08-30-2007 12:15 AM - edited 02-21-2020 03:14 PM
Hello,
I have misunderstanding of routing in RA VPN.
I have created ip pool for assigning ip addresses to RA Clients. It is working fine. But i can't understand how it is works. Because this pool is not routed in my corporate network.
For instance i created ip pool test 10.10.1.0 - 10.10.1.254.
So RA VPN users with ip addresses from this pool can traverse in my network without any problem. But Internal routers don't have any routes to 10.10.1.0 in their routing table.So how routers/switches route packets coming from RA Users ip 10.10.1.x ?
thanks
Leo
08-30-2007 12:19 AM
Hi Leo
Your internal network must know how to route back to the 10.10.1.0 network or it wouldn't work.
Is there perhaps a default route that routes it back to your VPN device ?
Jon
08-30-2007 01:11 AM
Hi Jon,
Thanks for your reply.
I thought about default route.But i am not sure.
Because my RA VPN clients reside in internal network. And they can establish secure connection with internal hosts(which away for several hops).So if the routers send packets towards 10.10.1.0 by default route, finally all packets would be sent to Internet.But reply packets reach RA Clients.
I need to do some tests.
By the way how can i advertise this pool from VPN endpoint to internal network?
Leo
08-30-2007 02:00 AM
Leo
So if you sit on one of your internal non-VPN clients and do a traceroute to the 10.10.1.x network what path does it take and if you go to the last hop before it times out is there a route on there.
As for advertising this subnet into your network. Some VPN devices can do Reverse Route Injection (RRI), ie they add a route to the subnet dynamically.
The other way is to add static route for the 10.10.1.0 subnet on the nearest router pointing to your VPN device and then redistribute that into your IGP.
HTH
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide