jnettech
asked on
ClarkConnect mananged vpn routeing to subnets
Ok,
I have 2 clarkconnet boxes office edition 4.2 set up with a mananged vpn (IPsec)
Clark connect box 1
10.30.9.0/24
10.40.100.0/24
10.40.102.0/24
Clark Connect Box 2
10.30.11.0/24
10.40.200.0/24
10.40.202.0/24
The only sub net i can access across the vpn is the 10.30.x.x subnet
i have tried to set routeting with route in the command line with no luck
Thanks,
Joe
I have 2 clarkconnet boxes office edition 4.2 set up with a mananged vpn (IPsec)
Clark connect box 1
10.30.9.0/24
10.40.100.0/24
10.40.102.0/24
Clark Connect Box 2
10.30.11.0/24
10.40.200.0/24
10.40.202.0/24
The only sub net i can access across the vpn is the 10.30.x.x subnet
i have tried to set routeting with route in the command line with no luck
Thanks,
Joe
Last Comment
mattbcs
Do you have static routing tables set up? If so, please post them.
ASKER
i did a ip route show
10.40.200.0/24 dev eth1 proto kernel scope link src 10.40.200.1
10.40.201.0/24 dev eth1 proto kernel scope link src 10.40.201.1
10.30.11.0/24 dev eth1 proto kernel scope link src 10.30.11.1
10.30.10.0/24 via 76.215.112.1 dev eth0 src 10.30.11.1
10.30.9.0/24 via 76.215.112.1 dev eth0 src 10.30.11.1
10.30.8.0/24 dev eth2 proto kernel scope link src 10.30.8.1
76.215.112.0/22 dev eth0 proto kernel scope link src 76.215.113.104
default via 76.215.112.1 dev eth0
10.40.200.0/24 dev eth1 proto kernel scope link src 10.40.200.1
10.40.201.0/24 dev eth1 proto kernel scope link src 10.40.201.1
10.30.11.0/24 dev eth1 proto kernel scope link src 10.30.11.1
10.30.10.0/24 via 76.215.112.1 dev eth0 src 10.30.11.1
10.30.9.0/24 via 76.215.112.1 dev eth0 src 10.30.11.1
10.30.8.0/24 dev eth2 proto kernel scope link src 10.30.8.1
76.215.112.0/22 dev eth0 proto kernel scope link src 76.215.113.104
default via 76.215.112.1 dev eth0
10.40.200.0/24 dev eth1 proto kernel scope link src 10.40.200.1
10.40.201.0/24 dev eth1 proto kernel scope link src 10.40.201.1
---
There isn't a valid path for these routes
Note that 10.30 is working because
10.30.11.0/24 dev eth1 proto kernel scope link src 10.30.11.1
10.30.10.0/24 via 76.215.112.1 dev eth0 src 10.30.11.1
10.30.9.0/24 via 76.215.112.1 dev eth0 src 10.30.11.1
10.30.8.0/24 dev eth2 proto kernel scope link src 10.30.8.1
----
A shot in the dark, but try adding
10.40.200.0/24 via 76.215.112.1 dev eth0 src 10.40.200.1
10.40.201.0/24 via 76.215.112.1 dev eth0 src 10.40.201.1
See what that does... and let me know.
Thanks,
Matt
10.40.201.0/24 dev eth1 proto kernel scope link src 10.40.201.1
---
There isn't a valid path for these routes
Note that 10.30 is working because
10.30.11.0/24 dev eth1 proto kernel scope link src 10.30.11.1
10.30.10.0/24 via 76.215.112.1 dev eth0 src 10.30.11.1
10.30.9.0/24 via 76.215.112.1 dev eth0 src 10.30.11.1
10.30.8.0/24 dev eth2 proto kernel scope link src 10.30.8.1
----
A shot in the dark, but try adding
10.40.200.0/24 via 76.215.112.1 dev eth0 src 10.40.200.1
10.40.201.0/24 via 76.215.112.1 dev eth0 src 10.40.201.1
See what that does... and let me know.
Thanks,
Matt
ASKER
I should have been more clear here (been working on this all day and got scatter brained)
so i changed the ip accordingly
ip route add 10.40.200.0/24 via 76.215.112.1 dev eth0 src 10.
40.200.1 (i get RTNETLINK answers: Network is unreachable)
---
then i tried ip route add 10.40.200.0/24 via 76.215.112.1 dev eth0 src 10.
