05-25-2008 11:38 PM
I have a real scenario consist of 125 remote sites connect with central site for services like VoIP, Application etc.
I have two pools :
1- Untrust IF Pool 188.8.131.52/24
2- Tunnel IF Pool 184.108.40.206/24
On hub site I have to give 220.127.116.11 & tun IF 18.104.22.168, other IPs for remote.
My requirement : VoIP phones on remote sites should communicate with each others ( remote-to-remote)
What I did :- HUB site: I applied the untr IP :22.214.171.124 & Tunnel IP:126.96.36.199. Made Auto IKE & gateway in which i gave remote untr IP :188.8.131.52. In route i gave inside N/w of remote site by using tunnel IF and remote untr IP:184.108.40.206.
REMOTE site: I applied the untr IP :220.127.116.11 & Tunnel IP:18.104.22.168. Made Auto IKE & gateway in which i gave remote untr IP :22.214.171.124. In route i gave default route by using tunnel IF and HUB untr IP:126.96.36.199. Its working fine.. Smiley but when i add one more remote site which just changed in IP but in the HUB site i use the same tunnel interface for routes, when i apply the static route, the route i gave for first remote, i could'nt able to ping the inside network of 1st remote site whereas i can ping the untr IP of 1st & 2nd remote both & tunel IPs also. ................
Kindly do some appropriate solution but I have to use this IP scheme.
05-26-2008 10:27 PM
1) What release u r using on firewalls?
2) Post the configuration of HUB and any one remote site.
3) What route u added for remote sites on HUB?
4) By the way u can use private IP pool (like 10.x.x.x/8) on tunnel interfaces instead of public IP
05-26-2008 11:04 PM
See for automatic population of NHTB ur firewalls should have OS 5.0.0 or above. So make sure ur firewalls have OS 5.0.0 OR above. One thing which u can try is manually binding of vpn tunnel to nexthop tunnel interface ip, using the following command on HUB for both remote sites:
set interface <tunnel interface> nhtb <nexthop tunnel interface IP> vpn <name of vpn tunnel for nexthop remote site>
Please let me know the outcome
05-27-2008 09:41 PM