I am experiencing a very odd issue with an RVS4000 configured with a site to site vpn.
Local Network: 192.168.200.x
External (and endpoint) IP: 220.127.116.11
Local Network: 192.168.10.x
External (and endpoint) IP: 18.104.22.168
The site to site vpn works mostly fine, but here's the problem: I can not connect to any services published on the public office IPs anymore.
For example, trying to browse to a website published on 22.214.171.124 times out.
In the access logs I can see "attempts" to connect to 126.96.36.199:80, but there's no response. I also checked the office firewall (where the website is published), and there's no traffic whatsoever arriving there.
It seems to me something in the routing tables on the RVS4000 is messed up and that the connection attempt to 188.8.131.52 is somehow being routed through the tunnel.
Am I missing some configuration step somewhere?
Thx in advance!
Rgds - Marcus.
PS: yes, I did test it with another (non-vpn) router. works fine .... ;-)
Have you or are you trying to access the Web Sites using the DNS (FQDN) name; such as "www.mywebsite.com" or just by public IP?
Depending on your site structure (whether you have a local DNS server for your sites) specifying the DNS name or public IP will find you in the same place; nowhere!
You are correct about the routing, but not because it is broken but because the way IPSec works. I will explain what I feel may be happening and please correct me if I have misunderstood your network topology.
Note that I am pointing the IPSec tunnel to the LAN (Network IDs), this is how you should look at an IPSec connection. The reason is that when we build the tunnel we are really creating a Route Statement; which says, "For network 172.27.0.0/16 go to the next hop IP of 184.108.40.206" so now both routers know two remote locations, WAN IP of the opposite site and also the LAN IP.
What may be happening is that we are going out one interface but the response is being sent on an other. So from Local Router we go out the WAN but we are being responded to on the LAN (the IPSec tunnel). This is the most likely scenario; albeit, could be LAN out, WAN in, either way that would cause the behavior.
Please run a trace route from your computer and post results. Also, let us know if a local DNS server is being used and if so, is there an "A" record for the website specified?
On Windows, open the command prompt and type "tracert " then hit enter.
On UNIX, open Terminal and type "traceroute " then hit enter
Configure DHCP WAN Settings on the RV34x Router
A Wide Area Network (WAN) is a network that covers a broad area. A user or network of users can connect to the Internet through an Internet Service Provider (ISP) who offer...
Configure Static IP WAN Settings on the RV34x Router
A Wide Area Network (WAN) is a network that covers a broad area. A user or network of users can connect to the Internet through an Internet Service Provider (ISP) who ...