Need help here
Site B
TZ105
x0 Lan 192.168.162.1
X1 WAN 64.x.x.x
X2 LAN 10.0.3.1
Site A
TZ300
X0 LAN 10.0.1.1
X1 WAN 69.x.x.x
VPN tunnel set up as VPN SITE TO SITE and is Green
From Site A I can ping 10.0.3.1
From Site B I can ping 10.0.1.1 and everything else on this network
From Site A, I can only ping 10.0.3.1. Although I cannot access a single service, VMConsole, or anything else on the 10.0.3.0 network. I understand that firewall needs to be able to allow for ping on 10.0.3.0 network.
Any ideas?
SITE B
Secondly, I'm going to be connecting up a VOIP/SIP network onto this router for Site B. Do I need to create a VLAN for the Phones? Do I need to create a VLAN for the 10.0.3.0 network?
Best Answer
Check to make sure you put the remote network into both sides go to VPN->Configure-> Newtwork and make sure you have the correct networks selected and that they have the whole network range not just the gateway address object. For what I expect you are doing I would setup the local networks to Firewalled Subnets on both, and note what you have for the REMOTE network name. Then go to Firewall-> Address Objects-> Select Custom radio button. This will show you your remote networks and look for the remote network name, and make sure its a Range not a host and that it has the correct range.
You technically don't have to create a VLAN. Depending on the number of phones and how important quality is you can get by with just plugging the phones in. I have a small office (4 Phones and 5 pcs) that I have all on the same subnet no fancy VLAN and no issues. I only use VLAN if I only have one network cable run to each desk. IE passing through the phones to the computers. If I have the cable already ran(or the time to do so myself) A central PoE switch will save you lots of headache in the future.