jellison
asked on
Onward (static) routing using Linksys VPN routers
I have a Linksys AG041 ADSL router (available in Europe and Australia only I think) attached via a VPN to a Linksys RV082 in our central office. The private NAT addresses are 192.168.101.2 and 192.168.121.250 respectively. I have set up the VPN and devices on both networks can see each other through the tunnel.
The 192.168.121 central office network is a hub with a number of other networks connected via leased lines and isdn. Another router (a Cisco) at 192.168.121.254 handles these connections - for example to 192.168.106.N.
My question is how do I set up my Linksys routers so that traffic from my 192.168.101 network can route via VPN to 192.168.121.250 then to 192.168.121.254 to get to 192.168.106.N? I already have a static route set up in the 192.168.121.254 router and I can ping it from 192.168.101.N. I have tried but I can't work out the static routes etc to make it go any further. Has anyone out there done something similar and would like to share how it's done? I have attempted a simple diagram below.
Thanks and regards
John Ellison
Internet/VPN Central network
AG041 router ---------------> RV082 router -------------------> Cisco router ----> Other networks
192.168.101.N 192.168.121.250 192.168.121.254 192.168.N.N
The 192.168.121 central office network is a hub with a number of other networks connected via leased lines and isdn. Another router (a Cisco) at 192.168.121.254 handles these connections - for example to 192.168.106.N.
My question is how do I set up my Linksys routers so that traffic from my 192.168.101 network can route via VPN to 192.168.121.250 then to 192.168.121.254 to get to 192.168.106.N? I already have a static route set up in the 192.168.121.254 router and I can ping it from 192.168.101.N. I have tried but I can't work out the static routes etc to make it go any further. Has anyone out there done something similar and would like to share how it's done? I have attempted a simple diagram below.
Thanks and regards
John Ellison
Internet/VPN Central network
AG041 router ---------------> RV082 router -------------------> Cisco router ----> Other networks
192.168.101.N 192.168.121.250 192.168.121.254 192.168.N.N
can you ping cisco router 192.168.121.254?
ASKER
Sorry - should have said. Yes I can - and any other device on the 192.168.121 net.
One strange thing (with the Linksys AG041) is that when the VPN is up it doesn't show anything in the routing table. It obviously knows the remote net is there and how to route to it though. That makes it difficult to know what to add to the static route table to make it work.
One strange thing (with the Linksys AG041) is that when the VPN is up it doesn't show anything in the routing table. It obviously knows the remote net is there and how to route to it though. That makes it difficult to know what to add to the static route table to make it work.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, I see what you are getting at. I will try it tomorrow when there is someone in the office to recover from any problems. If it does mean a tunnel for each class C net that's a pain - there are only 5 VPN's on the ADSL and we have more networks than that. But I will try the theory.
Have you had any experience of Linksys support? They are quite fast at responding but the answer they gave me to this issue was "Static Routing is not supported by a Linksys Techsupport, we can only provide documentation." Hmph. Wy make routers with static route capability if you can't support em. Perhaps I was banging on the wrong door!
Have you had any experience of Linksys support? They are quite fast at responding but the answer they gave me to this issue was "Static Routing is not supported by a Linksys Techsupport, we can only provide documentation." Hmph. Wy make routers with static route capability if you can't support em. Perhaps I was banging on the wrong door!
ASKER
lrmoore,
Well - the "parallel VPN tunnels" didn't work. The RV082 wouldn't allow two VPNs to go to the same endpoint address. But your comment about supernets got me thinking. The AG041 doesn't put the address of the other end of the VPN it's routing table - it just "knows" that the address is there. So if I change the other end of the tunnel to be 192.168.0.0 with a mask of 255.255.0.0 will it just "know" that all 192.168 addresses should go via the tunnel and the RV082 can sort out the routing from there. Guess what - that's exactly how it works! All I needed to do was set some static routes in the RV082 to tell it how to get to the rest of the networks and everything is now working. One tunnel, multiple networks.
So although you didn't hit the nail on the head it got my thought processes going enough to get it working. So I think it's only fair you get the points. Many thanks for your input - especially on a Sunday!
Well - the "parallel VPN tunnels" didn't work. The RV082 wouldn't allow two VPNs to go to the same endpoint address. But your comment about supernets got me thinking. The AG041 doesn't put the address of the other end of the VPN it's routing table - it just "knows" that the address is there. So if I change the other end of the tunnel to be 192.168.0.0 with a mask of 255.255.0.0 will it just "know" that all 192.168 addresses should go via the tunnel and the RV082 can sort out the routing from there. Guess what - that's exactly how it works! All I needed to do was set some static routes in the RV082 to tell it how to get to the rest of the networks and everything is now working. One tunnel, multiple networks.
So although you didn't hit the nail on the head it got my thought processes going enough to get it working. So I think it's only fair you get the points. Many thanks for your input - especially on a Sunday!