Solved

Site to Site VPN using RV082

Posted on 2010-09-05
4
1,001 Views
Last Modified: 2012-05-10
Hello Experts Exchange Community

I submitted this question to the Cisco small business forum with no response at all.  I should have started here in the first place

I currently have an Linksys RV082 and RV042 setup for site to site VPN.  Everything seems to be working perfectly...except for one thing.  I cant communicate with anything that isnt using the RV082 as a gateway.  At the remote site that is using the RV042 I can ping and access files at the site hosting the RV082.  But only if those PC's or servers are using the RV082 as a gateway.  I have an exchange server, terminal server, and a web server that all go through a Adtran T1 router.  They use the Adtran as their default gateway.  I can not ping these servers from the RV042 side.  What do I need to do to be able to communicate with these servers from the RV042.  Any help would be greatly appreciated.  Please let me know if anyone needs more information on the network setup.

Attached is an image of an example of what the network looks like.  
CFT-VPN.jpg
0
Comment
Question by:CFT-TN
  • 2
4 Comments
 
LVL 24

Accepted Solution

by:
rfc1180 earned 500 total points
ID: 33607543
> have an exchange server, terminal server, and a web server that all go through a Adtran T1 router.  They use the Adtran as their default gateway.

You will need to add static routes on those servers

route -p add 172.16.10.0 mask 255.255.255.0 10.0.0.18 metric 1

Or preferably, you will need to move the adtran to a difference subnet and move layer 3 to the RV082 (if it has support for additional layer 3 interfaces

Billy
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 33613103
Or alternatively add a route on the RV082 for traffic to those machines should go through the Adtran as a gateway.

0
 
LVL 24

Assisted Solution

by:rfc1180
rfc1180 earned 500 total points
ID: 33613197
>Or alternatively add a route on the RV082 for traffic to those machines should go through the Adtran as a gateway.

You mean the other way around correct? The issue the author is having is the servers that are using the adtran as a gateway; add a route for 172.16.10.0 via 10.0.0.18 on the adtran. The only problem is that there is a potential issue of TCP half open sessions, so if there are any stateful inspections (SYN check, etc) then the packets could ultimately be dropped (Also, this is a sub-optimal configuration (As with static routes on the hosts; ideally you want the adtran directly connected to the RV082 as an additional subnet); this is more for traffic that was originated from 172.16.10.0 destined to any of the servers that are using the adtran is the gateway 10.0.0.18. A SYN packet that was sourced from 172.16.10.18 destined to 10.0.0.15 would reach 10.0.015 last hop being 10.0.0.18 and never traversing the adran; the problem would be the SYN-ACK traffic would traverse the adtran and if there is any stateful inspections of traffic, the SYN-ACK could potentially be dropped as it own no session recorded for an initial SYN.

Billy
0
 

Author Comment

by:CFT-TN
ID: 33649254
hey everyone.  I just got back from vacation and will try out everyones suggestions.  I will keep you posted.  Thanks for the comments.  This should get me in the right direction
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VIRL IP adress 3 69
cradle point vpn to sonicwall 5 76
Setting up a VPN 60 137
inserting an ACL line Cisco IOS XR Software, Version 5.3.3 2 38
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question