1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Multisite VPN

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by jalexand, Oct 5, 2005.

  1. jalexand

    jalexand Network Guru Member

    Hello,

    We have a number of pieces of Linksys VPN Equipment that we are trying to use to tie a 3 offices and a couple of traveling user together with. This is what we have setup

    At the main office we have a RV016 setup with a fixed WAN IP and the address space 192.168.1.0/255.255.255.192. At the two smaller offices we have at each a RV042 with fixed WAN IP address and the following address spaces 192.168.1.63/255.255.255.255.252 and 192.168.1.68/255.255.255.252. The traveling users have the USBVPN client and connect from hotel rooms and such to the RV016.

    The way that I have it setup now is that every one can see the machines behind the RV016 which is were the tunnels end and anything behind the RV016 can see down the tunnels to other machines in remote locations.

    The problem I'm having and dont' know how to fix is that nothing on the remote connections can see anything in the othe remote connections.

    How do I fix this. Do I have to setup tunnels between the remote offices so they can see each other or should't the RV016 be able to route the traffic correctly. Or do I need to setup my address differently.

    Thanks
    Jason
     
  2. DocLarge

    DocLarge Super Moderator Staff Member Member

    It sounds like you may need to establish static routes in order for all tunnels to see each other.

    Doc
     
  3. mhakman

    mhakman Network Guru Member

    I would say that you need to establish tunnels between each pair of locations that need to communicate with each other. This is because VPN works pair-wise. In your case, you have a tunnel for 1.0<->1.63 and a tunnel for 1.0<->1.68. Then, for example, if you are at 1.63 location and you ping 1.0 location then your router knows that the packet should go into your 1.0<->1.63 tunnel. However if you ping 1.68 location (still from 1.63 location) then your router doesn’t know how to get to 1.68 so it sends the packet to its default or p2p gateway (ISP etc). Then this packet is discarded because its destination is in private IP address space and should not be routed at all. If you set up another tunnel for 1.63<->1.68 at both these locations then it should work.

    I don’t think static route will work because even with static route the network has to route your 1.63 -> 1.68 packets somewhere to, but it doesn’t know where 1.68 is. Routing, static or dynamic, doesn’t change IP addresses; VPN does (by encapsulating your packet within an IPsec packet).

    /Mikael
     
  4. Hung

    Hung Network Guru Member

    I suspect the firmware of RVxxx has bugs on the NetBIOS which enable the display of the remote computers name in local computers' my network place. Originally we have two site VPN by two BEFVP41, everything work fine, both side can see the computers in the opposite sites.
    However, due to installation of second WAN in one site, we need to change one of the BEFVP41 to RV042, since we install the RV042, RV042 side cannot see the opposite site's computer any more. If we reinstate the RV042 with BEFVP41, opposite site's computers appears again and works fine. Once the RV042 is up and runs, opposite site's computer disappear.
    Linksys's support cannot tell whether this is a firmware problem. We are useing the latest firmware for RV042 which currently is 1.3.7.2
    Can anyone suggest a solution on this.

    Thanks
     
  5. mhakman

    mhakman Network Guru Member

    Hung, did you enable Netbios over VPN in your RV042? Sorry for the stupid question :)
     

Share This Page