In our office, the RV042 serves as router with the main subnet 192.168.1.0. Additionally, I'm succesfully using VPN to connect to it from outside.
Problem now: I'm at a location where 192.168.1.0 is the internal network as well, which would result in IP conflicts when trying VPN. What I did now is to set VPN endpoint information on my machine to 192.168.77.0/24, while on the RV042 I defined a secondary subnet (192.168.77.1 / 255.255.0.0). So far, I can successfully connect via VPN to the RV042 at 192.168.77.1 now. However, I'm cannot reach any equipment on the RV042's primary subnet 192.168.1.0. I assume that I have to set additional routing information, but have not been able to find a correct way. I did set a local route on my machine for specific hosts (for example 192.168.1.77) through gateway 192.168.77.1, but I get the message "Network is unreachable" when issuing pings to 192.168.1.77. Do I have to set additional routing information on the RV042 as well?
At the other location, how can the remote security group in the VPN tunnel be 192.168.1.0 when it is also a primary local subnet.
Maybe someone else has a better idea with this two router solution, but I think your customer has to compromise and allow you to alter the LAN address of one of the routers from 192.168.1.1 to maybe 192.168.77.1 or buy Cisco Enterprise routers and Bridge IP and ARP.
Good luck, I'll be watch this posting for other suggestions.
Thanks for the quick reply. I attach a couple of screenshot to display the current rv042 setup at the office regarding LAN and VPN group policy/remote endpoint config. This for our office's side.
I'm currently sitting in a temporary location, where the network is also defined as 192.168.1.1/255.255.255.0. As stated earlier, my VPN software client (IPSecuritas) is set to use 192.168.77.0/24 as the remote endpoint which basically works in the sense that I can connect and login remotely to the RV042 at our office with 192.168.77.1.
I imagined now that setting a route on my notebook for specific addresses ("route add 192.168.1.77 192.168.77.1) would allow me to access them through my VPN connection and not on the local subnet. However, it seems that the routing at the office from 192.168.77.1 to the respective ip at the office is not working. How could I tell RV042 to route packages received on 192.168.77.1 to the other subnet?
I believe the RV series does a pattern match from both the local and remote security policy parameters and makes a determination then to IPSec the packets over to a remote gateway or DNS address. Or just allow the packets that don't match the local and remote security policy, the packets are routed normally out the default route.
I am thinking that at the pre-existing site packets are successfully being sent to the remote RV042 because they match the filters as defined in the local and remote security policy. hence you can ping the remote router.
I would think that the remote router would be getting a bit confused as it also has the 192.168.1.X network setup and hosts at the newer site will not be able to reach the pre-existing RV042. There is still an interface route within the RV042 that directly connects to 192.168.1.X.
Can you not 'bite the bullet" and alter the newer site so that it has 192.168.77.1 setup as the primary LAN address ?
I am willing to bet, not a fortune, that this is your problem. But I will monitor this posting..
I would like one end to have subnet 192.168.1.X and the other router to maybe have 192.168.77.X. Seems like you are trying to work around a problem, fair enough, but i hope someone else has a way around your issue.
Thanks, Dave, for your inputs. Indeed, I thought there might be a routing solution as I cannot expect our client I am working at to change his network infrastructure just for that. It might be easier, then, to change the subnet at our own office to something less commonly used so I will not get into any address conflicts.
Hi every one!!!When you are configuring a remote VPN connection, there
are some steps that are lost on the path. Here you can see those steps.
A) In your Cisco device: 1. Ensure you don´t have any rule denying the
traffic between the device and the remote...
STANDARDSOURCECOMMENTSEthernet RJ-45 connector pin number12345678IEEE
802.3afusing data pairsRXDC+RXDC+TXDC-sparespareTXDC-sparespareIndustry
Standard for Embedded POE(used by Cisco Catalyst Switches)IEEE
802.3afusing spare pairs RXRXTXDC+DC+TXDC-DC-Indus...
** Update **These and a number of other issues have been addressed in
SRP520 MR3. Please see https://supportforums.cisco.com/docs/DOC-13853
for details on how to access this code.There have been a number of
reports of the SRP500 becoming unresponsive afte...