Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1902
Views
0
Helpful
2
Replies

I need VPN gateway to gateway with NAT for muliple subnets, RV082

Go to solution
daniel.synnott
Level 1
Level 1

‎02-12-2012 04:41 PM

I have a pair of RV082 routers and I'd like to configure gateway to gateway VPN tunnel as described in a cookbook, "How to configure a VPN tunnel that routes all traffic to the Remote Gateway," (file name Small_business_router_tunnel_Branch_to_Main.doc).  I followed this cookbook and found that my while the Main office has internet connectivity, the branch subnet doesn't have internet connectivity. 

Routing does behave as advertised, where all traffic does go to the main office.  However, the 192.168.1.0 subnet in the branch office does not get internet connectivity.  I've read in other posts that the Main office router will only provide NAT for the local subnet, not the branch office subnet.  Is  there a way to configure the RV082 router to provide NAT for all subnets?

If not, which Cisco product will provide the VPN Tunnel connectivity as well as the NAT for all subnets?  Can the RV082 be used as part of the final solution or are my RV082s a  wasted expenditure?

Following is the configuration that I'd implemented, (real IP and IKE keys are bogus). 

Gateway To Gateway    

                    Remote                                                   Main Office

Add a New Tunnel

Tunnel No.                  1                                               2

Tunnel Name :               n1-2122012_n2-1282012        n1-2122012_n2-1282012

Interface :                  WAN1                                    WAN1

Enable :                   yes                                             yes

--------------------------------------------------------------------------------

Local Group Setup

Local Security Gateway Type :        IP Only                IP Only

IP Address :                                 10.10.10.123             10.10.10.50

Local Security Group Type :          Subnet                subnet

IP Address :                                 192.168.1.0             0.0.0.0

Subnet Mask :                            255.255.255.0             0.0.0.0

--------------------------------------------------------------------------------

Remote Group Setup

Remote Security Gateway Type :        IP Only                IP Only

IP Address :                                      65.182.226.50            67.22.242.123

Remote Security Group Type :             Subnet                 Subnet

IP Address :                                       0.0.0.0                192.168.1.0

Subnet Mask :                                     0.0.0.0              255.255.255.0

--------------------------------------------------------------------------------

IPSec Setup

Keying Mode :                  IKE with Preshared key              IKE with Preshared key

Phase 1 DH Group :             Group 5 - 1536 bit                   Group 5 - 1536 bit

Phase 1 Encryption :              DES                                     DES

Phase 1 Authentication :          MD5                                     MD5

Phase 1 SA Life Time :          2800 seconds                            2800 seconds

Perfect Forward Secrecy :           yes                                    yes

Phase 2 DH Group :              Group 5 - 1536 bit                   Group 5 - 1536 bit

Phase 2 Encryption :              DES                                         DES

Phase 2 Authentication :          MD5                                    MD5

Phase 2 SA Life Time :             3600 seconds                       3600 seconds

Preshared Key :                        MyKey                                 MYKey

Minimum Preshared Key Complexity :     yes Enable              yes Enable

--------------------------------------------------------------------------------

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Te-Kai Liu
Level 7
Level 7

‎02-12-2012 05:58 PM

If you are running firmware 4.x on your RV082, you need to add an additional Allow access rule so the branch office subnet (seen as one of the multiple subnets of the main office) can get access to the internet. The firmware release note has more details about this.

http://www.cisco.com/en/US/docs/routers/csbr/rv0xx/release/rv0xx_rn_v4-1-1-01.pdf

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Te-Kai Liu
Level 7
Level 7

‎02-12-2012 05:58 PM

If you are running firmware 4.x on your RV082, you need to add an additional Allow access rule so the branch office subnet (seen as one of the multiple subnets of the main office) can get access to the internet. The firmware release note has more details about this.

http://www.cisco.com/en/US/docs/routers/csbr/rv0xx/release/rv0xx_rn_v4-1-1-01.pdf

0 Helpful

Go to solution
daniel.synnott
Level 1
Level 1
In response to Te-Kai Liu

‎02-12-2012 06:55 PM

Thank you, I passed over that part of the release notes.  This fixed the issue.

I do find that the connection is very slow, however.  Is this normal? or can this be addressed?

0 Helpful
Customers Also Viewed These Support Documents