Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2008
Views
0
Helpful
4
Replies

SA520W Site-to-Site VPN with multiple vlan

Go to solution
tboettge
Level 1
Level 1

‎01-12-2011 03:33 PM

Hi,

I have a customer here with multiple VLANs in his locations who wants to setup a Site-to-site VPN between 2 SA520W Devices. Unfortunately I don't find a way how to configure it. In the VPN Policy I can choose between Any (which is not what I want, I only want traffict between the local subnets routed through the VPN), Single IP-Address, a Range (within a subnet) and an subnet itself - but only one. I don't find a way to configure multiple subnets in the local and remote traffic selection. Adding another IKE Policies between the 2 sites doesn't work either (which is correct normally).

Any Ideas ? Anything I'm doing wrong ?

Thank's for your help.

Best regards,


Thomas

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to tboettge

‎01-14-2011 05:32 AM

I know that if you have an ASA or a router you can define as many VLANs to pass through the tunnel.

Don't have access to a SA520W to test it....

One recommendation could be to post the question on the SMB community where they answer all questions related to this product, just to check what other people have done.

Federico.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎01-13-2011 07:06 AM

Hi,

To be honest I'm not that familiar with the SA520 to see if it allows to configure more than one subnet.

But if it does not you can do the following:

NAT the other subnets (not directly connected) to the connected subnet to pass it thru the tunnel.

Summarization/aggregation/supernetting where you combine in a single network/mask all subnets you want to communicate.

Obviously this depends on your scenario.


Federico.

0 Helpful

Go to solution
tboettge
Level 1
Level 1
In response to Federico Coto Fajardo

‎01-13-2011 02:56 PM

Hi Federico,

yes, I agree, NAT would be an option...but to be honest, that is not a proper solution in my eyes. Thank you for your answer, I really appreciate !

If that's really the case, that this box (I did not recommend it, they asked me to configure it and it's my first one) has these limitations with VPN, this box is useless. I would than prefer selling a real firewall (like ASA or competitor).

If anyone else has an idea, I would really appreciate (Software 1.1.65 on the box).

Best regards,

Thomas

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to tboettge

‎01-14-2011 05:32 AM

I know that if you have an ASA or a router you can define as many VLANs to pass through the tunnel.

Don't have access to a SA520W to test it....

One recommendation could be to post the question on the SMB community where they answer all questions related to this product, just to check what other people have done.

Federico.

0 Helpful

Go to solution
tboettge
Level 1
Level 1
In response to Federico Coto Fajardo

‎01-15-2011 01:35 PM

Hi Federico,

I found the solution. I thought I'd already tried this...probably there was a typo I did not recognize...

For those we have the same issue:

- first generate the IKE Policy

- second generate a VPN Policy for every host/subnet/range you want to send traffic through the tunnel and map it ot above IKE Policy.

It's some configuration work but it's quite easy (once you know...).

Thank you !

Best regards,


Thomas

0 Helpful
Customers Also Viewed These Support Documents