1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need help w/ VPN problems

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Hipnotik, Aug 6, 2008.

  1. Hipnotik

    Hipnotik LI Guru Member

    We presently have 3 sites (adding a 4th this week) that use the RV0/S series VPN routers. We have a master router (RV016) and the individual sites are setup with RVS4000's. Problem is, the sites on the RVS4000 can't talk to each other, they can only talk to the master (RV016).

    Here's the rundown:

    Master (RV016)
    LAN IP: 192.168.0.1
    Tunnel 1 (to Site 1):
    Local Group IP: 192.168.0.0/24
    Remote Group IP + FQDN Auth: ***.dyndns.org, 192.168.1.0/24
    Keying Mode: IKE w/ Preshared Key
    Phase1 DH Group: Group2
    Phase1 Encryption/Auth: 3DES/SHA1
    Phase2 Encryption/Auth: 3DES/SHA1
    Preshared Key: *****

    Tunnel 3 (to Site 3):
    Local Group IP: 192.168.0.0/24
    Remote Group IP + FQDN Auth: ***.dyndns.org, 192.168.3.0/24
    Keying Mode: IKE w/ Preshared Key
    Phase1 DH Group: Group2
    Phase1 Encryption/Auth: 3DES/SHA1
    Phase2 Encryption/Auth: 3DES/SHA1
    Preshared Key: *****

    ---------------------------------------------------------------------------------------

    Site 1 (RVS4000)
    LAN IP: 192.168.1.3
    Tunnel 1 (to Master):
    Local Group IP: 192.168.1.0/24
    Remote Group IP Only: Master WAN IP, 192.168.0.0/24
    Keying Mode: IKE w/ Preshared Key
    Phase1 DH Group: Group2
    Phase1 Encryption/Auth: 3DES/SHA1
    Phase2 Encryption/Auth: 3DES/SHA1
    Preshared Key: *****

    ---------------------------------------------------------------------------------------

    Site 3 (RVS4000)
    LAN IP: 192.168.3.3
    Tunnel 1 (to Master):
    Local Group IP: 192.168.3.0/24
    Remote Group IP Only: Master WAN IP, 192.168.0.0/24
    Keying Mode: IKE w/ Preshared Key
    Phase1 DH Group: Group2
    Phase1 Encryption/Auth: 3DES/SHA1
    Phase2 Encryption/Auth: 3DES/SHA1
    Preshared Key: *****


    The problem is that Site 1 cannot ping Site 3, and vice versa. Master can of course ping both and vice versa.
    Is this a limitation of the subnet class we've selected to implement, or is there something we're missing along the lines of routing or configuration?
     
  2. ifican

    ifican Network Guru Member

    The long and the short of it is your device needs to support recursive routing, if it does not than this is not going to work.
     
  3. sterner

    sterner LI Guru Member

    I think you need to change your main RV016 to something other than 192.168.0.x, it's probably the 0 throwing everything off. You might also try the Multiple Subnet setting.
     

Share This Page