Solved

Cannot establish VPN between two same Gateways!

Posted on 2011-09-26
15
365 Views
Last Modified: 2012-05-12
Hello,

I'm trying to establish VPN between two office locations and encountering issues with Ping Failure message in Edge-Water router. After further digging, I found that these two locations contains same Gateway address.

Is there any way to establish VPN between these two locations which contain identical Gateway address? Is there any alternatives? What about VLAN?

Any further help would be appreciated. Thank you.
0
Comment
Question by:SrinathS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +3
15 Comments
 
LVL 94

Expert Comment

by:John Hurst
ID: 36598917
When you say "same gateways", you mean "same subnet"?   If so, the very best way around this is to change the subnet on one end. Long term, that is best. ... Thinkpads_User
0
 
LVL 3

Expert Comment

by:mwiener1
ID: 36598996
You cant have a vpn site to site with the same subnet on both sides. Change one and you'll be good to go.
0
 

Author Comment

by:SrinathS
ID: 36599132
NOT SUBNET

Verizon gave us same Gateway address for both of these locations. The SUBNET is different for both of these two locations (192.168.1.1, 10.10.3.1) I try to create and activate the new VPN in Edge Water to CISCO router, but it's shows "Ping Failure" message after few seconds.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 94

Expert Comment

by:John Hurst
ID: 36599163
I think it would still be worth your while to ask Verizon to change one of the gateway addresses. This will help avoid later confusion.

However, here, if the two site IP addresses are different (but with the same external gateway), it should not cause a VPN failure, so look to other setup causes. ... Thinkpads_User
0
 

Author Comment

by:SrinathS
ID: 36599249
Okay. Theoretically, is it necessary to have different Gateways to setup VPN? The reason why I'm asking is ... my senior tech support told me that I need to have different Gateways to achieve this! I'm not sure, so I'm looking for right answer from here!
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 36599359
Check if you really need an external gateway. I looked at a couple of site to site IPSec VPN boxes and my own Windows 7 client application, and for external IP addresses, gateways are not even used. ... Thinkpads_User
0
 

Author Comment

by:SrinathS
ID: 36599608
I got different answer from my senior tech now! It's SAME SUBNET! NOT GATEWAY! Again the same question: What is the possible way to setup VPN with same SUB-NETS! Sorry for the confusion!
0
 
LVL 94

Accepted Solution

by:
John Hurst earned 167 total points
ID: 36599635
You need to change subnet on ONE end. VPN needs a different subnet on each end.

... Thinkpads_User
0
 
LVL 3

Assisted Solution

by:mwiener1
mwiener1 earned 167 total points
ID: 36599839
The only way to do it with the same subnet is to allow DHCP passthrough from one side.

Its easier to just change one subnet.
0
 
LVL 69

Assisted Solution

by:Qlemo
Qlemo earned 166 total points
ID: 36927937
As said, you need disjunctive addresses. That is most commonly achieved by using different subnets. The reason for that is that a router needs to have clear rules when and what to route. If packets for the same subnet arrive at the router, he cannot decide whether they are intended for the other side via VPN, or should remain local and hence ignored by the router.
If you have the lower sub-subnet on one site, and the higher sub-subnet on the other, routing is feasible. That would require you set one site to e.g. 192.168.1.0/25 (which is 192.168.1.1 to 126 as usuable addresses), and the other one to 192.168.1.128/25 (192.168.1.129 to 254). That way networks are still unique, you do not need to change much in regard of the network, and it still looks like it is one bigger network.
Of course you can also switch addresses to a complete different subnet on one site.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37048016
I've requested that this question be deleted for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 37048017
The author has the same subnet on each end (author confirmed). My answer (ID:36598917) is correct in this case.
.... Thinkpads_User
0
 

Expert Comment

by:South Mod
ID: 37074922
All,
 
Following an 'Objection' by thinkpads_user (at http://www.experts-exchange.com/Q_27421341.html) to the intended closure of this question, it has been reviewed by at least one Moderator and is being closed as recommended by the Expert.
 
At this point I am going to re-start the auto-close procedure.
 
Thank you,
 
SouthMod
Community Support Moderator
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ACL deny / Permit 10 47
Cisco Wireless Access Controller 3 35
Routing certain SSLVPN Traffic to CDN 1 22
CISCO wireless controller & AP 2 40
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

697 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question