%Inconsistent address and mask - VPN inbound traffic

Answered Question
Apr 29th, 2010
User Badges:

Hi

I seem to be having some sort of mind block with static routing


The voice and data are on completely separate networks and I have a requirement to make both networks accessible for remote support


192.168.100 - 130.0 Voice network 

192.168.200 - 230.0 Data Network


I have a Cisco 877 router working as a VPN server and remote support need to access both voice and data networks.


------


The inside IP of the ADSL vpn router is 192.168.214.1 / 24   and that routes all inside traffic to the data core on IP 192.168.214.254


routing at the moment is:

ip route 192.168.0.0 255.255.0.0 192.168.214.254  (I can access all resources on data network)

ip route 0.0.0.0 0.0.0.0 dialer1

-------

the support team want to access the voice network now which is on completly seperate equipment...


so I was going to create a vlan on the voice core switch and give it an IP of  192.168.214.2 and conenct to the ADSL router directly  e.g....


Voice Core (new vlan to talk to VPN Router)

------------------------

interface vlan 214
ip address 192.168.214.2 255.255.255.0

ip route 0.0.0.0 0.0.0.0 192.168.214.1 (vpn router inside ip)


---------------


I want to route 192.168.200-230.0 towards 192.168.214.254 (data network gateway)


and the Voice networks - 192.168.100-130.0 towards 192.168.214.2 (voice network gatway)


I know i can use ip route 192.168.96.0 255.255.224.0 192.168.214.2 (which would be 96-128) but i would like to get it to cover the only subnets needed

Correct Answer by Jon Marshall about 7 years 1 month ago

James


I know i can use ip route 192.168.96.0 255.255.224.0 192.168.214.2 (which would be 96-128) but i would like to get it to cover the only subnets needed


Just to clarify, is this what you are asking ie. how to summarise your voice networks ? If so you can't because they go from below .128 to above .128 ie. 192.168.100-130.0


So even your 192.168.96.0/27 would not cover all the networks. To cover only those subnets the best you could do is -


192.168.100.0 255.255.252.0

192.168.104.0 255.255.248.0

192.168.112.0 255.255.240.0

192.168.128.0 255.255.254.0

192.168.130.0 255.255.255.0


so you would need route statements for each of the above ranges.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
spremkumar Thu, 04/29/2010 - 02:54
User Badges:
  • Red, 2250 points or more

Hi James


Can you post out a pictorial view of your requirement? I could see potential clashes in ip addressing and GW assignment to the data and voice devices.

Also would like to hear from you on the switch model you are using out there.


regds

Correct Answer
Jon Marshall Thu, 04/29/2010 - 02:53
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

James


I know i can use ip route 192.168.96.0 255.255.224.0 192.168.214.2 (which would be 96-128) but i would like to get it to cover the only subnets needed


Just to clarify, is this what you are asking ie. how to summarise your voice networks ? If so you can't because they go from below .128 to above .128 ie. 192.168.100-130.0


So even your 192.168.96.0/27 would not cover all the networks. To cover only those subnets the best you could do is -


192.168.100.0 255.255.252.0

192.168.104.0 255.255.248.0

192.168.112.0 255.255.240.0

192.168.128.0 255.255.254.0

192.168.130.0 255.255.255.0


so you would need route statements for each of the above ranges.


Jon

Jim B Thu, 04/29/2010 - 03:19
User Badges:

Thanks Jon



below config was successfully implemented.



Voice Network Core Switch
------------------

interface gig 2/1/48
Description Link to ADSL_877
ip address 192.168.214.253 255.255.255.0


ip route 0.0.0.0 0.0.0.0 192.168.214.1

---------------


Data Network Core Switch
------------------
interface 2/1/48
Description Link to ADSL_877
ip address 192.168.214.254 255.255.255.0

ip route 0.0.0.0 0.0.0.0 192.168.214.1

-----------



ADSL 877 (VPN Router)
--------------

interface Vlan1
description Inside_Lan_192.168.214.0_/24
ip address 192.168.214.1 255.255.255.0
ip nat inside
ip virtual-reassembly


ip route 192.168.100.0 255.255.252.0 192.168.214.253
ip route 192.168.104.0 255.255.248.0 192.168.214.253
ip route 192.168.112.0 255.255.240.0 192.168.214.253
ip route 192.168.128.0 255.255.254.0 192.168.214.253
ip route 192.168.130.0 255.255.255.0 192.168.214.253


ip route 192.168.0.0 255.255.252.0 192.168.214.254


ip route 0.0.0.0 0.0.0.0 Dialer1

Actions

This Discussion