1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RVL200 Multple Subnets, VLANs, VPN -- help please!

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by rbdnz, Jul 10, 2008.

  1. rbdnz

    rbdnz Addicted to LI Member

    Hi,
    Here is what I'm trying to accomplish:
    2 sites, each with an RVL200, firmware 1.1.9.1 (tried 1.1.7 also)

    Site 1
    ------
    VLAN1 10.10.13.1/255.255.255.128
    VLAN2 10.10.13.129/255.255.255.128

    Site 2
    ------
    VLAN1 10.10.14.1/255.255.255.128
    VLAN2 10.10.14.129/255.255.255.128

    Set up IPSec VPN between the two using 10.10.13.0/255.255.255.0 & 10.10.14.0/255.255.255.0 as the ranges for the security associations.

    Here's where things start to go wrong:
    Set up multiple subnets -- enter 10.10.13.1/255.255.255.128, then try to add 10.10.13.129/255.255.255.128 and the router complains that the LAN IP is already in the table. Its like the config is only looking at the first 3 octets and pays no attention at all to the subnet mask.

    To work around this, I then tried:
    Site 1
    VLAN1 - 10.10.12.1/255.255.255.128
    VLAN2 - 10.10.13.1/255.255.255.128

    Site 2
    VLAN1 - 10.10.14.1/255.255.255.128
    VLAN2 - 10.10.15.1/255.255.255.128

    For the IPSec config we now use 10.10.12.0/255.255.254.0 and 10.10.14.0/255.255.254.0 for the security associations. These cover the .12/.13 and .14/.15 subnets.

    The routers at least accept this configuration and nail up the VPN... but I can't ping any devices from end to end. I can ping local addresses using the local ping utility in the router, but not across the VPN.

    For what its worth, the "internet connection" is 2 cables through a hub connected to the WAN port of each router at the moment. I can ping both external router interfaces from the LAN segments of both "sites". Why I can't get traffic to go over the VPN, I don't know.

    Outgoing logs show the packets leaving, but they don't show in the incoming logs on the router on the other side.

    Am I just trying to do to much with these routers?
    If so, does anyone have another product suggestion near this price point?

    Thanks in advance.
     
  2. rbdnz

    rbdnz Addicted to LI Member

    Got the workaround to work and can route across the VPN now. Just human error I guess.

    There's still the issue of not being able to define x.x.x.1/25 and x.x.x.129/25 as multiple subnets though... no idea why Linksys isn't calculating based on the netmasks instead of just looking at the first 3 octects. I guess they assume everything is a /24. Maybe 1.1.9.2 will fix it... :wink:
     

Share This Page