05-11-2007 04:40 PM - edited 03-03-2019 04:56 PM
Trying to setup a 877 to terminate 2 vpns.
it is 192.168.1.15 on a 192.168.1.0 lan.
It connects to a garden variety business grade ADSL over copper service, with a static IP.
It has a tunnel1 to a 192.168.64.0 network
and a tunnel2 to a 192.168.0 network.
what do I need to I have routing from hosts on the local 192.168.1.0 network to the 2 networks connected by vpn?
what do I need to have routing from the hosts on the vpn network back to host on the 192.168.1.0 network.
This router will not be used for internet browsing access.
There is another router on the 192.168.1.0 network (192.168.1.1) that is the gateway out.
How do I make sure there is a route for the hosts on the vpn networks to get out to the internet via the vpn then 192.168.1.1?
something like this?
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.8.0 255.255.255.0 Tunnel2
ip route 192.168.64.0 255.255.255.0 Tunnel1
What am I missing?
05-12-2007 01:30 AM
Hi,
you are doing VPN in for of GRE tunlles, not encrypted IPsec?
If so, you just need to configure
router rip
network .... <-- put you tunnel address here)
redistribute connected subnets
The protocol will propagate routes and you will need not to enter any static route.
To have the two routers coexist, I suggest you do the following,
ip route 0.0.0.0 0.0.0.0 192.168.1.1
And on the PCs, set default gateway address as the 877 one.
Hope this helps, please rate post if it does!
05-13-2007 08:09 AM
The VPN tunnels are GRE over ipsec.
What exsactly does ip route 0.0.0.0 0.0.0.0 192.168.1.1 do?
is that saying go to 192.168.1.1 for all ip addresses on all subnets?
don't I have to say go to tunnel1 for 192.168.64.0 first? and tunnel2 for 192.168.8.0 ?
otherwise how do hosts on the 192.168.1.0 network get routed to the hosts on the networks on the other end of the vpn's?
How do I do that?
05-13-2007 08:43 AM
Hi,
ip route 0.0.0.0 0.0.0.0 is the default route, that is where to send all packets that are not for other known subnets.
Have you ever heard of routing protocols? With them you do not need to enter as many static routes to say got to, etc.
It is not difficult to use. If you like the idea, look for "configuring rip" on CCO.
The whole point of having GRE over IPSec is to be able to do this kind of things, else a simple basic ipsec configuration would do, without the need for GRE.
If not, then again you will have to configure static routes everywhere telling all routers all the destinations you want to reach and how.
05-13-2007 08:02 PM
05-13-2007 08:11 PM
That should do it. In this case the config wasn't so necessary, what you wanted to do was clear from the onset.
But thanks for providing it and god luck!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: