Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

[Solved]RV082 - SRP527W site-to-site VPN - routing table ?

Hello,

i'm trying to create a VPN IPSEC link between 2 offices. The VPN link is created, and i can communicate but only one way.

Clients in Office B seems to have routing problem. Can you help me ?

Details :

Office A :

- SRP527W router.

- Client Network : 192.168.0.0 / 24

- Internal Address : 192.168.0.254 / 24

Office B :

- RV082 router (behind another router)

- Client Network : 192.168.6.0 / 24

- Internal Address : 192.168.6.253 / 24

- Internal Address that goes to the 1st router : 192.168.5.253

- 1st router internal address : 192.168.5.254

Layout :

Office A ----> SRP527W ----> INTERNET <----- GLOBAL ROUTER <------ RV082 -----< OFFICE B

       192.168.0.254                                                     192.168.5.254    5.253  6.254

VPN details :

Office A :

- remote group type = SUBNET 192.168.6.0 / 24

- local group = SUBNET 192.168.0.0 /24

- ID Address = 82.127.XXX.XXX

Office B :

- remote group type = SUBNET 192.168.0.0 /24

- local group = SUBNET 192.168.6.0 / 24

- IP Address = 192.168.5.253 (it can be reached however from Internet by passing through the 1st router with IP Address 37.1.XXX.XXX)

Facts :

From Office A, i can ping everything in 6.0 addresses.

From Office B, i can't ping anything in 0.0 subnet addresses. From the router itself with the diagnostic page, ping 192.168.0.1 works ?? But no other ping. Curious...

Routing table from Office B computer shows the following :

Itinéraires actifs :

Destination réseau    Masque réseau  Adr. passerelle   Adr. interface Métrique

           0.0.0.0          0.0.0.0    192.168.6.253    192.168.6.10       10

         127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1

       192.168.6.0    255.255.255.0     192.168.6.10    192.168.6.10       10

      192.168.6.10  255.255.255.255        127.0.0.1       127.0.0.1       10

     192.168.6.255  255.255.255.255     192.168.6.10    192.168.6.10       10

         224.0.0.0        240.0.0.0     192.168.6.10    192.168.6.10       10

   255.255.255.255  255.255.255.255     192.168.6.10    192.168.6.10       1

   255.255.255.255  255.255.255.255     192.168.6.10               3       1

   255.255.255.255  255.255.255.255     192.168.6.10           40005       1

Passerelle par défaut :     192.168.6.253

===========================================================================

Itinéraires persistants :

   Aucun

Tracert from Client computers at Office B shows that packets arrived to 192.168.6.253 and then it never reaches anything.

Is the problem related to the architecture at Office B ?

See attached files for a layout of Office B, and the routing table of the router at office B.

Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

RV082 - SRP527W site-to-site VPN - routing table ?

Enable NAT-T on the SRP and configure remote ID as 192.168.5.253 in the IKE policy.

Not sure about the RV and whether that supports NAT-T.  It may detect NAT-T automatically, or may need to be configured (in which case, you'd configure the local ID)

Andy.

5 REPLIES
Cisco Employee

RV082 - SRP527W site-to-site VPN - routing table ?

Hi Adrien,

Ensure that you configure the SRP to use NAT-T.  Configure remote ID as the RV private address.

Regards,

Andy

New Member

RV082 - SRP527W site-to-site VPN - routing table ?

Thank you Andrew.

Do I need to enable NAT-T on both router or only on the SRP ?

(just to be sure, the SRP is the router on the office (A) where all clients can ping Office B)

Cisco Employee

RV082 - SRP527W site-to-site VPN - routing table ?

Enable NAT-T on the SRP and configure remote ID as 192.168.5.253 in the IKE policy.

Not sure about the RV and whether that supports NAT-T.  It may detect NAT-T automatically, or may need to be configured (in which case, you'd configure the local ID)

Andy.

New Member

RV082 - SRP527W site-to-site VPN - routing table ?

I've tryied your suggestion but i'm still unable to ping anything from site B to site A.

- NAT-T is enabled on the SRP. Remote ID is "192.168.5.253"

- NAT-T is enabled on the RV.

Doesn't work

I removed NAT-T from the RV, keeping only NAT-T configuration on the SRP, still no ping.

Traceroute still shows nothing after reaching default gateway (the VPN router) (192.168.6.253).

Thanks.

New Member

RV082 - SRP527W site-to-site VPN - routing table ?

I've finally solved the problem.

During configuration of the RV, we had problem so i manually entered the routes in the advanced routing menu.

That's why you can see in the screenshot that each routes are set up twice.

By deleting all the entered routes, the router seems to understand better where the traffic should go.

Whatever, these routes are created automatically by learning from subnet and interfaces where cables are connect so no need to add them manually.

Thank you for your answer andy, i was missing the NAT-T things too i think.

Adrien.

3017
Views
0
Helpful
5
Replies
CreatePlease to create content