Link to home
Start Free TrialLog in
Avatar of jboyle00
jboyle00

asked on

VPN with Cisco 325

Main office A  and office B have a vpn tunnel between the two locations via cisco RV325 at both locations.   The vpn stays connected other than occasionally drops.  We recently configured vpn clients using netgear vpn client software. When the clients connect to the VPN the tunnel between Office A and B is dropped.    The client that is connected via the vpn software can open the tunnel but cant access any of the network resources.  If the 325 is rebooted the connection is restored between office A and B.     Cisco is updated with latest firmware on both units.
Avatar of Rob Williams
Rob Williams
Flag of Canada image

Might the connecting VPN clients be using the same subnet locally as either of the RV325 locations?  Such as 2 using 192.168.1.x
Avatar of jboyle00
jboyle00

ASKER

That is a possibility.    If that is the case the only way around that would be to reconfigure main office IP scheme?
JB
Correct.  Best practice is never use a common/default subnet, such as below, for a corporate, in case of VPN use.  All hops between client and host need to use a different subnet for routing to take place.
192.168.0.x
192.168.1.x
192.168.2.x
192.168.100.x
192.168.111.x
10.10.10.x
10.0.0.x
These all assume a subnet mask of 255.255.255.0
We have used clients using the same subnet in the past with no issues.    I will reconfigure the main server for new IP scheme to see if that resolves the issue.


Thanks Rob for your help.
JB
>>"We have used clients using the same subnet in the past with no issues."
Very surprised.  It is a basic rule of routing and VPNs.
The one case where it will work is client to host where spit tunneling is disabled and only the host needs to be accessed.  Disabled split tunneling basically blocks the local network, and should be employed regardless.

Any network connection has only 2 options, the local, known subnet, and the default gateway.  There may be static routes, such as with a VPN that point to the remote site as well, but in that case the packet is still sent to the remote subnet via the default gateway.  If local and remote are the same, where does the packet get sent.  This causes lockups, connection failures, or connections where resources cannot be accessed.
After checking for Rob's suggestion, also make sure in the RV325 Tunnel Setup that:

(a) Keep Alive is ON
(b) The Timeout settings in Phase 1, Phase 2 are not too short.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.