09-14-2009 12:43 PM
How are you? I have a SSG140 in my office and I have a SSG5 in another room. On both computers there is a VPN. The SSG140 is a segment is 172.31.114.0 and SSG5 segment 172.31.74.0. Can you set a machine in the SSG140 segment, with its corresponding IP address, so that via VPN, between the segment SSG5? Is it possible?. I have a database in the segment SSG5 and need access to it from the SSG140 segment.
Thank you very much
09-14-2009 01:35 PM
Hi - this question really belongs in the firewall forum. But as you posted it here I will respond. I am not sure what you are asking for. Do you want to establish a connection from a client PC that is behind the SSG140 to a database that is behind the SSG5? That is very easy to do and that is what a VPN tunnel would do for you.
Can you perhaps restate your problem and maybe post a picture?
09-14-2009 01:58 PM
09-14-2009 02:38 PM
Ok - simple site to site VPN - on each box (SSG5 & SSG140) define an address box entry for the device on the local side and the device on the remote side - local would be in trust zone, remote in untrust - make sure they match on both sides! IE - the remote addr on one should map to the local add on other.
Then define the IKE gateway, define the VPN and tie the gateway to it and then define a policy. Do so on each box.
Following is a quickie example for connecting two sites - one called "corp" the other called "remote" - this is done from the CLI, not the WEB GUI -
set address trust Corp-11-MAC 10.0.11.10/32
set address untrust Remote-12-PC 10.0.12.10/32
set ike gateway Corp11-to-Rem12-GW address 18.104.22.168 outgoing-interface eth0/0 preshare password sec-level standard
set vpn Corp11-to-Rem12-VPN gateway Corp11-to-Rem12-GW sec-level standard
set vpn corp11-to-rem12-vpn monitor
set policy top from trust to untrust Corp-11-MAC Remote-12-PC any tunnel vpn Corp11-to-Rem12-VPN
set policy top from untrust to trust Remote-12-PC Corp-11-MAC any tunnel vpn Corp11-to-Rem12-VPN
set address trust Remote-12-PC 10.0.12.10/32
set address untrust Corp-11-MAC 10.0.11.10/32
set ike gateway Rem12-to-Corp11-GW address 22.214.171.124 outgoing-interface eth0/0 preshare password sec-level standard
set vpn Rem12-to-Corp11-VPN gateway Rem12-to-Corp11-GW sec-level standard
set vpn rem12-to-corp11-vpn monitor
set policy top from trust to untrust Remote-12-PC Corp-11-MAC any tunnel vpn Rem12-to-Corp11-VPN
set policy top from untrust to trust Corp-11-MAC Remote-12-PC any tunnel vpn Rem12-to-Corp11-VPN
WEB GUI - Addresses are done under Policy / Policy Elements / Addresses
IKE Gateway - VPN's / AutoKey Advanced / Gateway
VPN - VPN - Autokey IKE
Policies - Policies
Hope this makes sense.
09-18-2009 12:51 PM