Solved

Cannot establish VPN between two same Gateways!

Posted on 2011-09-26
15
330 Views
Last Modified: 2012-05-12
Hello,

I'm trying to establish VPN between two office locations and encountering issues with Ping Failure message in Edge-Water router. After further digging, I found that these two locations contains same Gateway address.

Is there any way to establish VPN between these two locations which contain identical Gateway address? Is there any alternatives? What about VLAN?

Any further help would be appreciated. Thank you.
0
Comment
Question by:SrinathS
  • 5
  • 3
  • 2
  • +3
15 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 36598917
When you say "same gateways", you mean "same subnet"?   If so, the very best way around this is to change the subnet on one end. Long term, that is best. ... Thinkpads_User
0
 
LVL 3

Expert Comment

by:mwiener1
ID: 36598996
You cant have a vpn site to site with the same subnet on both sides. Change one and you'll be good to go.
0
 

Author Comment

by:SrinathS
ID: 36599132
NOT SUBNET

Verizon gave us same Gateway address for both of these locations. The SUBNET is different for both of these two locations (192.168.1.1, 10.10.3.1) I try to create and activate the new VPN in Edge Water to CISCO router, but it's shows "Ping Failure" message after few seconds.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 36599163
I think it would still be worth your while to ask Verizon to change one of the gateway addresses. This will help avoid later confusion.

However, here, if the two site IP addresses are different (but with the same external gateway), it should not cause a VPN failure, so look to other setup causes. ... Thinkpads_User
0
 

Author Comment

by:SrinathS
ID: 36599249
Okay. Theoretically, is it necessary to have different Gateways to setup VPN? The reason why I'm asking is ... my senior tech support told me that I need to have different Gateways to achieve this! I'm not sure, so I'm looking for right answer from here!
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 36599359
Check if you really need an external gateway. I looked at a couple of site to site IPSec VPN boxes and my own Windows 7 client application, and for external IP addresses, gateways are not even used. ... Thinkpads_User
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:SrinathS
ID: 36599608
I got different answer from my senior tech now! It's SAME SUBNET! NOT GATEWAY! Again the same question: What is the possible way to setup VPN with same SUB-NETS! Sorry for the confusion!
0
 
LVL 90

Accepted Solution

by:
John Hurst earned 167 total points
ID: 36599635
You need to change subnet on ONE end. VPN needs a different subnet on each end.

... Thinkpads_User
0
 
LVL 3

Assisted Solution

by:mwiener1
mwiener1 earned 167 total points
ID: 36599839
The only way to do it with the same subnet is to allow DHCP passthrough from one side.

Its easier to just change one subnet.
0
 
LVL 68

Assisted Solution

by:Qlemo
Qlemo earned 166 total points
ID: 36927937
As said, you need disjunctive addresses. That is most commonly achieved by using different subnets. The reason for that is that a router needs to have clear rules when and what to route. If packets for the same subnet arrive at the router, he cannot decide whether they are intended for the other side via VPN, or should remain local and hence ignored by the router.
If you have the lower sub-subnet on one site, and the higher sub-subnet on the other, routing is feasible. That would require you set one site to e.g. 192.168.1.0/25 (which is 192.168.1.1 to 126 as usuable addresses), and the other one to 192.168.1.128/25 (192.168.1.129 to 254). That way networks are still unique, you do not need to change much in regard of the network, and it still looks like it is one bigger network.
Of course you can also switch addresses to a complete different subnet on one site.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37048016
I've requested that this question be deleted for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 37048017
The author has the same subnet on each end (author confirmed). My answer (ID:36598917) is correct in this case.
.... Thinkpads_User
0
 

Expert Comment

by:South Mod
ID: 37074922
All,
 
Following an 'Objection' by thinkpads_user (at http://www.experts-exchange.com/Q_27421341.html) to the intended closure of this question, it has been reviewed by at least one Moderator and is being closed as recommended by the Expert.
 
At this point I am going to re-start the auto-close procedure.
 
Thank you,
 
SouthMod
Community Support Moderator
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now