Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN to RV042 using different subnet

Dear all

In our office, the RV042 serves as router with the main subnet 192.168.1.0. Additionally, I'm succesfully using VPN to connect to it from outside.

Problem now: I'm at a location where 192.168.1.0 is the internal network as well, which would result in IP conflicts when trying VPN. What I did now is to set VPN endpoint information on my machine to 192.168.77.0/24, while on the RV042 I defined a secondary subnet (192.168.77.1 / 255.255.0.0). So far, I can successfully connect via VPN to the RV042 at 192.168.77.1 now. However, I'm cannot reach any equipment on the RV042's primary subnet 192.168.1.0. I assume that I have to set additional routing information, but have not been able to find a correct way. I did set a local route on my machine for specific hosts (for example 192.168.1.77) through gateway 192.168.77.1, but I get the message "Network is unreachable" when issuing pings to 192.168.1.77. Do I have to set additional routing information on the RV042 as well?

Best, Andreas

  • Small Business Routers
6 REPLIES

Re: VPN to RV042 using different subnet

Hi Andreas,

At the other location, how can the remote security group in the VPN tunnel be 192.168.1.0 when it is also a primary  local subnet.

Maybe someone else has a better idea with this two router solution, but I think your customer has to compromise and allow you to alter the LAN address of one of the routers from 192.168.1.1  to maybe 192.168.77.1 or buy Cisco Enterprise routers and Bridge IP and ARP.

Good luck, I'll be watch this posting for other suggestions.

Dave

New Member

Re: VPN to RV042 using different subnet

Hi Dave

Thanks for the quick reply. I attach a couple of screenshot to display the current rv042 setup at the office regarding LAN and VPN group policy/remote endpoint config. This for our office's side.

I'm currently sitting in a temporary location, where the network is also defined as 192.168.1.1/255.255.255.0. As stated earlier, my VPN software client (IPSecuritas) is set to use 192.168.77.0/24 as the remote endpoint which basically works in the sense that I can connect and login remotely to the RV042 at our office with 192.168.77.1.

I imagined now that setting a route on my notebook for specific addresses ("route add 192.168.1.77 192.168.77.1) would allow me to access them through my VPN connection and not on the local subnet. However, it seems that the routing at the office from 192.168.77.1 to the respective ip at the office is not working. How could I tell RV042 to route packages received on 192.168.77.1 to the other subnet?

Best, Andreas

Re: VPN to RV042 using different subnet

Hi Andreas,

I believe the RV series does a pattern match from both the local and remote security policy parameters and makes a determination then to IPSec the packets over to a remote gateway or DNS address. Or just allow the packets that don't match the local and remote security policy, the packets are routed normally out the default route.

I am thinking that at the pre-existing site  packets are successfully being sent to the remote RV042 because they match the filters as defined in the local and remote security policy.  hence you can ping the remote router.

I would think that the remote router would be getting a bit confused as it also has the 192.168.1.X network setup  and hosts at the newer site will not be able to reach the pre-existing RV042. There is still an interface route within the RV042 that directly connects to 192.168.1.X.

Can you not 'bite the bullet" and alter the newer site so that it has 192.168.77.1 setup as the primary LAN address ?

I am willing to bet, not a fortune, that this is your problem.   But I will monitor this posting..

regards Dave

New Member

Re: VPN to RV042 using different subnet

Hi Dave

May I quickly reconfirm: by "newer site" you mean the second subnet defined on the RV042 at my office, not so? Meaning to switch the primary and secondary subnets?

Regards, Andreas

Re: VPN to RV042 using different subnet

Hi Andreas,

I would like one end to have subnet 192.168.1.X  and the other router to maybe have 192.168.77.X.  Seems like you are trying to work around a problem, fair enough, but i hope someone else has a way around your issue.

good luck ...Dave

New Member

Re: VPN to RV042 using different subnet

Thanks, Dave, for your inputs. Indeed, I thought there might be a routing solution as I cannot expect our client I am working at to change his network infrastructure just for that. It might be easier, then, to change the subnet at our own office to something less commonly used so I will not get into any address conflicts.

Best, Andreas

767
Views
0
Helpful
6
Replies