?
Solved

URGENT:  Way to set a network annotation to include range of std class C networks.

Posted on 2006-05-17
11
Medium Priority
?
176 Views
Last Modified: 2013-11-16
I want ot create a tunnel that will route traffic for anything from  192.168.10.0-192.168.35.0
They are all standard networks using 255.255.255.0

so when my vpn connects i can hit remote boxes w/ no extra step.

[me] ---VPN----> [main office] ----hardwareVPN--->[remote office]

Main office knows about all the networks.. i need to use a virtual adapter to connect to main office... I just need my adapter to know
to use it for a range of class C networks... or it will just send to my 0.0.0.0 route which wont work because i split tunnel.
0
Comment
Question by:Eric
  • 6
  • 4
11 Comments
 
LVL 6

Expert Comment

by:e_vanheel
ID: 16700704
not sure if I understand your question but....

Create a route on your computer.

for example:

route add [remote office network IP] mask 255.255.255.0 [address of main office VPN to VPN remote network] [your VPN interface address] -p

the -p makes the route persistent (still there if you reboot)

BTW what VPN Client are you using - MS, Cisco?
0
 
LVL 11

Author Comment

by:Eric
ID: 16700758
Safenet.  
I think its  what cisco uses.  Watchguard uses this also.  I have watchguard.
I wanted to do it via the vpn policy so that its only active when I am using a VPN.

maybe i just cant do it... maybe its more of a question for watchguard an how there software sets up VPN routes.
0
 
LVL 6

Expert Comment

by:e_vanheel
ID: 16700793
I would test it first so you are sure it works before you add policy.  This will help you troubleshoot the routing first before you work on policy.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 6

Expert Comment

by:sr1xxon
ID: 16700799
why don't you put the route on your default gateway (router / firewall) rather than on your pc? that way there's only one step - every time someone requests a resource at the 192.168.35 network, your router will get them to the right place.
0
 
LVL 11

Author Comment

by:Eric
ID: 16700857
let me explain better:
ok, in the main office our hardware device connects to a bunch of branch offices via hardware VPN.  Hub/spoke

From there i can ping any network i want all day long  no problems.

when im out of the office my software vpn connects to the main office.  But it split tunnels. so anything not sent to the main offices specific network does not make it.  The vpn virtal adapter only knows to route that one subnet... it does not know about the others.. .the main network im connecting to does.

SO route add would work. because its just a matter of knowing Use adapter Virtual, vs sending unkown to th e 0.0.0.0 route.
I am just trying to do it via the muvpn setup so I do not have to configure route on each pc, and a way to enable and disable it when users are remote/in the office.
0
 
LVL 6

Accepted Solution

by:
e_vanheel earned 1500 total points
ID: 16703170
I don't know the firebox very well but this might help.

Found this on this web page http://www.fireboxsupport.com/FB_MUVPN.htm 

Also, if you need your MUVPN user to have access to more than one subnet, complete the wizard, and then “edit” the MUVPN user and you will be able to add additional networks for the MUVPN user to access.  But for the initial configuration you can only add one network.

 You should not use the option of “Use default gateway on remote network” for this configuration.  This creates a 0.0.0.0 route where all traffic goes to the Firebox over the tunnel when the MUVPN client is enabled.  This should only be done by advanced users familiar with MUVPN setup when needed.

0
 
LVL 11

Author Comment

by:Eric
ID: 16703199
Oups sorry.. i did that hours ago.  I had that a while back but never tested it because it looked like it was creating a seperate vpn instead of route... but it does just work like a route.. and you only  have to auth one time for all 15 networks..

so its working this way.  But you got it right.. thanks
0
 
LVL 6

Expert Comment

by:e_vanheel
ID: 16703221
Glad I could help.
0
 
LVL 6

Expert Comment

by:e_vanheel
ID: 16721963
Are you going to award points for this?
0
 
LVL 11

Author Comment

by:Eric
ID: 16744520
oups..was out of town on busniness...

sure.
0
 
LVL 6

Expert Comment

by:e_vanheel
ID: 16745381
Thank you!
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question