Security

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

VPN tunnel between public IP address and broadband based network

This thread has been viewed 11 times
  • 1.  VPN tunnel between public IP address and broadband based network

    Posted 08-07-2022 17:36
    I want to create a VPN tunnel between sites.

    To explain my current network configuration please see the attached diagram. Site A has a Juniper firewall SRX345 with a public IP address, and site B has a 4G broadband router with a private IP address. Currently, site A has a switch and it has VLAN 300 configured and many devices are connected to that VLAN 300. I want to create a VPN tunnel between the two sites and provide access to the VLAN 300 on site B. So any device can easily connect to the same VLAN 300 on site B. Both devices A and B should be able to talk to each other as they will be in the same network. Is there any guidance for this type of configuration? If someone can provide a detail guide that would be great. 



    ------------------------------
    Abdul Qurashi
    ------------------------------


  • 2.  RE: VPN tunnel between public IP address and broadband based network

    Posted 08-08-2022 12:35
    Thats not how IPSec VPN tunnels work.  They will be Layer 3 routed tunnels not Layer2 extensions.

    If site B is in a different subnet, then simply create site B as a dynamic addressed VPN gateway and you are good.

    For an L2 extension, you need to add another encapsulation, like MPLSoverIPSec or MPLSoGREoIPSec, but the cost is configuration and performance.

    Of course, in a ny configuration, you will need a router at site b that also supports whatever tunneling you are trying to configure.  Most consumer grade home routers may support IPSec VPN (not sure if standards based) and *may* interop with the SRX, but very unlikely they can do an interoperable L2Extension.

    ------------------------------
    David Divins
    ------------------------------