Go Back   NETGEAR Forums > Enterprise/Business Products > Firewall / VPN Devices > VPN Routers

Reply
 
Thread Tools Display Modes
  #1  
Old September 28th, 2011, 09:25 PM
AlainDanger AlainDanger is offline
Junior Member
NETGEAR Newbie
 
Join Date: Sep 2011
Posts: 6
AlainDanger is on a distinguished road
Default SRX5308 hub & spoke with FVS318v3, filtering between spokes

Hi.

I've build and "hub & spoke" topology, with a SRX5308 as hub (LAN 10.15.0.x), and 20 spokes with FVS318x3 (LAN 10.15.1.x to 10.15.20.x respectively).
I want to filter some PC to NOT access to others over the spokes. Example : PC 10.15.17.53 must be able to access ONLY 10.15.0.x and nothing else.
but 10.15.17.200 must be able to access ANY PC on ANY site (hub or spoke).
How can I make the correct filtering ? I didn't find a "VPN to VPN" rule, like there is on Zywall for example.
Reply With Quote
  #2  
Old September 28th, 2011, 09:41 PM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Senior Member
NETGEAR Fanatic
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 95,279
jmizoguchi is on a distinguished road
Default Re: SRX5308 hub & spoke with FVS318v3, filtering between spokes

You can only range the ip under VPN policy to restrict that
__________________
VPN Case Study (www.vpncasestudy.com)
Our Second To None VPN Related Setup Case Study
"One Stop Solution To Your Netgear VPN Connectivity"
*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]

Most Other Useful Docs -"General Technical Documentation", "Router Reset", "Router Setup", "Print Server Tips", "Remote Admin"
"Wireless Tips"


Forum Policy

June Mizoguchi-i....@vpncasestudy.com
Reply With Quote
  #3  
Old September 28th, 2011, 10:59 PM
AlainDanger AlainDanger is offline
Junior Member
NETGEAR Newbie
 
Join Date: Sep 2011
Posts: 6
AlainDanger is on a distinguished road
Default Re: SRX5308 hub & spoke with FVS318v3, filtering between spokes

That's just what I have feared. Now a second question : is it possible to insert many "phase 2" rules in the FVS318 to handle :
-the connection to the hub 10.15.0.x
-the connection by the administrator 10.15.x.200 ?
Reply With Quote
  #4  
Old September 28th, 2011, 11:08 PM
AlainDanger AlainDanger is offline
Junior Member
NETGEAR Newbie
 
Join Date: Sep 2011
Posts: 6
AlainDanger is on a distinguished road
Default Re: SRX5308 hub & spoke with FVS318v3, filtering between spokes

Sorry for double-post.

Is it possible to restrict incoming traffic, from the VPN, in the FVS318v3 installed as spokes ?
Reply With Quote
  #5  
Old September 29th, 2011, 04:45 AM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Senior Member
NETGEAR Fanatic
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 95,279
jmizoguchi is on a distinguished road
Default Re: SRX5308 hub & spoke with FVS318v3, filtering between spokes

you can only create one of each for IKE/VPN policy to each tunnel as one policy so you will be creating multiple IKE/VPN policy each time you need new tunnel
__________________
VPN Case Study (www.vpncasestudy.com)
Our Second To None VPN Related Setup Case Study
"One Stop Solution To Your Netgear VPN Connectivity"
*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]

Most Other Useful Docs -"General Technical Documentation", "Router Reset", "Router Setup", "Print Server Tips", "Remote Admin"
"Wireless Tips"


Forum Policy

June Mizoguchi-i....@vpncasestudy.com
Reply With Quote
  #6  
Old September 29th, 2011, 06:45 AM
AlainDanger AlainDanger is offline
Junior Member
NETGEAR Newbie
 
Join Date: Sep 2011
Posts: 6
AlainDanger is on a distinguished road
Default Re: SRX5308 hub & spoke with FVS318v3, filtering between spokes

Quote:
Originally Posted by jmizoguchi View Post
you can only create one of each for IKE/VPN policy to each tunnel as one policy so you will be creating multiple IKE/VPN policy each time you need new tunnel
If I understand you well (English is not my native language), I can create ONE IKE and ONE VPN policy for each of my needs ; but I can not create one IKE policy followed by SOME VPN policies. Is that correct ?
Reply With Quote
  #7  
Old September 29th, 2011, 11:43 AM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Senior Member
NETGEAR Fanatic
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 95,279
jmizoguchi is on a distinguished road
Default Re: SRX5308 hub & spoke with FVS318v3, filtering between spokes

you can use same ike to multiple VPN policy I don't that will for for you
__________________
VPN Case Study (www.vpncasestudy.com)
Our Second To None VPN Related Setup Case Study
"One Stop Solution To Your Netgear VPN Connectivity"
*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]

Most Other Useful Docs -"General Technical Documentation", "Router Reset", "Router Setup", "Print Server Tips", "Remote Admin"
"Wireless Tips"


Forum Policy

June Mizoguchi-i....@vpncasestudy.com
Reply With Quote
  #8  
Old September 30th, 2011, 02:25 AM
AlainDanger AlainDanger is offline
Junior Member
NETGEAR Newbie
 
Join Date: Sep 2011
Posts: 6
AlainDanger is on a distinguished road
Default Re: SRX5308 hub & spoke with FVS318v3, filtering between spokes

Quote:
Originally Posted by jmizoguchi View Post
you can use same ike to multiple VPN policy I don't that will for for you
Sorry but as I said, English is not my native language. I can see at the number of your posts that your time is precious, but would you please be a little bit clearer in your previous post (for example : you can do this, you can not do that because that, you may try another solution like that...)
Thank you in advance.
Reply With Quote
  #9  
Old September 30th, 2011, 04:31 AM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Senior Member
NETGEAR Fanatic
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 95,279
jmizoguchi is on a distinguished road
Default Re: SRX5308 hub & spoke with FVS318v3, filtering between spokes

you go to to under stand that in basic if vpn tunnel if you pick same IKE policy on multiple VPN policy , it will may fail to work because you are essentially using same VPN policy to A-B, A-C.

if you have A, B, C location pointed to A, B and C must have different LAN subnet each as well was A

ex.
A 192.168.0.x
B 192.168.1.x
C 192.168.2.x

if you needed to have limiting the access on A side or from B/C.

each VPN policy you need to adjust the range fore remote subnet or verse versa, if you are only wanting to limit the access to the A (central location) then that needs to be range the IP.

if you are limited the remote B/C without using range of IP in the vpn policy you have to use DHCP (reserved) on router so that you specify correct IP to the device
__________________
VPN Case Study (www.vpncasestudy.com)
Our Second To None VPN Related Setup Case Study
"One Stop Solution To Your Netgear VPN Connectivity"
*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]

Most Other Useful Docs -"General Technical Documentation", "Router Reset", "Router Setup", "Print Server Tips", "Remote Admin"
"Wireless Tips"


Forum Policy

June Mizoguchi-i....@vpncasestudy.com
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -8. The time now is 04:20 AM.