Same Site VPN Setup

  • I have several SSG5 units and I am trying to connect them via VPN.  However, the untrusted LAN for each unit is the same as they are all intra-site units.  I have followed as many documents that I can find regarding a VPN setup, but I am missing something.  Ultimately, I need the following setup.  Device to SSG5 #1 Trusted Zone (port E0/2) on Subnet A (  Device to SSG5 #2 Trusted Zone (port E0/2) on subnet B (  Untrusted connection between SSG5 #1 and SSG5 #2 using port E0/0 on both units to use Subnet C (  There will be no internet connection on this network, so that part is irrelevant in this situation.  However, I do need the device connected to SSG #1 to be able to communicate with the device on SSG #2.  Please advise.

  • @hightshoe - Thanks for your response.  You are correct in that these units are all at the same location, hence the title of my post.  However, you are assuming that I have given the full picture and that there is no more information than what I have given.  Ultimately, I need the VPN because I am adding to networks that are already in place and I do not have access to those netscreens in order to mock them.  I also need VPN because I have to ensure that this secure location has the encryption that comes with a VPN solution that I cannot guarantee by just routing and policies. Not that this information changes my original question about how to complete the task at hand.  Is there someone that can guide me to the solution I am looking for instead of questioning my motives?

  • If there is no internet connection, then it’s safe to assume these are all physically in the same location.  So my question would be, why the need for a VPN connection?  You could get your desired setup with just routing and policies.