SSG140 and SSG5

emoralesa_ · ‎09-14-2009

How are you? I have a SSG140 in my office and I have a SSG5 in another room. On both computers there is a VPN. The SSG140 is a segment is 172.31.114.0 and SSG5 segment 172.31.74.0. Can you set a machine in the SSG140 segment, with its corresponding IP address, so that via VPN, between the segment SSG5? Is it possible?. I have a database in the segment SSG5 and need access to it from the SSG140 segment.

Thank you very much

muttbarker_ · ‎09-14-2009

Hi - this question really belongs in the firewall forum. But as you posted it here I will respond. I am not sure what you are asking for. Do you want to establish a connection from a client PC that is behind the SSG140 to a database that is behind the SSG5? That is very easy to do and that is what a VPN tunnel would do for you.

Can you perhaps restate your problem and maybe post a picture?

emoralesa_ · ‎09-14-2009

Sorry, I'm new to the forum. Exactly, I need to see a database that belongs SSG5 segment from the segment SSG140. SSG5 need to enter with the ip I have in the SSG140. I hope I was clear, otherwise tell me. I deeply appreciate your support.

muttbarker_ · ‎09-14-2009

Ok - simple site to site VPN - on each box (SSG5 & SSG140) define an address box entry for the device on the local side and the device on the remote side - local would be in trust zone, remote in untrust - make sure they match on both sides! IE - the remote addr on one should map to the local add on other.

Then define the IKE gateway, define the VPN and tie the gateway to it and then define a policy. Do so on each box.

Following is a quickie example for connecting two sites - one called "corp" the other called "remote" - this is done from the CLI, not the WEB GUI -

Corp

set address trust Corp-11-MAC 10.0.11.10/32

set address untrust Remote-12-PC 10.0.12.10/32

set ike gateway Corp11-to-Rem12-GW address 1.1.12.1 outgoing-interface eth0/0 preshare password sec-level standard

set vpn Corp11-to-Rem12-VPN gateway Corp11-to-Rem12-GW sec-level standard

set vpn corp11-to-rem12-vpn monitor

set policy top from trust to untrust Corp-11-MAC Remote-12-PC any tunnel vpn Corp11-to-Rem12-VPN

set policy top from untrust to trust Remote-12-PC Corp-11-MAC any tunnel vpn Corp11-to-Rem12-VPN

Remote

set address trust Remote-12-PC 10.0.12.10/32

set address untrust Corp-11-MAC 10.0.11.10/32

set ike gateway Rem12-to-Corp11-GW address 1.1.11.1 outgoing-interface eth0/0 preshare password sec-level standard

set vpn Rem12-to-Corp11-VPN gateway Rem12-to-Corp11-GW sec-level standard

set vpn rem12-to-corp11-vpn monitor

set policy top from trust to untrust Remote-12-PC Corp-11-MAC any tunnel vpn Rem12-to-Corp11-VPN

set policy top from untrust to trust Corp-11-MAC Remote-12-PC any tunnel vpn Rem12-to-Corp11-VPN

WEB GUI - Addresses are done under Policy / Policy Elements / Addresses

IKE Gateway - VPN's / AutoKey Advanced / Gateway

VPN - VPN - Autokey IKE

Policies - Policies

Hope this makes sense.

emoralesa_ · ‎09-18-2009

Thank you very much for the support. Sorry if I did not reply earlier, I had many activities not allow me to access the forum. I'm going to try it and let you know the outcome.

muttbarker_ · ‎09-18-2009

Great - let me know if it all makes sense.

SSG140 and SSG5

SSG140 and SSG5

Re: SSG140 and SSG5

Re: SSG140 and SSG5

Re: SSG140 and SSG5

Re: SSG140 and SSG5

Re: SSG140 and SSG5