Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Routing to another device on another network joined by private VPN

Posted on 2011-03-17
7
Medium Priority
?
553 Views
Last Modified: 2012-05-11
Hi all,

We have a IP KVM that is at another site which we want to use for troubleshooting should we need to remotely get into the bios of a server.

The two sites are joined by a cisco 1800 series VPN supplied by a telco vendor.  We can get to the server on the remote side as we have added a persisent route (i.e route -p with specifics) onto the server.

The ip kvm we arent so lucky.  How do i go about being able to contact this IP KVM from the remote site through this router?  Once of the cisco's is the main gateway where the IP KVM is and on the other side its just a router for VPN purposes.

Thanks in advance.
0
Comment
Question by:msha094
  • 4
  • 2
7 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 35162649
Usually, you would need to add the subnet of the KVM to the ACL you use for the VPN's address match so that the KVM subnet is swept into the VPN tunnel?  

0
 
LVL 8

Expert Comment

by:dosdet2
ID: 35169466
I can't picture your setup from your description.  Can you clarify - or better yet, post a simple diagram?

This is what I got:

Site_1 computer -> switch -> Telco_Router  -> VPN / Internet  -> Telco_Router  ->

Switch -> Server
           -> Workstations
           -> KVM

Is that accurate?
0
 

Author Comment

by:msha094
ID: 35169541
Yes correct, not that it matters but the telco routers don't supply Internet, simply a VPN between sites. Site 1 uses a different gateway hence why I have had to put in routes to the remote site pointing through the telco routers.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 8

Accepted Solution

by:
dosdet2 earned 2000 total points
ID: 35169649
See Diagram.
If this is correct, then this is what needs to happen.
Assuming that:
site-1 = 10.1.1.0 /24
site-2 = 10.2.2.0 /24
R-1 = 10.1.1.1
R-2 = 10.2.2.1
Telco-router/ site-1 = 10.1.1.200
Telco-router/ site-2 = 10.2.2.200
KVM device has an address within the 10.2.2.0/24 subnet


The workstation at site 1 has a default gateway of 10.1.1.1
Server has default gateway of 10.2.2.1
R-1 needs a static route: dest=10.2.2.0/24  next hop=10.1.1.200
R-2 needs a static route: dest=10.1.1.0/24  next hop=10.2.2.200

The internet routers have a lot to do with the connection because they are the default gateways and packets must go there first if they are headed for an Ip address outside the current subnet.

If my diagram is inaccurate, then we will need to tweak my answer.
It will also depend on what kind of VPN you have (ip translation?)
Let us know.


2-Sites-w-VPN.JPG
0
 

Author Comment

by:msha094
ID: 35169682
Almost right except for no r2 at site two due to the internet being routed through internet access router site 1 with a static route of 192.168.20.0 255.255.255.0 192.168.30.251 in that router.  Which is i guess the next hop route you mentioned as the telco router is 30.251.

site 1 is 192.168.30.x with 2 internet gateways - 30.254 is the server gateway which in this case is the r1 in the diagram.   The other gateway 30.253 is used by the client PC's only.

0
 

Author Comment

by:msha094
ID: 35169694
The telco VPN setup is a special service provider providing just a link and no internet due to the contraints of the site where the branch is located.  normally that r2 would also provide internet access for us.
0
 

Author Comment

by:msha094
ID: 35186493
Solution - my IP KVM device had two spots for the default gateway of which one wasnt populated.  Once putting in correct gateway i could ping the device and access it from the other site.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question