VrsTurbo
Premium Member
Registered: 8th Jun 10
User status: Offline
|
Dunno if any one can help
Have one site at the moment and need to move all backup servers to a new site but they need to be on the same subnet. i have 2 Juniper SSG5 Firewalls at each site. I cant get the routing figured out 
So for example -
Site 1
10.0.0.1 - Public
Private - 192.168.201.0/24
Allocated IPs 192.168.201.150 -254
Site 2
10.0.0.2 - Public
Private - 192.168.201.0/24
Allocated IPs 192.168.201.1-149
VPN is up but i cant ping each site i have a computer at site 2 192.168.201.27 trying to ping 192.168.201.254 and it fails can any one help?!
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
You'll have to put a route in somewhere I think, it'll never try outside of the network at site 2.
|
Steve
Premium Member
Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
|
firewalls not block ping requests?
|
VrsTurbo
Premium Member
Registered: 8th Jun 10
User status: Offline
|
nope ping requests are allowed on all interfaces
|
VrsTurbo
Premium Member
Registered: 8th Jun 10
User status: Offline
|
has to be a routing issue as john said. as i do a trace route to 8.8.8.8 from a site it works. but to a 192.168.201.0/24 at either site it wont even get past the firewall
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
It wouldn't go past the firewall because it can get to anything on that subnet internally, won't try externally otherwise how would you distinguish between .100 at site 1 and .100 at site 2. Can you put a static route on each firewall for that half of the subnet to route to the other site?
|
VrsTurbo
Premium Member
Registered: 8th Jun 10
User status: Offline
|
just annoying as it seems just a simple thing. a vpn between 2 sites that is really just a lan extension!
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
It's not working for exactly the reason you should never set an office up as 192.168.0.1, 1.1 etc. when anyone tries to VPN in from home you get this exact issue.
|
VrsTurbo
Premium Member
Registered: 8th Jun 10
User status: Offline
|
fuck it im going to change the ip address schema tomorrow cant be bothered arseing around with these shitty firewalls! so much easier with a watchguard!
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
Get on the Servers subforum on OCuk as there's about 5 users (bigredshark is one of them) that work with Juniper day-in-day-out in DCs and have always been helpful with any queries i've had. Alternatively jump on the J-NET forums Here
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
Why do they have to be on the same subnet?
It would make more sense to use another subnet so you can identify hosts geographical location right away.
i.e.
Site 1
10.10.1.0/24
Site 2
10.10.2.0/24
If the firewalls are the default router for the hosts on its private interface(s) then that will sort out the routing.
All depends on your application really, as far as I am concerned if hosts on both sides are using a /24 netmask they will just do an ARP to find the host on the local network - unless you can configure the VPN gateways to forward on broadcast frames?? 
Just makes alot more sense to use different subnets to split the network up and make things alot more logical.
|
VrsTurbo
Premium Member
Registered: 8th Jun 10
User status: Offline
|
What they have at the moment is 2 racks in 1 location.
SQL servers HA webservers HA
it needs to be 99% uptime. As they are moving location one rack gets done first then the second.
|
VrsTurbo
Premium Member
Registered: 8th Jun 10
User status: Offline
|
well it took 2 mins with a different subnet. Just need to configure the servers when they get here for a different subnet.
|