30.1 it takes the command fine. and when i ping the 10.40.100.0/24 subnet it dose not give any ping reply. Also the traceroute dose not show any hops
---
The current system i am doing the config on right now is the cc2 (have access right now to it if something goes wrong)
Here is the ip tables form cc1
all the 10.40.x.x sub nets route to 10.30.9.50 (cisco router setup for call mananger)
10.40.254.0/24 via 10.30.9.50 dev eth1
10.30.20.0/24 dev eth1 proto kernel scope link src 10.30.20.1
10.30.11.0/24 via 68.59.88.1 dev eth0 src 10.30.9.1
10.40.101.0/24 via 10.30.9.50 dev eth1
10.30.10.0/24 via 68.59.88.1 dev eth0 src 10.30.9.1
10.30.9.0/24 dev eth1 proto kernel scope link src 10.30.9.1
68.59.88.0/21 dev eth0 proto kernel scope link src 68.59.93.178
default via 68.59.88.1 dev eth0
---
CC2 ip tables
(same results as b4) no ping no traceroute
in the ip config via the web admin there are two virtural lans
10.40.200.0/24
10.40.201.0/24
and it auto added the 10.40.200.0 and 10.40.201.0 subnet in the route config
10.40.200.0/24 dev eth1 proto kernel scope link src 10.40.200.1
10.40.201.0/24 dev eth1 proto kernel scope link src 10.40.201.1
10.30.11.0/24 dev eth1 proto kernel scope link src 10.30.11.1
10.30.8.0/24 dev eth2 proto kernel scope link src 10.30.8.1
76.215.112.0/22 dev eth0 proto kernel scope link src 76.215.113.104
default via 76.215.112.1 dev eth0
then i restarted the network and firewall service and still no luck
Joe
so i changed the ip accordingly
ip route add 10.40.200.0/24 via 76.215.112.1 dev eth0 src 10.
40.200.1 (i get RTNETLINK answers: Network is unreachable)
---
then i tried ip route add 10.40.200.0/24 via 76.215.112.1 dev eth0 src 10.
30.1 it takes the command fine. and when i ping the 10.40.100.0/24 subnet it dose not give any ping reply. Also the traceroute dose not show any hops
---
The current system i am doing the config on right now is the cc2 (have access right now to it if something goes wrong)
Here is the ip tables form cc1
all the 10.40.x.x sub nets route to 10.30.9.50 (cisco router setup for call mananger)
10.40.254.0/24 via 10.30.9.50 dev eth1
10.30.20.0/24 dev eth1 proto kernel scope link src 10.30.20.1
10.30.11.0/24 via 68.59.88.1 dev eth0 src 10.30.9.1
10.40.101.0/24 via 10.30.9.50 dev eth1
10.30.10.0/24 via 68.59.88.1 dev eth0 src 10.30.9.1
10.30.9.0/24 dev eth1 proto kernel scope link src 10.30.9.1
68.59.88.0/21 dev eth0 proto kernel scope link src 68.59.93.178
default via 68.59.88.1 dev eth0
---
CC2 ip tables
(same results as b4) no ping no traceroute
in the ip config via the web admin there are two virtural lans
10.40.200.0/24
10.40.201.0/24
and it auto added the 10.40.200.0 and 10.40.201.0 subnet in the route config
10.40.200.0/24 dev eth1 proto kernel scope link src 10.40.200.1
10.40.201.0/24 dev eth1 proto kernel scope link src 10.40.201.1
10.30.11.0/24 dev eth1 proto kernel scope link src 10.30.11.1
10.30.8.0/24 dev eth2 proto kernel scope link src 10.30.8.1
76.215.112.0/22 dev eth0 proto kernel scope link src 76.215.113.104
default via 76.215.112.1 dev eth0
then i restarted the network and firewall service and still no luck
Joe
Do the routes to the cisco router get a ping response?
ASKER
yes it dose
can you post a
netstat -rn
netstat -rn
ASKER
CC1
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.40.254.0 10.30.9.50 255.255.255.0 UG 0 0 0 eth1
10.30.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.30.11.0 68.59.88.1 255.255.255.0 UG 0 0 0 eth0
10.40.101.0 10.30.9.50 255.255.255.0 UG 0 0 0 eth1
10.30.10.0 68.59.88.1 255.255.255.0 UG 0 0 0 eth0
10.30.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
68.59.88.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0
0.0.0.0 68.59.88.1 0.0.0.0 UG 0 0 0 eth0
CC 2
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.40.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.40.201.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.30.11.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.30.10.0 76.215.112.1 255.255.255.0 UG 0 0 0 eth0
10.30.9.0 76.215.112.1 255.255.255.0 UG 0 0 0 eth0
10.30.8.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
76.215.112.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0
0.0.0.0 76.215.112.1 0.0.0.0 UG 0 0 0 eth0
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.40.254.0 10.30.9.50 255.255.255.0 UG 0 0 0 eth1
10.30.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.30.11.0 68.59.88.1 255.255.255.0 UG 0 0 0 eth0
10.40.101.0 10.30.9.50 255.255.255.0 UG 0 0 0 eth1
10.30.10.0 68.59.88.1 255.255.255.0 UG 0 0 0 eth0
10.30.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
68.59.88.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0
0.0.0.0 68.59.88.1 0.0.0.0 UG 0 0 0 eth0
CC 2
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.40.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.40.201.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.30.11.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.30.10.0 76.215.112.1 255.255.255.0 UG 0 0 0 eth0
10.30.9.0 76.215.112.1 255.255.255.0 UG 0 0 0 eth0
10.30.8.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
76.215.112.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0
0.0.0.0 76.215.112.1 0.0.0.0 UG 0 0 0 eth0
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Clark Connect i read uses open swan for their vpn solution and i aslo read that with the mananged vpn solution that Clarkconnet offers olny will allow one Subnet range could there be a workaround for this
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I switched my firewall solution to untagle and it works like a breese! thanks for all your help!
Linux Networking
The variety of Linux distributions creates myriad issues relating to configuration and operations when computers are networked, not the least of which is the use of various network management applications, some of which are included with specific distributions, while others are standalone applications.
19K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
