Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

RV082 VPN access list problem

Hi,

I have RV082 VPN router  that is connected to another company over VPN (VPN_TUNNEL1).

But what I need to configure is access by two remote hosts that use  different subnets to use the that tunnel (VPN_TUNNEL1).

I need to have access to their hosts ex. 172.11.11.11 and 10.11.12.13  through single VPN tunnel.

I have setup our local security group to access hosts at ex.  172.2.2.0/29, and remote security group to host IP 172.11.11.11. With  this configuration I can access (ping) host 172.11.11.11 but cannot ping  host 10.11.12.13.

How to add host 10.11.12.13 to remote security group of VPN_TUNNEL1 and  how to setup routing on RV082 to use  VPN_TUNNEL1 to access both of these hosts?

Everyone's tags (6)
4 REPLIES
New Member

Re: RV082 VPN access list problem

Hi,

Did you ever find out how to do this?  I am having the same problem.

I need to be able to reach two remote security groups through the same VPN tunnel.

Any help would appreciate it..

Re: RV082 VPN access list problem

You are given an option for the local security group on a particular tunnel, usually limited to the one local subnet .  I'm guessing the RV082 Admin. guide may state what can and cannot be done.  It does state in the Q&A  secition of the Small Business routers that "Local Security Group Type is the same as the local router's LAN segment" see the following reference; 

http://www.cisco.com/en/US/products/ps9923/products_qanda_item09186a0080a364ed.shtml#IPSec_VPN_Overview

I can't see how you can encompass 10.X.X.X  and 172.X.X.X or range between on the same local security group.

I dunno if you can create two VPN tunnels with two different local security groups to the same destination...that sounds like that should work, except for what I mentioned regarding what I found in the router Q&A section.

I must admit i have never tried creating that,  or  a IP range that encompassed this large local security group. see attached diagram

What happens when you try this approach ?   I suspect that the range will still only encompass a class C range of addresses (up to 254 hosts)

I think if that doesn't work, get confirmation of what you are attempting to achieve  from the Small Business Support Center via trhe following link.

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

regards Dave

New Member

Re: RV082 VPN access list problem

Dear Dave,

Creatively I must agree with you.  I will try a similar approach and will post back the outcome for the benefit of the Cisco Support Community.  My only concern on this approach is the vpn routing behavior behind the RV082.  Once both vpn tunnels are connected how would one define routes to dicriminate against one vpn or the other?  I will be connecting an RV082 to a CISCO ASA 5540.

For our reference I have attached a modified screen capture of my suggested approach.  I can say this.  All noted potential product limitations are acceptable within the context of a Small Business Router.

New Member

Re: RV082 VPN access list problem

Scott,

I have used the same approach with two VPN tunnels with same parameters except the remote group. This resolved my problem.

Routes are automaticaly set when you create VPN tunnel so the router knows what tunnel to use when accessing/allowing access to/from other end.

Best regards,

1769
Views
0
Helpful
4
Replies
CreatePlease to create content