April 16, 2010 at 9:42 am #42360
Please see attached image of setup:
I want to Bridge Site A and Site B in a way that a PC at Site A can ping, share, etc. with any PC on Site B as if plugged in there. (PC A2 and PC A3 arent in use yet – testing only with PC A1)
VPN is setup and functions perfectly.
I created a Bridge00 on each site: VPN-Interface + local-Lan-Interface
I assigned one IP of the private Network in use to each bridge (192.168.0.200, 192.168.0.201)
LAN interface on PC A1 (Windows 7) is set to automatic and that works fine: PC A1 gets an IP assigned by DCHP-B (from the other site).
And now here’s the problem:
PC A1 can ping only 192.168.0.200 and 192.168.0.201
ZS-A can ping only ZS-B (but not PC A1)
ZS-A can arp only PC A1 and ZS-B
ZS-B can arp and ping ZS-A
ZS-B can arp, but not ping PC A1
Any hints or ideas anyone how i get that bridge fully functional?
Could routing be the problem? At Site B all PCs (except for ZS-B) use GW-B as default GW – as assigned by DHCP-B. ZS-A only has the dynamically assigned GW-A.
Thank you all very much in advance!April 16, 2010 at 12:52 pm #50143
Looks fine to me.
You generally cannot ping PC A1, maybe due to a firewall rull on windows.
Routing has nothing to do here, as all of your network is in the same broadcast domain. You just assign the default gateway for internet reachability and you assign the closest ZS.
The way I see it your bridge is functioning properly.April 16, 2010 at 1:05 pm #50144
Thanks for your reply.
Firewalls etc. crossed my mind too, but that shouldn’t prevent ZS-A successfully arping PC Bn?
You just assign the default gateway for internet reachability and you assign the closest ZS.
What exactly do you mean. Can you talk me through the steps as you would have done it?
The way I see it your bridge is functioning properly.
Thats the weird thing. The actual bridge is up and running. Just the two sites behind it seem to not fully “see” each other.
I don’t need any forwarding or other fw rules on the zs, do I?
Thank you so very much!!!April 16, 2010 at 1:42 pm #50145
ARP is usually not affected by firewalls, at least the common and most used. If you block ARP you are risking to lose connectivity, so blocking it is not that easy.
Regarding the other one with the gateway, I meant that PC Ax and ZS Site A should use default gateway the GW A and the others GW B. However this doesn’t provide failover in case GW A or B goes down.
ZS should be fine without messing with the firewall or any other setting on the BRIDGE interface.April 16, 2010 at 4:25 pm #50146
That’s what I thought. Thanks for confirming.
But it still doesn’t work… Too strange.
I’ll try to do more testing with linux boxes only 😉
I’ll keep you posted!April 20, 2010 at 8:26 pm #50147
Problem found and solved.
ZS at Site B failed to bring up interfaces in promisc mode since it was in fact virtualised. I wasn’t aware of that…
Activating promisc mode on the respective port group solved all above mentioned issues.
Thank you very much again for your help!April 21, 2010 at 9:35 pm #50148
Damn those virtual machines…March 9, 2012 at 6:30 am #50149
really interesting. thanksNovember 30, 2012 at 11:44 am #50150
I have a similar configuration, however i defined in site B the default gateway GW A.
My idea is that all trafic in site B destinated to internet will flow throght the VPN and exit to the intervnet via GW A.
With this configuration PCs on site B can open only some internet websites. If i do a speedtest (speedtest.com) i can only measure download speed, upload speed test fail all the time.
Is this firewall problem?
You must be logged in to reply to this topic.