Thanks DannyJ for explaining the issue.

 

In other words, if you wish to use private IP, the only option is to

use the private IPs and do some nat on the firewalls. 

 

That sounds quite weird. 

 

Is it planned to develop a feature that would permit to use a private IP and indicate the packets between the WX

devices will use public addresses ?

 

That also means you cannot use WX if both devices use the same private LAN adresses ? 

(ie overlapping). 

 

 

Does this help you picture the limitations?

Hi,

 

this was too hard to configure so I set up a vpn instead. 

 

and now I have some vpn issues but that dosn't concern the WX anymore. 

 

do you know if the feature of having a public and a private IP (ie identify the devices  with something els than the IP) is planned ? 

 

how about using ssl at least to communicate for the registration ? 

 

 

Later this year will be moving towards a transparent flow solution where we will remove the tunnel architecture and in the WAN flow will retain there original src and dst IP and port information, however this will be 2H of 2009 for.

 

P.S. In this solution will not have a reg-server.

Do you mean the so long mentionned WXOS 6 will be released ?

 

Could it be possible to take part to a beta test ?

 

 

Yes V6.

 

Re beta, we are currently in beta and just started beta2.

 

Who is you JNPR Partner? JNPR local SE? what country are you in?

There has to be two-way connectivity end-to-end between the WXes, and any NAT that happens must be translated back so that the remote device 'sees' the original IP of the originating WX. If this is not achievable, your best option is to use VPN as you already found out yourself.

Hi Guys,

 

Has this been resolved and in what firmware?

 

I have two sites with the same network infrastructure and IP addresses.

 

I have setup a VPN between the two sites with overlapping subnets.

 

e.g.

 

PC 1 at Site A on 192.168.1.120

PC 1 at Site B on 192.168.1.120

 

The PC1 on Site A can ping the PC1 at Site B on 2.2.2.120

 

The PC1 on Site B can ping the PC1 at Site A on 3.3.3.120

 

This all works great.

 

The issue is with the WXC

 

I can’t get the WXC to pair up. (the can both ping etc and no restriction on the FW).

 

The WXC Registration server complains about ‘primary IP mismatch’

 

(log from WXC registration server)

2009-06-09 14:16:55 23AF3A5C E09 REG: Primay IP mismatch: paramsIp=192.168.2.253 remoteIp=44.44.44.253 priIp=32.58.175.35  

 

After doing some digging, I’ve manage to find out that the WXC spoke registers with the WXC registration server by sending it IP address in the payload of the packet. Because the packet headers are being Natt’d, the source IP address in the payload (which the registration server uses)and the source IP of the packet do not match and hence the ‘Primary IP mismatch’.

 

Has this been fixed, otherwise is their an ETA on when a fix will be available?

 

Many thanks

 

Sunny