• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 181
  • Last Modified:

URGENT: Way to set a network annotation to include range of std class C networks.

I want ot create a tunnel that will route traffic for anything from  192.168.10.0-192.168.35.0
They are all standard networks using 255.255.255.0

so when my vpn connects i can hit remote boxes w/ no extra step.

[me] ---VPN----> [main office] ----hardwareVPN--->[remote office]

Main office knows about all the networks.. i need to use a virtual adapter to connect to main office... I just need my adapter to know
to use it for a range of class C networks... or it will just send to my 0.0.0.0 route which wont work because i split tunnel.
0
Eric
Asked:
Eric
  • 6
  • 4
1 Solution
 
e_vanheelCommented:
not sure if I understand your question but....

Create a route on your computer.

for example:

route add [remote office network IP] mask 255.255.255.0 [address of main office VPN to VPN remote network] [your VPN interface address] -p

the -p makes the route persistent (still there if you reboot)

BTW what VPN Client are you using - MS, Cisco?
0
 
EricIT ManagerAuthor Commented:
Safenet.  
I think its  what cisco uses.  Watchguard uses this also.  I have watchguard.
I wanted to do it via the vpn policy so that its only active when I am using a VPN.

maybe i just cant do it... maybe its more of a question for watchguard an how there software sets up VPN routes.
0
 
e_vanheelCommented:
I would test it first so you are sure it works before you add policy.  This will help you troubleshoot the routing first before you work on policy.
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
sr1xxonCommented:
why don't you put the route on your default gateway (router / firewall) rather than on your pc? that way there's only one step - every time someone requests a resource at the 192.168.35 network, your router will get them to the right place.
0
 
EricIT ManagerAuthor Commented:
let me explain better:
ok, in the main office our hardware device connects to a bunch of branch offices via hardware VPN.  Hub/spoke

From there i can ping any network i want all day long  no problems.

when im out of the office my software vpn connects to the main office.  But it split tunnels. so anything not sent to the main offices specific network does not make it.  The vpn virtal adapter only knows to route that one subnet... it does not know about the others.. .the main network im connecting to does.

SO route add would work. because its just a matter of knowing Use adapter Virtual, vs sending unkown to th e 0.0.0.0 route.
I am just trying to do it via the muvpn setup so I do not have to configure route on each pc, and a way to enable and disable it when users are remote/in the office.
0
 
e_vanheelCommented:
I don't know the firebox very well but this might help.

Found this on this web page http://www.fireboxsupport.com/FB_MUVPN.htm 

Also, if you need your MUVPN user to have access to more than one subnet, complete the wizard, and then “edit” the MUVPN user and you will be able to add additional networks for the MUVPN user to access.  But for the initial configuration you can only add one network.

 You should not use the option of “Use default gateway on remote network” for this configuration.  This creates a 0.0.0.0 route where all traffic goes to the Firebox over the tunnel when the MUVPN client is enabled.  This should only be done by advanced users familiar with MUVPN setup when needed.

0
 
EricIT ManagerAuthor Commented:
Oups sorry.. i did that hours ago.  I had that a while back but never tested it because it looked like it was creating a seperate vpn instead of route... but it does just work like a route.. and you only  have to auth one time for all 15 networks..

so its working this way.  But you got it right.. thanks
0
 
e_vanheelCommented:
Glad I could help.
0
 
e_vanheelCommented:
Are you going to award points for this?
0
 
EricIT ManagerAuthor Commented:
oups..was out of town on busniness...

sure.
0
 
e_vanheelCommented:
Thank you!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now