Solved

Site to Site VPN using RV082

Posted on 2010-09-05
4
1,004 Views
Last Modified: 2012-05-10
Hello Experts Exchange Community

I submitted this question to the Cisco small business forum with no response at all.  I should have started here in the first place

I currently have an Linksys RV082 and RV042 setup for site to site VPN.  Everything seems to be working perfectly...except for one thing.  I cant communicate with anything that isnt using the RV082 as a gateway.  At the remote site that is using the RV042 I can ping and access files at the site hosting the RV082.  But only if those PC's or servers are using the RV082 as a gateway.  I have an exchange server, terminal server, and a web server that all go through a Adtran T1 router.  They use the Adtran as their default gateway.  I can not ping these servers from the RV042 side.  What do I need to do to be able to communicate with these servers from the RV042.  Any help would be greatly appreciated.  Please let me know if anyone needs more information on the network setup.

Attached is an image of an example of what the network looks like.  
CFT-VPN.jpg
0
Comment
Question by:CFT-TN
  • 2
4 Comments
 
LVL 24

Accepted Solution

by:
rfc1180 earned 500 total points
ID: 33607543
> have an exchange server, terminal server, and a web server that all go through a Adtran T1 router.  They use the Adtran as their default gateway.

You will need to add static routes on those servers

route -p add 172.16.10.0 mask 255.255.255.0 10.0.0.18 metric 1

Or preferably, you will need to move the adtran to a difference subnet and move layer 3 to the RV082 (if it has support for additional layer 3 interfaces

Billy
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 33613103
Or alternatively add a route on the RV082 for traffic to those machines should go through the Adtran as a gateway.

0
 
LVL 24

Assisted Solution

by:rfc1180
rfc1180 earned 500 total points
ID: 33613197
>Or alternatively add a route on the RV082 for traffic to those machines should go through the Adtran as a gateway.

You mean the other way around correct? The issue the author is having is the servers that are using the adtran as a gateway; add a route for 172.16.10.0 via 10.0.0.18 on the adtran. The only problem is that there is a potential issue of TCP half open sessions, so if there are any stateful inspections (SYN check, etc) then the packets could ultimately be dropped (Also, this is a sub-optimal configuration (As with static routes on the hosts; ideally you want the adtran directly connected to the RV082 as an additional subnet); this is more for traffic that was originated from 172.16.10.0 destined to any of the servers that are using the adtran is the gateway 10.0.0.18. A SYN packet that was sourced from 172.16.10.18 destined to 10.0.0.15 would reach 10.0.015 last hop being 10.0.0.18 and never traversing the adran; the problem would be the SYN-ACK traffic would traverse the adtran and if there is any stateful inspections of traffic, the SYN-ACK could potentially be dropped as it own no session recorded for an initial SYN.

Billy
0
 

Author Comment

by:CFT-TN
ID: 33649254
hey everyone.  I just got back from vacation and will try out everyones suggestions.  I will keep you posted.  Thanks for the comments.  This should get me in the right direction
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question