Creating a VPN with a Draytek router to multiple remote subnets
I've been using Draytek routers for years and I'm familiar with their setup and functionality. Until recently all routers within the company have been Draytek. We have however replaced the Draytek in the main office with a Cyberoam Cr25i UTM to increase security.
We were setup in a hub and spoke setup and the rmeote locations could access the other remote locations through the vpn to the main site. This was done my a simple static route set as a route via the LAN to the gateway of the main office. Since replacing the draytek with the cyberoam, this spoke and hub arrangement hasn't worked. It wasn't a major issue so I never investigated the issue.
We are now changing over to a new subnet at the main office and are running the 2 side by side during the testing phase. This has caused a major problem with the VPNs. The VPNs can only access the network specified on the main VPN page. Adding extra sites (clicking on More allows you to add in more subnets) or adding static routes doesn't work.
I thought the issue was with the cuberoam, but after lots of testing with Cyberoam's support team we identified that the cyberoam wasn't receiving any traffic for the additional subnets. So the issue is with the Draytek.
I could create a second VPNs to the main site to access the new subnet, but we are deploying essential business server behind our existing firewall. This has a built in gateway/firewall that has to be used. So the network setup for the new network is as follows....
Cyberoam firewall/VPN/gateway
|
10.0.0.0/24
|
EBS firewall/gateway
|
10.10.10.0/24 main network
So I have had to create a route on the cyberoam for the 10.10.10.0/24 network via 10.0.0.0 (external EBS gateway address).
Again the Draytek fails as it can only connect to the first subnet, so I have no way of connecting to the main network.
I could change to using the EBS gateway as the VPN gateway rather than the cyberoam, this would solve the accessing the main network problem, but something in my head says I should use the Cyberoam as the VPN gateway.
Does anyone have any experience connecting to a Windows Server from a Draytek with an IPSEC VPN? Do multiple remote subnets work?
Has anyone got multiple remote subnets working with a Draytek?
What routers do people use that allows for multiple remote subnets (tight budget)?
We were setup in a hub and spoke setup and the rmeote locations could access the other remote locations through the vpn to the main site. This was done my a simple static route set as a route via the LAN to the gateway of the main office. Since replacing the draytek with the cyberoam, this spoke and hub arrangement hasn't worked. It wasn't a major issue so I never investigated the issue.
We are now changing over to a new subnet at the main office and are running the 2 side by side during the testing phase. This has caused a major problem with the VPNs. The VPNs can only access the network specified on the main VPN page. Adding extra sites (clicking on More allows you to add in more subnets) or adding static routes doesn't work.
I thought the issue was with the cuberoam, but after lots of testing with Cyberoam's support team we identified that the cyberoam wasn't receiving any traffic for the additional subnets. So the issue is with the Draytek.
I could create a second VPNs to the main site to access the new subnet, but we are deploying essential business server behind our existing firewall. This has a built in gateway/firewall that has to be used. So the network setup for the new network is as follows....
Cyberoam firewall/VPN/gateway
|
10.0.0.0/24
|
EBS firewall/gateway
|
10.10.10.0/24 main network
So I have had to create a route on the cyberoam for the 10.10.10.0/24 network via 10.0.0.0 (external EBS gateway address).
Again the Draytek fails as it can only connect to the first subnet, so I have no way of connecting to the main network.
I could change to using the EBS gateway as the VPN gateway rather than the cyberoam, this would solve the accessing the main network problem, but something in my head says I should use the Cyberoam as the VPN gateway.
Does anyone have any experience connecting to a Windows Server from a Draytek with an IPSEC VPN? Do multiple remote subnets work?
Has anyone got multiple remote subnets working with a Draytek?
What routers do people use that allows for multiple remote subnets (tight budget)?
Rick_O_Shay
I think you said you created the new static route using the external address as the next hop. That should be the tunnel endpoint's address not the external router's address.
ASKER
If I create the route, I use the internal endpoint and the route is via the LAN (can only choose between LAN and WAN). If you use the More button and add extra remote subnets, the routes are created by the router with the external address of the VPN, but it is routed via VPN in the table.
If the routes are getting added correctly then is there a firewall rule/policy that needs to be added to allow communications with the new subnet?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.