06-10-2009 08:46 AM
Hello everybody !
I have problem with configuration VPN and VLANs
in Cisco 1841 i have configured IPSec VPN to RV042
VPN is connected
now in C1841 i have ACL with remote and local network, this i have too in RV042, but i need add to ACL more VLANs
in C1841 i can add ACL rule, but in RV042 i have choice only "IP Add." or "Subnet" or "IP range"
How i can set more "Subnet" into RV042? in C1841 i have two VLANs which i need connect to remote RV042.
Regards,
Tomas
06-12-2009 01:10 PM
Hi Tomas,
These forums are specific to the SBCS products (the 1800 is not one).
Thanks,
Marcos
06-15-2009 02:55 AM
Hi Marcos,
ok question is how i can set RV042 more "Subnet" in VPN settings.
Regards Tomas
06-15-2009 06:12 AM
Only if the multiple subnets are within the same /24 mask can they be ranged to be shared across the tunnel as a consecutive block, so probably the answer is not really supported on that router....
Local Security Group Type
Select the local LAN user(s) behind the router that can use this VPN tunnel. Local Security Group Type may be a single IP address, a Subnet or an IP range. The Local Secure Group must match the other router's Remote Secure Group.
IP Address: If you select IP Address, only the computer with the specific IP Address that you enter will be able to access the tunnel. The default IP is 192.168.1.0.
Subnet: If you select Subnet (which is the default), this will allow all computers on the local subnet to access the tunnel. Enter the IP Address and the Subnet Mask. The default IP is 192.168.1.0, and default Subnet Mask is 255.255.255.192.
IP Range: If you select IP Range, it will be a combination of Subnet and IP Address. You can specify a range of IP Addresses within the Subnet which will have access to the tunnel. The default IP Range is 192.168.1.0~254.
06-15-2009 09:39 AM
Hello Steve,
i understand this..
we have this subnets
10.1.31.x / 27 - DMZ
10.1.11.x / 26 - DATA
In our lan i can not set remote Subnet or IP range
06-15-2009 09:46 AM
OK. So DMZ is public and doesnt need to be shared across the tunnel.
So you have one subnet you define as your LOCAL group and put the other subnet of the far end in the REMOTE group.
I think this should be supported, no?
06-15-2009 02:44 PM
Hello,
OK, dont speak about DMZ :-)
now i can set only last part from Remote secure group, for example A.B.C.D - D
future request is set last two A.B.C.D - C.D.
In attach, have diagram
VLAN 11 is IT dept. LAN, using VNC and WEB access to remote RV042
VLAN 31 is servers farm with SNMP monitoring
Regards
Tomas
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide