Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1478
Views
0
Helpful
6
Replies

VPN to RV042 using different subnet

andreas.nef
Level 1
Level 1

‎06-23-2010 02:25 AM

Dear all

In our office, the RV042 serves as router with the main subnet 192.168.1.0. Additionally, I'm succesfully using VPN to connect to it from outside.

Problem now: I'm at a location where 192.168.1.0 is the internal network as well, which would result in IP conflicts when trying VPN. What I did now is to set VPN endpoint information on my machine to 192.168.77.0/24, while on the RV042 I defined a secondary subnet (192.168.77.1 / 255.255.0.0). So far, I can successfully connect via VPN to the RV042 at 192.168.77.1 now. However, I'm cannot reach any equipment on the RV042's primary subnet 192.168.1.0. I assume that I have to set additional routing information, but have not been able to find a correct way. I did set a local route on my machine for specific hosts (for example 192.168.1.77) through gateway 192.168.77.1, but I get the message "Network is unreachable" when issuing pings to 192.168.1.77. Do I have to set additional routing information on the RV042 as well?

Best, Andreas

Labels:
0 Helpful
6 Replies 6

David Hornstein
Level 7
Level 7

‎06-23-2010 03:32 AM

Hi Andreas,

At the other location, how can the remote security group in the VPN tunnel be 192.168.1.0 when it is also a primary  local subnet.

Maybe someone else has a better idea with this two router solution, but I think your customer has to compromise and allow you to alter the LAN address of one of the routers from 192.168.1.1  to maybe 192.168.77.1 or buy Cisco Enterprise routers and Bridge IP and ARP.

Good luck, I'll be watch this posting for other suggestions.

Dave

0 Helpful

andreas.nef
Level 1
Level 1
In response to David Hornstein

‎06-23-2010 04:15 AM

Hi Dave

Thanks for the quick reply. I attach a couple of screenshot to display the current rv042 setup at the office regarding LAN and VPN group policy/remote endpoint config. This for our office's side.

I'm currently sitting in a temporary location, where the network is also defined as 192.168.1.1/255.255.255.0. As stated earlier, my VPN software client (IPSecuritas) is set to use 192.168.77.0/24 as the remote endpoint which basically works in the sense that I can connect and login remotely to the RV042 at our office with 192.168.77.1.

I imagined now that setting a route on my notebook for specific addresses ("route add 192.168.1.77 192.168.77.1) would allow me to access them through my VPN connection and not on the local subnet. However, it seems that the routing at the office from 192.168.77.1 to the respective ip at the office is not working. How could I tell RV042 to route packages received on 192.168.77.1 to the other subnet?

Best, Andreas

Preview file
28 KB
0 Helpful

David Hornstein
Level 7
Level 7
In response to andreas.nef

‎06-23-2010 04:32 AM

Hi Andreas,

I believe the RV series does a pattern match from both the local and remote security policy parameters and makes a determination then to IPSec the packets over to a remote gateway or DNS address. Or just allow the packets that don't match the local and remote security policy, the packets are routed normally out the default route.

I am thinking that at the pre-existing site  packets are successfully being sent to the remote RV042 because they match the filters as defined in the local and remote security policy.  hence you can ping the remote router.

I would think that the remote router would be getting a bit confused as it also has the 192.168.1.X network setup  and hosts at the newer site will not be able to reach the pre-existing RV042. There is still an interface route within the RV042 that directly connects to 192.168.1.X.

Can you not 'bite the bullet" and alter the newer site so that it has 192.168.77.1 setup as the primary LAN address ?

I am willing to bet, not a fortune, that this is your problem.   But I will monitor this posting..

regards Dave

0 Helpful

andreas.nef
Level 1
Level 1
In response to David Hornstein

‎06-23-2010 04:51 AM

Hi Dave

May I quickly reconfirm: by "newer site" you mean the second subnet defined on the RV042 at my office, not so? Meaning to switch the primary and secondary subnets?

Regards, Andreas

0 Helpful

David Hornstein
Level 7
Level 7
In response to andreas.nef

‎06-23-2010 05:15 AM

Hi Andreas,

I would like one end to have subnet 192.168.1.X  and the other router to maybe have 192.168.77.X.  Seems like you are trying to work around a problem, fair enough, but i hope someone else has a way around your issue.

good luck ...Dave

0 Helpful

andreas.nef
Level 1
Level 1
In response to David Hornstein

‎06-23-2010 05:47 AM

Thanks, Dave, for your inputs. Indeed, I thought there might be a routing solution as I cannot expect our client I am working at to change his network infrastructure just for that. It might be easier, then, to change the subnet at our own office to something less commonly used so I will not get into any address conflicts.

Best, Andreas

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents