Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 370
  • Last Modified:

Linksys RV042 x 3 sites + Routing issues

Diagram:
                                                          216.191.xxx.xxx
                                                                   |
                                                                   |
                                                             10.10.0.0
                                                       CORPORATE SITE
                                                                   |
                                                                   |
                                            VPN ------- 10.10.0.50-------VPN
                                              |                                       |
                                              |                                       |
                                        12.146.xxx.xxx                     69.159.xxx.xxx
                                        Remote Site A                      Remote Site B
                                         10.90.0.0                             10.100.0.0

Situation: VPN tunnels are established and Corporate can talk to both Remote sites.  But, Remote Sites cannot talk to eachother.  

Any Ideas?  
If I do a tracert from Remote Site A to B, the first hop is the router(10.90.0.1), then it goes to the external address (12.146.xxx.xxx) instead of the LAN address 10.10.0.50 on the other side of the VPN tunnel.  
0
mt360
Asked:
mt360
1 Solution
 
lrmooreCommented:
You will have to create separate tunnels from Site A to B
0
 
mt360Author Commented:
Can I not use static routing with these devices?  
0
 
lrmooreCommented:
No. The Linksys at Corp cannot route between the VPN tunnels.
If you want A to talk to B, simply add another direct tunnel between them
   
           Corp
           |     |
          A --- B
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
pkarlsonCommented:
I agree but he'd probably have to swap out the equipment at A&B if they couldn't establish the tunnel between the sites.

Couldn't he also add four static routes
1. To Corp that routes traffic from Remote Site A to Remote Site B
    Destination IP Address: 10.100.0.0
    Gateway: 69.159.XXX.XXX
2. To Corp that routes traffic from B to A
    Destination IP Address: 10.90.0.0
    Gateway: 12.146.XXX.XXX

3. To Remote Site A that routes all traffic destined for B through Corp
    Destination IP Address: 10.100.0.0
    Gateway: 216.191.xxx.xxx or maybe the internal VPN address 10.10.0.50


4. To Remote Site B that routes all traffic destined for A through Corp
    Destination IP Address: 10.90.0.0
    Gateway: 216.191.xxx.xxx or maybe the internal VPN address 10.10.0.50


 
0
 
lrmooreCommented:
No can do.
The VPN tunnels are established with traffic match rules, not routing entries. Traffic that matches rule 1, for example, a VPN tunnel is defined with "local secure goup" destined for "remote secure group" goes to remote secure Gateway. The tunnel is maintained with traffic source IP <local> destination <remote>, gateway 12.34.56.7

Define tunnel 1 to Site A
 Local secure group 192.168.100.0/24
   Remote secure group 192.168.200.0/24
     Gateway 12.34.56.7

Define tunnel 2 to Site B
  Local secure group 192.168.100.0/24
   Remote secure group 192.168.30.0/24
     Gateway 63.22.55.77

Now, what I cannot do is define another tunnel to site A or B, using the remote secure group now as the local secure group:
  No can do:
    Define tunnel 3 to site B, for Site A traffic
     Local secure group 192.168.200.0/24 <= ? tunnel 1 already defines this as a "remote group"
                                                                   I can't make it both a remote and a local group
       Remote secure group 192.168.30.0/24

While at the same time, on Site A, I would have to define Site B's subnet as my remote secure group, pointing it to Corp, Corp then turns around and re-directs through tunnel 3
It just can't happen that way.
Again, it's not a routing issue, it's the way IPSEC tunnels get created..the traffic must originate on the Local LAN.
0
 
mac_3ceCommented:
I have talked to Linksys and they also confired the fact that the only way to have all sites see eachother is with seperate vpns connect each one to the other.
0
 
lrmooreCommented:
Do you need any more assistance or information?
Can you close out this long-forgotten question?
Here's how:
http://www.experts-exchange.com/help.jsp#hs5

Thanks!
<8-}
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now