Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1309
Views
0
Helpful
2
Replies

SA540 - VPN Configuration

Ross Thomas
Level 1
Level 1

‎05-22-2012 11:31 AM

Hello, All.

Looking for some routing assistance with an SA540 router connecting to corporate VPN.

We have an odd configuration that is beyond the scope of what I have configured previously with these devices so I'm looking for some advice.

Please see the attached image to understand the configuration of the network:

I am trying to configure the routing to the additional IP addresses listed for the HQ.  The VPN tunnel between the .26.120.x and the .17.0.0 networks is built however it does not appear to be routing.  The Cisco administrator at the HQ site says that they have "fully configured the routing" from all the listed IP addresses back through the VPN tunnel.

The options I am unsure of for configuration of the SA540 router are:

GW - I believe that I use the internal IP address of the 17.26.120.x router

     - Is this logical since the VPN tunnel

Private - what is this? - the description indicates its for RIP but we are not using that in our environment

We are using NAT for the firewall internally.

The existing 3 172.26.x.x VPN tunnels are live and working and fully routing between themselves.

Any suggestions would be appreciated!

Labels:
Preview file
25 KB
0 Helpful
2 Replies 2

cheesecake490
Level 1
Level 1

‎05-31-2012 01:39 PM

Hiyah Ross,

I am no expert but I took a look at your network diagram. I feel that your topology is working for your three existing connections at your branch office because they are all fitting into the 17.26.X.X subnet. If you want to be able to interconnect your VPN connections in the manner that you are currently suggesting you would then need to either convert your branch office to the 17.17.X.X subnet or convert your HQ subnetting scheme to 17.26.X.X. Test it out and let me know. I think this should work but if not I'll be happy to offer more suggestions

Cheers,

^.^

0 Helpful

jhotles
Level 1
Level 1
In response to cheesecake490

‎01-11-2013 07:23 AM

Unfortunately your answer is inaccurate. Because he is using /24's everywhere, he has different subnets all throughout his facility therefore to the device they are all independant.

With respect to the GATEWAY address the question is, what is your gateway outside. If you're using the device as the router to the outside World, then the next hop would be the ISP's first Router, otherwise it would be the default router internal facing interface and the Subnet configured on it.

Private means "LAN" -

Public means "WAN" -

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents