1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Static Route to VPN Tunnel

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by PhYrE2k, Nov 24, 2006.

  1. PhYrE2k

    PhYrE2k Guest

    Hey Folks- Here's my setup:

    WRV200 VPN router: accepting connections for 'ANY' with an internal network address of 192.168.16.5
    WRV200 VPN router: connecting to above router via the internet and has an internal network of 192.168.0.1
    WRV200 VPN router: connecting to above router via the internet and has an internal network of 192.168.1.1

    Essentially, the office is .16.x, and the two client networks .0.x and .1.x are connecting to it.

    Both networks connect nicely to the office, and from the office, the routers are setup with static routes to route 192.168.1.x and 192.168.0.x to the WRV200 VPN router so that it heads on the tunnel and goes to the proper place.

    Now, one thing we don't have covered is that 192.168.0.x can't talk to 192.168.1.x. The WRV200 tries to send the packet out to the Internet.

    The solution is of course to create a static route to not send 192.168.1.x packets to the default gateway, but rather to send them to the remote gateway over the VPN (192.168.16.5) which will be able to redirect it down the VPN channel to the right place.

    Wrong- The linksys router isn't letting me do that. It wants the static route to either be on the internal network or on the same subnet as the external network... but the VPN is an interface and has an IP... shouldn't it be able to get a static route?

    Any ideas?

    The fudged solution is to make another VPN between 192.168.0.1 and 192.168.1.1 via their external IP addresses, but I'd prefer to avoid this overall just to keep things clean and not have another VPN.

    Thoughts?

    -M
     
  2. sterner

    sterner LI Guru Member

    Use 192.168.0.0 with 255.255.0.0 mask in local ip fields in the hub router. Use 192.168.0.0 with 255.255.0.0 mask in the remote ip fields in the spoke routers. Leave all else the same. This creates a hub and spoke vpn solution.
     

Share This Page