Routing over a VPN tunnel

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by mdchaser01, Dec 20, 2007.

  1. mdchaser01

    mdchaser01 LI Guru Member

    Hi, I've got a couple of RV082 routers that are connected together via a gw to gw vpn tunnel. One is at a remote office and the other is running on our t3 at the local office (not as the main router, just installed to connect the buildings together). The tunnel is working great but I am having an issue with the remote machines connecting to a second subnet that is behind the local rv082. I've set static routes but I can't get traffic to pass over the VPN to anything on the second local subnet... Talking to linksys tech support they suggested making another vpn connection to the secondary subnet which is not much of a solution. Has anyone been able to get this to work?

    Here is a brief description of the setup:

    Remote: connected to an RV082 with a static IP

    Local: connected to the local RV082 w/static IP a subnet on the other side of a local pix (the pix also has an interface in the subnet).

    From the remote router I can ping anything on the subnet but no matter what I set for a static route I cannot access If I set a static route in the LOCAL RV router I can ping an address without any issues...
  2. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    The static route will definitely never work. When the IPSec SAs are negotiated between the VPN endpoints, one of the negotiated policies is what traffic will be in the tunnel. The VPN gateways will only put traffic in there that follows these rules...regardless of whether you try jamming traffic through the tunnel with a static route. Some devices (such as Cisco routers and security appliances) will allow you to protect multiple subnets in a single IPSec SA but not so the RV082. The advice you received (eg: creating a separate VPN for the other subnet) is good.

    You could change the subnet inside the 1st RV082 to something like and then create a tunnel rule that looks something like:

    local subnet =; remote subnet = The remote 'subnet" would include both the and networks.

    ...or, if you feel really clever, find the contiguous matching bits in 5 and 15:
    5 = 00000101
    15 = 00001111

    matching bits = 0000xxxx

    ...then use address/mask for the remote subnet


  3. mdchaser01

    mdchaser01 LI Guru Member

    Thanks for the info! That makes perfect sense, we might simply need to get nother RV router for the third subnet (can't play with masks, the subnets I used were only examples).
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice