Gateway to Gateway and a route to a separate subnet.
I work at an office that uses a gateway-to-gateway VPN between to offices. Each office subnet is 172.16.1.0 and 172.16.2.0. We are working on implementing a cloud solution using a gateway solution to a remote network 10.0.1.0. Users from the main office at 172.16.1.0 can access hosts on 10.0.1.0, but users from the 172.16.2.0 network can't even ping any host from the 10.0.1.0. I tried adding a route to the 172.16.2.0 for 10.0.1.0, 255.255.255.0, Gateway: 172.16.2.1, hop count of 10, but I still cannot ping any host on the 10.0.1.0 from the 172.16.2.1 router. What needs to be done to get traffic flowing from 172.16.2.0 network via 172.16.1.0 network to the remote cloud network 10.0.1.0? Feedback is appreciated.
Ron Malmstead
You added a route on your edge router to get there, but did you add a route on the device on the other end to get back? (10.0.1.0 > 172.16.2.0)
ASKER
So let me confirm if we do the following it ought to work then.
On 172.16.2.0 router setup a route to destination: 10.0.1.0, Mask: 255.255.255.0, GW: 172.16.2.1
And then on the cloud provider setup a route to destination 172.16.2.0, Mask: 255.255.255.0, GW: 10.0.1.0 or 10.0.0.0. Not sure exactly what gateway to use here, but I can play with it using different IPs.
Please let me know if the above is similar what you're speaking of. Thank you.
On 172.16.2.0 router setup a route to destination: 10.0.1.0, Mask: 255.255.255.0, GW: 172.16.2.1
And then on the cloud provider setup a route to destination 172.16.2.0, Mask: 255.255.255.0, GW: 10.0.1.0 or 10.0.0.0. Not sure exactly what gateway to use here, but I can play with it using different IPs.
Please let me know if the above is similar what you're speaking of. Thank you.
At 172.16.2.0 you need a route that points to 10.0.1.0 with the next hop at 172.16.1.1
You didn't mention this one exactly.
At 172.16.1.0 you need a route that points to 172.16.2.0 with the next hop at 172.16.2.1
Presumably, with the VPN set up, this is already there.
You didn't mention this one exactly.
At 172.16.1.0 you need a route that points to 172.16.2.0 with the next hop at 172.16.2.1
Presumably, with the VPN set up, this is already there.
ASKER
On the 172.16.2.0 Linksys RV042 router they have an option for Setup\Advanced routing. Within this section you can add a route with the following options: Destination IP, Subnet Mask, Default Gateway, Hop Count, Interface (LAN/WAN/WAN2/DMZ).
I did the following Dest IP: 10.0.1.0, Subnet: 255.255.255.0, GW: 172.16.2.1, HOP: 10, Interface: LAN.
I believe the 172.16.1.0 network already has the necessary routes defined since computer between 172.16.2.0 and 10.0.1.0 works fine within the 172.16.1.0 subnet.
I did the following Dest IP: 10.0.1.0, Subnet: 255.255.255.0, GW: 172.16.2.1, HOP: 10, Interface: LAN.
I believe the 172.16.1.0 network already has the necessary routes defined since computer between 172.16.2.0 and 10.0.1.0 works fine within the 172.16.1.0 subnet.
Hmmmm. If you are using RV042s at both ends then you should read this paper.
I don't think you can make it work. I'd be very happy to be proven wrong.
I have a similar setup using RV042 as standalone MPLS routers without using VPN.
This has one internet gateway (a separate device) at the primary site.
What I found was that the "primary site" RV042 had to have its WAN port facing the internet gateway. Of course, if it's the gateway then this can't be.
Earlier, I also was not able to get a VPN situation like yours using RV042s to reach a2nd hop gateway on the primary LAN. Perhaps the two are related....
i.e. launch a packet from the 2nd site that is destined for a 3rd site with a VPN interface at the 1st/primary site. I couldn't get the hop within the primary site to work using RV042s.
Since then folks have explained that this sort of thing should be possible but with different equipment. I've not tried it again.
Using-RV042.pdf
I don't think you can make it work. I'd be very happy to be proven wrong.
I have a similar setup using RV042 as standalone MPLS routers without using VPN.
This has one internet gateway (a separate device) at the primary site.
What I found was that the "primary site" RV042 had to have its WAN port facing the internet gateway. Of course, if it's the gateway then this can't be.
Earlier, I also was not able to get a VPN situation like yours using RV042s to reach a2nd hop gateway on the primary LAN. Perhaps the two are related....
i.e. launch a packet from the 2nd site that is destined for a 3rd site with a VPN interface at the 1st/primary site. I couldn't get the hop within the primary site to work using RV042s.
Since then folks have explained that this sort of thing should be possible but with different equipment. I've not tried it again.
Using-RV042.pdf
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.