Solved

Linksys RV042 x 3 sites + Routing issues

Posted on 2004-09-21
9
362 Views
Last Modified: 2008-02-26
Diagram:
                                                          216.191.xxx.xxx
                                                                   |
                                                                   |
                                                             10.10.0.0
                                                       CORPORATE SITE
                                                                   |
                                                                   |
                                            VPN ------- 10.10.0.50-------VPN
                                              |                                       |
                                              |                                       |
                                        12.146.xxx.xxx                     69.159.xxx.xxx
                                        Remote Site A                      Remote Site B
                                         10.90.0.0                             10.100.0.0

Situation: VPN tunnels are established and Corporate can talk to both Remote sites.  But, Remote Sites cannot talk to eachother.  

Any Ideas?  
If I do a tracert from Remote Site A to B, the first hop is the router(10.90.0.1), then it goes to the external address (12.146.xxx.xxx) instead of the LAN address 10.10.0.50 on the other side of the VPN tunnel.  
0
Comment
Question by:mt360
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12154554
You will have to create separate tunnels from Site A to B
0
 

Author Comment

by:mt360
ID: 12159055
Can I not use static routing with these devices?  
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12159268
No. The Linksys at Corp cannot route between the VPN tunnels.
If you want A to talk to B, simply add another direct tunnel between them
   
           Corp
           |     |
          A --- B
0
Are You Ransomware's Next Victim?

Worried about ransomware attacks hitting your organization?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with WatchGuard Total Security!

 

Expert Comment

by:pkarlson
ID: 12745422
I agree but he'd probably have to swap out the equipment at A&B if they couldn't establish the tunnel between the sites.

Couldn't he also add four static routes
1. To Corp that routes traffic from Remote Site A to Remote Site B
    Destination IP Address: 10.100.0.0
    Gateway: 69.159.XXX.XXX
2. To Corp that routes traffic from B to A
    Destination IP Address: 10.90.0.0
    Gateway: 12.146.XXX.XXX

3. To Remote Site A that routes all traffic destined for B through Corp
    Destination IP Address: 10.100.0.0
    Gateway: 216.191.xxx.xxx or maybe the internal VPN address 10.10.0.50


4. To Remote Site B that routes all traffic destined for A through Corp
    Destination IP Address: 10.90.0.0
    Gateway: 216.191.xxx.xxx or maybe the internal VPN address 10.10.0.50


 
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 125 total points
ID: 12745724
No can do.
The VPN tunnels are established with traffic match rules, not routing entries. Traffic that matches rule 1, for example, a VPN tunnel is defined with "local secure goup" destined for "remote secure group" goes to remote secure Gateway. The tunnel is maintained with traffic source IP <local> destination <remote>, gateway 12.34.56.7

Define tunnel 1 to Site A
 Local secure group 192.168.100.0/24
   Remote secure group 192.168.200.0/24
     Gateway 12.34.56.7

Define tunnel 2 to Site B
  Local secure group 192.168.100.0/24
   Remote secure group 192.168.30.0/24
     Gateway 63.22.55.77

Now, what I cannot do is define another tunnel to site A or B, using the remote secure group now as the local secure group:
  No can do:
    Define tunnel 3 to site B, for Site A traffic
     Local secure group 192.168.200.0/24 <= ? tunnel 1 already defines this as a "remote group"
                                                                   I can't make it both a remote and a local group
       Remote secure group 192.168.30.0/24

While at the same time, on Site A, I would have to define Site B's subnet as my remote secure group, pointing it to Corp, Corp then turns around and re-directs through tunnel 3
It just can't happen that way.
Again, it's not a routing issue, it's the way IPSEC tunnels get created..the traffic must originate on the Local LAN.
0
 

Expert Comment

by:mac_3ce
ID: 12980244
I have talked to Linksys and they also confired the fact that the only way to have all sites see eachother is with seperate vpns connect each one to the other.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13737544
Do you need any more assistance or information?
Can you close out this long-forgotten question?
Here's how:
http://www.experts-exchange.com/help.jsp#hs5

Thanks!
<8-}
0

Featured Post

Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Gateway Resilience 4 72
Add or change DNS server address used by OpenVPN software 5 62
New office setup 2 37
SSH setup on ASA 5505 17 120
I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question