I think I was able to create a VLAN but couldn't figure out the routing on the switch.

        Thanks guys for your help.

        About ports on the firewall, yes all the required policies are created for the ports.

        Comment


        • #5
          Re: Neworking Issue

          From a quick read of your post, it looks like you need to create the VLANs as suggested.

          Could you tell us what model switch you're using? You can always check out Juniper's website for manuals.

          When I had to configure some VLANs on a production Dell switch, which I hadn't done before, I tested everything on a block of unused ports and then, when it was working smoothly, I then configured all the ports accordingly. Your situation may be different. Also, if the switch has an http interface, you may want to use that initially as it might be more intuitive.
          Regards,
          Jeremy

          Network Consultant/Engineer
          Baltimore - Washington area and beyond
          www.gma-cpa.com

          Comment

          Working...
          X