Gateway to Gateway and a route to a separate subnet.

Posted on 2013-09-10
Medium Priority
Last Modified: 2013-09-27
I work at an office that uses a gateway-to-gateway VPN between to offices.  Each office subnet is and  We are working on implementing a cloud solution using a gateway solution to a remote network  Users from the main office at can access hosts on, but users from the network can't even ping any host from the  I tried adding a route to the for,, Gateway:, hop count of 10, but I still cannot ping any host on the from the router.  What needs to be done to get traffic flowing from network via network to the remote cloud network  Feedback is appreciated.
Question by:cmp119
LVL 25

Expert Comment

by:Ron Malmstead
ID: 39481613
You added a route on your edge router to get there, but did you add a route on the device on the other end to get back? ( >

Author Comment

ID: 39481656
So let me confirm if we do the following it ought to work then.

On router setup a route to destination:, Mask:, GW:

And then on the cloud provider setup a route to destination, Mask:, GW: or  Not sure exactly what gateway to use here, but I can play with it using different IPs.  

Please let me know if the above is similar what you're speaking of.  Thank you.
LVL 27

Expert Comment

by:Fred Marshall
ID: 39481672
At you need a route that points to with the next hop at
You didn't mention this one exactly.

At you need a route that points to with the next hop at
Presumably, with the VPN set up, this is already there.
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!


Author Comment

ID: 39481717
On the Linksys RV042 router they have an option for Setup\Advanced routing.  Within this section you can add a route with the following options:  Destination IP, Subnet Mask, Default Gateway, Hop Count, Interface (LAN/WAN/WAN2/DMZ).

I did the following Dest IP:, Subnet:, GW:, HOP: 10, Interface:  LAN.

I believe the network already has the necessary routes defined since computer between and works fine within the subnet.
LVL 27

Expert Comment

by:Fred Marshall
ID: 39481736
Hmmmm.  If you are using RV042s at both ends then you should read this paper.
I don't think you can make it work.  I'd be very happy to be proven wrong.

I have a similar setup using RV042 as standalone MPLS routers without using VPN.
This has one internet gateway (a separate device) at the primary site.
What I found was that the "primary site" RV042 had to have its WAN port facing the internet gateway.  Of course, if it's the gateway then this can't be.

Earlier, I also was not able to get a VPN situation like yours using RV042s to reach a2nd hop gateway on the primary LAN.  Perhaps the two are related....
i.e. launch a packet from the 2nd site that is destined for a 3rd site with a VPN interface at the 1st/primary site.  I couldn't get the hop within the primary site to work using RV042s.  
Since then folks have explained that this sort of thing should be possible but with different equipment.  I've not tried it again.

Accepted Solution

vvzar earned 2000 total points
ID: 39482421
All that must be provided: subnet have to know about and have to know path to

You can accept this by this way:

subnet default route throught router - all packets to must be routed directly to tunnel (vpn) interface. Not to or NOT to IP of end tunnel interface at router

from all packets (or packets with dest ) have to be routed to (to ip address of interface or to interface that knows about subnet)  Or just use SNAT from to by using firewall at router

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question