1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Router vs. Gateway mode scenario question mixed in with site to site vpn for fun....

Discussion in 'Networking Issues' started by Jason Howe, Apr 11, 2013.

  1. Jason Howe

    Jason Howe Serious Server Member

    Hi all,

    I'll try to make this question as clear as possible.

    At site 1, we have the following:
    RV042 #1 - in gateway mode
    192.168.101.1
    255.255.255.0

    At site 2, we have the following:
    RV042 #1 - in gateway mode
    192.168.0.1
    255.255.255.0

    RV042 #2 - in router mode
    192.168.2.1
    255.255.255.0

    The two sites are connected via a site to site vpn. RV042 #1 at site 1 is connected via vpn to RV042 #1 at site 2. This works fine, all hosts on both ends can ping and connect to each other as needed.

    However, RV042 #2 at site 2 is acting strangely. The first issue is that if I try to connect to it via a web browser, it routes me to the RV042 #1 (site 2), even though it says I'm at the correct IP for RV042 #2. The only way I can get to it is by changing my pc to be on the subnet of #2. The two subnets seem to have no issue pinging each other though, and as far as I can tell, anyone on the #2 subnet can also get out to the internet.

    As well, we would like to have the site to site vpn allow for connectivity to the RV042 #2 subnet, but it doesn't look like it's allowing that. I haven't setup any static routes to that subnet just yet (I'm offsite at the moment unfortunately, and no one there can help troubleshoot this, so I'll have to wait until I get on site so I can properly connect to the second RV042).

    So, to summarize:
    1. Site 2 has two RV042's. One is in gateway mode, one is in router mode. I can't seem to connect to the one in router mode any longer through a browser (even though it says I'm at the correct IP), but I can ping it from router 1.
    2. What do I need to do to allow access to router 2's subnet from the site to site vpn that router's 1 and 2 at sites 1 and 2 are on? I'm assuming static routes to each network need to be setup.

    Please let me know if you need me to clarify at all; I realize this question is a bit confusing.

    Thanks,
    J.
     
  2. Toxic

    Toxic Administrator Staff Member

  3. Jason Howe

    Jason Howe Serious Server Member

    Yup, multiple subnets are setup, and appear to be working properly. Again though, I won't know for sure until I can get down to the physical site to see how the second RV042 is configured. But, the second RV042 can ping the first one without issue, and the outside world, so that tells me that the multiple subnet is working.
     
  4. Toxic

    Toxic Administrator Staff Member

    Sounds like the VPN is only between the two Gateway routers (internal) subnets and the subnet of the router #2 is not inclusive of the local security range. you would need to setup the local security to be inclusive of a both
    subnets.

    IP Range. 192.168.0.1 - 192.168.2.255

    if thats possible
     
  5. Jason Howe

    Jason Howe Serious Server Member

    Thanks Toxic, I'll give it a shot after hours when I'm at the site and let you know the outcome. I came across another post on a different site for a different fix. I'm trying to avoid doing this if possible, but if the ip range doesn't work, I may be forced to try it:

    https://supportforums.cisco.com/thread/2022985
     
  6. Toxic

    Toxic Administrator Staff Member

    let us know how you get on. maybe 2 vpns to the same router with different subnets would suffice.
     
  7. Jason Howe

    Jason Howe Serious Server Member

    So I tried to update the local security group to cover the range of both subnets (192.168.0.1 ~ 192.168.2.254), and no dice. The router won't allow it to traverse multiple subnets...it spits out an error saying that it must be in the range of 192.168.0.1 ~ 254.

    The second vpn doesn't seem to work either, mainly because there is no WAN port involved for the second router (which it looks for as the ip of the local group).

    So, I'm confused. The second router is in Router mode, and it seems to be working fine outside of the fact that I can't connect to it unless I remove it from router 1 altogether, and then place myself in it's subnet range (192.168.2.0 in my case). It can ping everything on the 192.168.0.0/24 subnet, and the internet without any problems. It still won't traverse the VPN though to site #1.

    Any suggestions?
     
  8. Toxic

    Toxic Administrator Staff Member

    can you confirm you setup both VPNs up on the Gateway RV042 and not one vpn on the gateway and one on the router.

    so

    At site 1, RV042 #1

    2 VPNs to Site 2 RV042 #1

    one vpn with subnet 192.168.01
    one vpn with subnet 192.168.2.1
     
  9. Jason Howe

    Jason Howe Serious Server Member

    Toxic, you're a bloody genius! That works :)
    I had originally tried setting up the tunnel on the router, expecting it to Traverse through the gateway, which it obviously didn't do.

    On other thing that I'm still stuck on though....why, when the RV042 is in router mode, can I no longer access it through the web gui? The only way I can access it is if I unplug it from the network, and place my pc on the same subnet that it's on. If it's plugged into the network, and I enter the ip for it, I get redirected to the main gateway router.

    Thanks,
    J.
     
  10. Toxic

    Toxic Administrator Staff Member

    not sure about access to RV042 on the WAN if its in Router Mode. do you have remote management enabled?
     
  11. Jason Howe

    Jason Howe Serious Server Member

    No, I've never needed to before.
     

Share This Page