×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Symantec SGS420 help.....

Symantec SGS420 help.....

Symantec SGS420 help.....

(OP)
Hi Guys,

i have a site running 6x Symantec SGS420 vpn appliances

1 being the centre, and 5x connecting to it, all running perfect.

question is what settings do i need to make on the central unit, to let the other 5x see the ip address of the other 5x

ie, SGS Home1 192.168.10.1 connected to SGS Office 192.168.55.254
SGS Home2 192.168.11.1 connected to SGS Office 192.168.55.254
SGS Home3 192.168.12.1 connected to SGS Office 192.168.55.254
SGS Home4 192.168.12.1 connected to SGS Office 192.168.55.254
SGS Home5 192.168.56.254 connected to SGS Office 192.168.55.254


i can ping all ways but can not see SGS Home 1 from SGS Home 5

any one able to help with setting i need to do to SGS Office so i can acheive this?

thanks in advance

RE: Symantec SGS420 help.....

First the simple, but slower way.

I use RV042s, but my changes actually were out on the spoke, not the hub.

Home1 (and all the other Homes) needs to claim subnet 192.168.0.0 with a mask of 255.255.0.0 is at 24.24.24.24 (IP address of SGS Office)

now when you ping 192.168.12.1, your PC will check to be sure that is not in the local subnet (it isn't) and send the packet to the default gateway (your VPN device)
Your vpn device will check it's list of VPN addresses and find one and send it to 192.168.0.0 at the main office.
When the office gets the packet it sees a VPN of 192.168.12.0 with a subnet of 255.255.255.0 to send it to.
Now the packet gets to Home3 and the device on home3 want to reply The reply address is not in it's local subnet so it looks in its VPN table and finds a VPN of 192.168.0.0 with a subnet of 255.255.0.0
the main office gets this packet and sees a 192.168.10 subnet with a mask of 255.255.255.0 and sends it there, your Home1 device realises that this is a local IP and sends it back to your PC.

So the Linksys, Cisco, Netgear, Netopia gear I have used requires no change at the hub, but a much broader subnet at the spokes then the devices set by default. (all the Cisco gear issues a warning that 255.255.0.0 is not a wise mask for 192.168.0.0 but then allows it)

Faster but often more expensive, if you bought devices that allow multiple VPNs, you can configure point to point VPNs from each home to each home. My Netopia devices only allow a single VPN, so I never tried that.

http://arstechnica.com/civis/viewtopic.php?p=27863...

I tried to remain child-like, all I achieved was childish.

Tsar of all the Rushers

RE: Symantec SGS420 help.....

(OP)
Hey ya thanks for that, in the last part of you post,:

Faster but often more expensive, if you bought devices that allow multiple VPNs, you can configure point to point VPNs from each home to each home.

that would work, ach of the SGS420 i have can handle 25 VPN connections each,

i could as you said just make another one from home to home, that way it can talk directly to the network at each end, including the hub

cheers

RE: Symantec SGS420 help.....

(OP)
hey ya jimbopalmer

tried making a new vpn connection to Home1 192.168.10.1 to Home5 192.168.56.254

connection comes up, as connected, and logs show connected, all good, but cant ping, no repsonse from Home5 and vise versa

using hub/spoke terminology

Spoke: 192.168.10.1 192.168.11.1 192.168.12.1 192.168.13.1 192.168.56.254

Hub: 192.168.55.254


made another connection direct

spoke 192.168.10.1 to 192.168.56.254

connected but can ping from either site?

any ideas, i read enable RIP?

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close