[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

problem with routing to VPN connected site

Posted on 2011-02-17
11
Medium Priority
?
315 Views
Last Modified: 2012-05-11
Hi All.  I will try to explain this as clearly as possible.  I have 7 offices connected internally though a seires of MetroE connections in a hub & spoke setup.  I also have some home users who have Cisco 800 seies VPN routers connecting back to my network through a Cisco VPN 3005 concentrator.  The problem is that users in the homes can only access resources on the main network.  They cannot access any of the other 'internal' offices. Example diagram is:

192.0.6.0 - Router B - 192.168.4.6  -  192.168.4.1 - Router A - 192.0.1.1  -  192.0.1.4 - 3005VPN -  NET  -  NET - Cisco800 - 192.168.140.0

anyone on the 192.0.1.0 network can access the 192.168.140.0 network and vice-versa, no problem.  But 192.168.140.0 network cannot access the 192.0.6.0 network & vice-versa.  OK, so I kinda get that Router A isn't passing the traffic, but I don't know how to make it.  BTW, the routes are in Router A and it is correctly advertising those routes to Router B.

Thanks!  Don
0
Comment
Question by:dongcamp100
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 4

Expert Comment

by:AnthonyHamon
ID: 34918303
It sounds like your VPN clients are not given a default gateway in order to route out of the 192.0.1.0 network.
0
 
LVL 5

Expert Comment

by:rdhoore108
ID: 34918451
Your VPN client from 192.0.6.0 probably can reach 192.168.140.0 fine, but the router B doesn't know how to reach 192.0.6.0, and sends the return traffic through its default gateway instead.

But where exactly it goes wrong, needs to be debugged on the routers themselves. Are you managing those CISCO routers yourself?
0
 
LVL 17

Expert Comment

by:rochey2009
ID: 34918497
Hi,

Do you use split tunelling for your home users. If you have you will need to specify which subnets you want to send over the VPN. In which case you will need to specify all of the subnets you want them to reach.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 

Author Comment

by:dongcamp100
ID: 34918720
I am not using split tunneling.  In the concentrator profile, I have Tunnel Everything set.  192.0.6.0 is internal and it is driectly connected to Router B, so Router B knows where to send traffic.  The VPN clients are connected to the 800 Router and it has a default gateway to the NET.  Traffic makes it from the VPN clients into the 192.0.1.1 network, but doesn't get any farther into the other 'internal' networks such as 192.0.6.0.
0
 
LVL 5

Expert Comment

by:rdhoore108
ID: 34919049
I still think the traffic does get from your VPN client to the "'other internal networks", but there is no route back to the VPN client.

You might try a tracert command from your other internal network to a VPN client's IP, and see how far it gets.
0
 
LVL 17

Expert Comment

by:rochey2009
ID: 34919412
Have a look at the access-list on the VPN concentrator that defines interesting traffic. Does this preclude any of the networks that you want the VPN users to access?
0
 
LVL 17

Accepted Solution

by:
rochey2009 earned 2000 total points
ID: 34919456
I think they refer to them as network lists not access-lists on VPN concentrators

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009482e.shtml

Have a look at step 4 in the above link.
0
 
LVL 13

Expert Comment

by:kdearing
ID: 34921211
I believe you're missing a couple routes someplace, but I'm having trouble firguring out your network layout.
Can you give us a basic diagram?
0
 

Author Comment

by:dongcamp100
ID: 35240455
I would like to accept and award points on this question as one of the comments has ultimately lead to a resolution.  Please allow me to do so and I will close the question as solved.
0
 

Author Closing Comment

by:dongcamp100
ID: 35240466
It turned out to actually be the access-list on the endpoint router.  I think I am still a little fuzzy on why it was wrong, but ultimately, tinkering with the access-list statements on the router fixed the problem.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question