02-12-2012 04:41 PM
I have a pair of RV082 routers and I'd like to configure gateway to gateway VPN tunnel as described in a cookbook, "How to configure a VPN tunnel that routes all traffic to the Remote Gateway," (file name Small_business_router_tunnel_Branch_to_Main.doc). I followed this cookbook and found that my while the Main office has internet connectivity, the branch subnet doesn't have internet connectivity.
Routing does behave as advertised, where all traffic does go to the main office. However, the 192.168.1.0 subnet in the branch office does not get internet connectivity. I've read in other posts that the Main office router will only provide NAT for the local subnet, not the branch office subnet. Is there a way to configure the RV082 router to provide NAT for all subnets?
If not, which Cisco product will provide the VPN Tunnel connectivity as well as the NAT for all subnets? Can the RV082 be used as part of the final solution or are my RV082s a wasted expenditure?
Following is the configuration that I'd implemented, (real IP and IKE keys are bogus).
Gateway To Gateway
Remote Main Office
Add a New Tunnel
Tunnel No. 1 2
Tunnel Name : n1-2122012_n2-1282012 n1-2122012_n2-1282012
Interface : WAN1 WAN1
Enable : yes yes
--------------------------------------------------------------------------------
Local Group Setup
Local Security Gateway Type : IP Only IP Only
IP Address : 10.10.10.123 10.10.10.50
Local Security Group Type : Subnet subnet
IP Address : 192.168.1.0 0.0.0.0
Subnet Mask : 255.255.255.0 0.0.0.0
--------------------------------------------------------------------------------
Remote Group Setup
Remote Security Gateway Type : IP Only IP Only
IP Address : 65.182.226.50 67.22.242.123
Remote Security Group Type : Subnet Subnet
IP Address : 0.0.0.0 192.168.1.0
Subnet Mask : 0.0.0.0 255.255.255.0
--------------------------------------------------------------------------------
IPSec Setup
Keying Mode : IKE with Preshared key IKE with Preshared key
Phase 1 DH Group : Group 5 - 1536 bit Group 5 - 1536 bit
Phase 1 Encryption : DES DES
Phase 1 Authentication : MD5 MD5
Phase 1 SA Life Time : 2800 seconds 2800 seconds
Perfect Forward Secrecy : yes yes
Phase 2 DH Group : Group 5 - 1536 bit Group 5 - 1536 bit
Phase 2 Encryption : DES DES
Phase 2 Authentication : MD5 MD5
Phase 2 SA Life Time : 3600 seconds 3600 seconds
Preshared Key : MyKey MYKey
Minimum Preshared Key Complexity : yes Enable yes Enable
--------------------------------------------------------------------------------
Solved! Go to Solution.
02-12-2012 05:58 PM
If you are running firmware 4.x on your RV082, you need to add an additional Allow access rule so the branch office subnet (seen as one of the multiple subnets of the main office) can get access to the internet. The firmware release note has more details about this.
http://www.cisco.com/en/US/docs/routers/csbr/rv0xx/release/rv0xx_rn_v4-1-1-01.pdf
02-12-2012 05:58 PM
If you are running firmware 4.x on your RV082, you need to add an additional Allow access rule so the branch office subnet (seen as one of the multiple subnets of the main office) can get access to the internet. The firmware release note has more details about this.
http://www.cisco.com/en/US/docs/routers/csbr/rv0xx/release/rv0xx_rn_v4-1-1-01.pdf
02-12-2012 06:55 PM
Thank you, I passed over that part of the release notes. This fixed the issue.
I do find that the connection is very slow, however. Is this normal? or can this be addressed?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: