Aerohive BR Site to Site VPN - At existing remote sites?

  • 1
  • Question
  • Updated 3 years ago
  • (Edited)

Hi,

I have a CVG and a BR100 and a BR200.

What I am trying to do is the following:

Site A is main site with CVG installed and access to the Internet.

Site B is a branch site which is connected to the Internet but not to Site A.

Both Site's A and B already exist with separate servers/non-overlapping IP address ranges etc.

What we would like to do is create a site to site VPN using Aerohive between Site A and Site B, which basically allows IT at Site A to use things like monitoring tools/RDP to access servers at Site B, and for users at Site B to be able to access a selection of servers at Site A such as Intranet server.

In my reading I have seen I require a L3 tunnel in order for the two way connection to take place. Where I am getting confused is the IP address allocation by Aerohive (I think it is the VLAN to Subnet section?). I have attempted to use the Quick Start policy options, but seem to have got even more confused..

(Do I need anything other than a single IP Management network?)

I guess in this instance I am expecting a simple point to point link. At Site A I would simply like to add a route to our core switch that says for IP ranges hosted at Site B send traffic to the internal interface of the CVG and then at Site B for the BR device to have a Site B internal IP that I would then send traffic to using Site B's core switch?

All the documentation I can find seems to assume I want the BR device to allocate IP addresses and do all routing at Site B which it seems I do not want...

Am I missing something?

Photo of BeeKeeper

BeeKeeper

  • 9 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Gary Babin

Gary Babin

  • 21 Posts
  • 5 Reply Likes
Hopefully I understand the question/situation there but..

You should be able to set the BR to a hard IP and attach to the ISP router but anything connecting to the CVG (site A) will have to go through the BR. The addresses assigned (or handed out by the BR) need to match that allowed through the firewall at the CVG end.

In this arrangement the site-B local network could get addressing from local services and be excluded from the tunnel or connect to the BR first and have access to the tunnel. The BR would not do any routing at site-B.
(Edited)
Photo of BeeKeeper

BeeKeeper

  • 9 Posts
  • 0 Reply Likes
Hi, thanks for this... I think I understand... How do I set a static IP on the BR? Does this mess around with the automatic IP allocation in the policy?
Photo of Gary Babin

Gary Babin

  • 21 Posts
  • 5 Reply Likes
In the console you can select "modify" on the BR and set the eth0 WAN line (it can use DHCP too). The lines below it are for the ethernet ports on the BR (LAN). It doesn't affect policy as it is a device setting.