1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

reroute vpn traffic by rv082 to rv042

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by mifi, Jan 25, 2008.

  1. mifi

    mifi Network Guru Member

    Hi all! I got a problem as below:
    Site 1 ------ Site 2 ==lan== Site 2 ----- Site 3
    MPLS MPLS RV082 RV042

    Site 1 & Site 2: conencted by vpn (Site1 MPLS added static route if go to Site 3 thru Site 2 RV082)
    Site 2 & Site 3: Connected by RV082 site to site vpn RV042 (added static route in RV042 Site 3 if go Site 1 thru Site 2 MPLS)

    Site 1 MPLS can ping to Site 2 RV082 but can't RV042
    Site 3 RV042 can ping to Site 2 MPLS but can't Site 1 MPLS

    From the MPLS vendor said they support the reroute the traffic thru MPLS, but they didn't sure our RV can do it. I want to know is it possible by RV as they said? Or any other router can do it?

    Thx!
     
  2. ifican

    ifican Network Guru Member

    Can you please explain this again with what router you have at each site and where you put the routes. MPLS is essentially a way to extend your lan across a routed network. So please include internal subnet address on each side as i think that may be the reason you are running into issue but without seeing a little more detail its hard to say.
     
  3. mifi

    mifi Network Guru Member

    Thanks ifican in quick reply, there are some router information. Since I dont know which MPLS using router model. I'll quick check from the provider asap.
    Since the MPLS provider added static route from Site 1 to Site 2 & Site 3 in their router then I assume they correct.

    Site 1 subnet: 192.168.3.x
    Site 1 MPLS router: 192.168.3.253

    Site 2 subnet: 192.168.4.0
    Site 2 MPLS router: 192.168.4.253
    Site 2 RV082 router: 192.168.4.254

    Site 3 subnet: 192.168.1.0
    Site 3 RV042 router: 192.168.1.254

    Added Static route in Site 3 RV042:
    Destination IP: 192.168.3.0
    Subnet Mask: 255.255.255.0
    Default gateway: 192.168.4.253

    is it enough to investigate the problem? pls let me know! & thx again!
     
  4. ifican

    ifican Network Guru Member

    Site 1 to Site 2 is it just mpls or is it a VPN as you said earlier?

    What is the subnet mask for all sites?

    Are there any access-lists on the mpls routers?

    Do you have access to the mpls routers or do you have to rely on the ISP for that?

    Does each site have its own isp connection?

    What is the default route at each site?
     
  5. mifi

    mifi Network Guru Member

    Ans1: MPLS
    Ans2: all them are 255.255.255.0
    Ans3: Rely on ISP
    Ans4: Site 1 is ADSL by ISP-A, Site 2 is datacenter by ISP-A and Site 3 is fixed ip by ISP-B
    Ans5: Do you mean the default route for VPN or
    =========================
    Site 1 MPLS router(192.168.3.253)
    Destination IP: 192.168.1.0
    Subnet Mask: 255.255.255.0
    Default gateway: 192.168.4.253
    =========================
    =========================
    Site2 MPLS router(192.168.4.253)
    Destination IP: 192.168.1.0
    Subnet Mask: 255.255.255.0
    Default gateway: 192.168.4.254
    =========================
    =========================
    Site 2 RV082 (192.168.4.254)
    Destination IP: 192.168.3.0
    Subnet Mask: 255.255.255.0
    Default gateway: 192.168.4.253
    =========================
    =========================
    Site 3 RV042 (192.168.1.254)
    Destination IP: 192.168.3.0
    Subnet Mask: 255.255.255.0
    Default gateway: 192.168.4.254
    =========================

    And 1 more question, if it is possible RV082 in site 2 connected both Site 1 & Site 3 tunnel itself and let Site 1 access Site 3 sources and via versa? Thx for answer all my questions!
     
  6. ifican

    ifican Network Guru Member

    what are the vpn settings on the tunnel between site 2 and site 3, are your just setting the secure subnet settings for the directly connected subnet on either side?
     
  7. mifi

    mifi Network Guru Member

    Site 2 using RV082 connect IPSec VPN to Site 3 RV042 thru internet with ture & fixed IP address.
    Both Site 2 & 3 set as Gateway mode, in VPN setting I apply both RVs in following setting:
    Local & remote Security Group Type: Subnet
    Phase1: G1,DES,MD5,28800
    Phase2: G1,DES,MD5,3600
    PFS
    Agressive mode
    NAT-T
    Keep Alive
    Dead Peer Detection
     
  8. ifican

    ifican Network Guru Member

    What subnet ranges did you use. The way ipsec vpn are negotiated they will only allow the traffic across the tunnel that is specified in the settings. My guess at this point is you have configured a single /24 or 255.255.255.0 subnet for you settings and is thus why you cannot route traffic across.
     
  9. mifi

    mifi Network Guru Member

    ifican, you right! I use 255.255.255.0 on vpn subnet setting both side. And I just got from MPLS vendor that some vpn routers cannot process the reroute tunnel traffic but they didn't play RV series before, so they cannot sure we can make thru the whole path.

    Anyway, is RV cannot make to success on my situation? I'm veery painful on them........
     
  10. ifican

    ifican Network Guru Member

    You should be able to make this work but you are going to have to play with the settings. I dont have any vpns up at the moment but what i believe you are going to have to do is change the ip's of lan 3 to a different ip range, and set the "local subnet" on router 2 to 255.255.252.0 and the "remote subnet" to whatever range you are using for router 3. You simply need to trick router 3 into thinking that 192.168.1.x lives right on the other side of the tunnel.
     
  11. mifi

    mifi Network Guru Member

    I'll try it soon. Thx!
     

Share This Page