How can I access 192.168.1.1 through 192.168.3.254

I'm doing remote support for someone with a campus WAN that has three segments.  the three are 192.168.1.x/255.255.255.0; 192.168.2.x/255.255.255.0; and 192.168.3.x;255.255.255.0

I want to configure my VPN router to allow me to reach any of the addresses on any segment.  I specify 192.168.1.0;255.255.255.0 in the VPN configuration and I can reach the .1 segment perfectly.  Is there a different subnet mask I can use and reach all three?

If so, would the segments also need to have that different subnet mask configured on each PC, even if they are working OK now?
alanvranianAsked:
Who is Participating?
 
rburns50Connect With a Mentor Commented:
To your VPN router, you would need to add a route for 192.168.0.0 with mask 255.255.252.0 pointing to the other end of your tunnel to the Campus VPN switch. The campus VPN switch needs to have the same route pointing to the Cisco router (unless that is it's default gateway). And the Cisco router needs to have a route back to your own subnet, pointing to the Campus VPN switch.

That way, every network device knows how to reach all 4 subnets. FYI, if they all supported a common dynamic routing protocol (i.e. OSPF or RIP), it would be even easier- just turn it on on all devices, and they would discover each other's connected subnets and routing tables.
0
 
LarryHoCommented:
Hmmm, need more info.  What is the topology of the campus WAN, including your VPN connection?  Hopefully all subnets connect to a single router that is also your VPN endpoint.  Also, what's the reason for the separate subnets?

If it is feasible to combine all subnets on campus into a single IP space, you can achieve what you want with a /22  (255.255.252.0) subnet mask, but all machines would need to use that mask.  Unlikely and undesirable from a security and performance standpoint, but it may be an option for you.
0
 
pseudocyberCommented:
I would think they would have their internal routing configured so you could access the other two IP nets from the first.  This isn't the case?
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
alanvranianAuthor Commented:
The VPN connects from my office to the vpn firewall through the internet.  The firewall is attached to the .1  segment.  There is a cisco 2620 router there that connects cisco 1710 routers at the other ends of the T1s connecting the remote locations to the main location point to point.  The Cisco knows to forward packets received on the .1 network to the .2 and .3 network.  But I'm wondering if, since my VPN firewall has been told the network at the client is 192.168.1.0/255.255.255.0, if the VPN equipment will understand what to do with an address on the .2 and .3 segments.  I think if it makes it to the cisco router, it will know what to do but I'm not it will make it to the cisco via the VPN.

So yes, Larry, the VPN connects to a single router which knows how to route to the other two segments.  But, pseudocyber, I'm not sure that the VPN understands those other segments can be found at the other end.  So I'm wondering if I should put the definition of the remote LAN as 192.168.1.0/255.255.252.0 in my VPN configuration in order to have it understand that the other two segments are out there....
0
 
theitguyConnect With a Mentor Commented:
try


192.168.0.0
255.255.255.0 for the subnet  I think?

try it

0
 
simonenticottConnect With a Mentor Commented:

i don't know if this will work over your VPN but try typing this on your system -

route add 192.168.2.0 mask 255.255.255.0 the_gateway_address -p
route add 192.168.3.0 mask 255.255.255.0 the_gateway_address -p

if it doesn't work remove the routes using
route delete 192.168.2.0  
route delete 192.168.3.0

Alternatively if you have XP you can try adding an IP address from each range to your TCP/IP settings (under tcp/ip properties/advanced/IP settings)

Simon.
0
 
alanvranianAuthor Commented:
OK, I closed the question and awarded the points to the three who had all offered a variation on the same resolution.  I don't know that these would work or not, frankly, as I found a place in the VPN firewall where I could specify a range of addresses rather than having to specify the subnet mask.  So I put in 192.168.1.0 to 192.168.3.254 in my firewall and the other firewall in the tunnel definition and I'm able to navigate all three segments of the network.  I guess whomever did the programming of the VPN system knew people like me would need it to be kept simple, so kudos to them.

Thank you all for your suggestions... since they were all related to the same solution, I'm betting that its the right answer and hope the way I did the points appears reasonable.
0
 
Gen2003Commented:
No need to "reIP" all subnets. Your 2620 connects main office .1 and 2 locations (all having 1710), right? Your firewall knows the route to .1 net. So your firewall has to know how to forward (route) packets for .2 & .3 nets. All 1710 routers have to know how to forward packets for your VPN network, which I suppose is not in .1, .2 and .3 net.

- add routes on your firewall for .1, .2, .3 nets
- add route to VPN on 2620
- add route to VPN on 1710s (if the default route is not pointing to 2620)

Regards.
0
All Courses

From novice to tech pro — start learning today.