1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RVxxx VPN Routing Hypothesis - Looking for comments

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by fred3, Jul 1, 2007.

  1. fred3

    fred3 Network Guru Member

    Assume there's an RVxxx site-to-site VPN set up and working.

    Now, assume there's a need to do some static routing from one end of the VPN to the other.
    Local subnet: 192.168.1.x
    Remote subnet: 192.168.2.x

    From the local subnet have packets destined for 192.168.1.x which will be routed by a specific router on the remote subnet having IP address
    192.168.2.2

    So, we want to route packets destined for 192.168.1.4 to 192.168.2.2.

    Can the RV042 supporting the local VPN end also support this static route.

    Hypothesis: NO. Using the VPN feature of an RV042 precludes using any of the Advanced Routing features.

    Comments please.
     
  2. ifican

    ifican Network Guru Member

    Can you try explaining this a different way, saying you want to route packets destined for 1 host to another would do no good as the host receiving forwarded packets would not respond to packets not addressed to it. As far as the vpn goes, once vpn traffic is verified by the router it does not do a route lookup but forwards the traffic accross the tunnel to the pre configured gateway on the other side. Side note: can this be down with more enterprise level equipment yes, just not with most soho or small buisness equipment. Now this brings up another question, can it be down at all? The answer to that is i dont know off hand. I want to initially say no simply because the router is looking for specific source and destination subnets to classify as "vpn traffic" and send it accordingly. But I will have to give some thought to if it would be possible any other way.
     
  3. fred3

    fred3 Network Guru Member

    Thanks. I notice a typo in my original post.
    Call the local subnet 192.168.3.0.
    Then the packet is destined for 192.168.1.4, initiated locally but certainly not present on the local LAN.

    The target "host" is a router. It knows what to do with packets destined further down the line.

    It seems one would want to route packets destined for 192.168.1.4 to 192.168.2.2 (the target router). The question is, can this be done using a static route in the RV042 (being used as aVPN device) or must it be done externally with a separate router first?

    I hypothesize that it can't be done in the RV042. I think this is what you've said also. When the VPN is being used, the router is out of the picture either at the incoming side or the outgoing side.

    Here's an example:

    If the RV042 would apply the routing table at the output of the VPN
    and if a route were added to the remote RV042 VPN that says:
    "192.168.1.4 goes to 192.168.2.2"
    then it would work.

    If the RV042 would apply the routing table at the incoming side of the local RV042 VPN and a route were added that says:
    "192.168.1.4 goes to 192.168.2.2" ... implying that it goes into the tunnel
    then it would work.

    Otherwise, it seems that one would have to have a router on the local side with the same rule and the VPN would deal with moving the traffic from one LAN to the other. And, from the local router, the next hop IP address would be the remote router.

    As I understand one of your comments elsewhere, there's no routing needed to reach the remote LAN via the VPN .. such as locally routing the remote subnet to the local VPN node?
     
  4. ifican

    ifican Network Guru Member

    Giving this a little more thought, any packet you send destined for the other side of the tunnel should get identified and sent there. The issue is going to be if the other side of the tunnel does not know the packet originated through the tunnel it is going to send it out the default gateway and its going to get lost. So the issue is going to be getting the packet routed to the correct gateway prior to it hitting the vpn router. Meaning you would need a router sitting behind the RV with static routes to the networks on the other side of the tunnel and let it handle the routing of lan to lan traffic. I dont believe you will get it to work with just the RV itself.
     
  5. fred3

    fred3 Network Guru Member

    Yep. That's the way I see it.
    Thanks! The confirmation helps a lot.
     

Share This Page