Gateway to Gateway and a route to a separate subnet.

I work at an office that uses a gateway-to-gateway VPN between to offices.  Each office subnet is 172.16.1.0 and 172.16.2.0.  We are working on implementing a cloud solution using a gateway solution to a remote network 10.0.1.0.  Users from the main office at 172.16.1.0 can access hosts on 10.0.1.0, but users from the 172.16.2.0 network can't even ping any host from the 10.0.1.0.  I tried adding a route to the 172.16.2.0 for 10.0.1.0, 255.255.255.0, Gateway: 172.16.2.1, hop count of 10, but I still cannot ping any host on the 10.0.1.0 from the 172.16.2.1 router.  What needs to be done to get traffic flowing from 172.16.2.0 network via 172.16.1.0 network to the remote cloud network 10.0.1.0?  Feedback is appreciated.
cmp119IT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ron MalmsteadInformation Services ManagerCommented:
You added a route on your edge router to get there, but did you add a route on the device on the other end to get back? (10.0.1.0 > 172.16.2.0)
0
cmp119IT ManagerAuthor Commented:
So let me confirm if we do the following it ought to work then.

On 172.16.2.0 router setup a route to destination: 10.0.1.0, Mask:  255.255.255.0, GW:  172.16.2.1

And then on the cloud provider setup a route to destination 172.16.2.0, Mask:  255.255.255.0, GW:  10.0.1.0 or 10.0.0.0.  Not sure exactly what gateway to use here, but I can play with it using different IPs.  

Please let me know if the above is similar what you're speaking of.  Thank you.
0
Fred MarshallPrincipalCommented:
At 172.16.2.0 you need a route that points to 10.0.1.0 with the next hop at 172.16.1.1
You didn't mention this one exactly.

At 172.16.1.0 you need a route that points to 172.16.2.0 with the next hop at 172.16.2.1
Presumably, with the VPN set up, this is already there.
0
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

cmp119IT ManagerAuthor Commented:
On the 172.16.2.0 Linksys RV042 router they have an option for Setup\Advanced routing.  Within this section you can add a route with the following options:  Destination IP, Subnet Mask, Default Gateway, Hop Count, Interface (LAN/WAN/WAN2/DMZ).

I did the following Dest IP:  10.0.1.0, Subnet:  255.255.255.0, GW: 172.16.2.1, HOP: 10, Interface:  LAN.

I believe the 172.16.1.0 network already has the necessary routes defined since computer between 172.16.2.0 and 10.0.1.0 works fine within the 172.16.1.0 subnet.
0
Fred MarshallPrincipalCommented:
Hmmmm.  If you are using RV042s at both ends then you should read this paper.
I don't think you can make it work.  I'd be very happy to be proven wrong.

I have a similar setup using RV042 as standalone MPLS routers without using VPN.
This has one internet gateway (a separate device) at the primary site.
What I found was that the "primary site" RV042 had to have its WAN port facing the internet gateway.  Of course, if it's the gateway then this can't be.

Earlier, I also was not able to get a VPN situation like yours using RV042s to reach a2nd hop gateway on the primary LAN.  Perhaps the two are related....
i.e. launch a packet from the 2nd site that is destined for a 3rd site with a VPN interface at the 1st/primary site.  I couldn't get the hop within the primary site to work using RV042s.  
Since then folks have explained that this sort of thing should be possible but with different equipment.  I've not tried it again.
Using-RV042.pdf
0
vvzarCommented:
All that must be provided: subnet 10.0.1.0 have to know about 172.16.2.0 and 172.16.2.0 have to know path to 10.0.1.0

You can accept this by this way:

subnet 172.16.2.0 default route throught 172.16.2.1

172.16.2.1 router - all packets to 10.0.1.0 must be routed directly to tunnel (vpn) interface. Not to 172.16.1.1 or NOT to IP of end tunnel interface at router 172.16.1.1

from 10.0.1.0 all packets (or packets with dest 172.16.2.0 ) have to be routed to 172.16.1.1 (to ip address of interface or to interface that knows about 10.0.1.0 subnet)  Or just use SNAT from 10.0.1.0 to 172.16.2.0 by using firewall at router 172.16.1.1
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.