Solved: QuickVPN connected but I can't ping anything on the LAN

mkoellmann · ‎07-23-2014

Hi all,

I am trying to use QuickVPN to connect to my company's network. Yesterday I got to the point, where QuickVPN actually connected and I could log on to the router from the inside IP. But I can not see, nor ping any computers on the company LAN. The router's manual says "QuickVPN client can access only default LAN hosts.". Are the computers on the company LAN default LAN hosts?

I added the router (RV220W) to the existing company LAN to test QuickVPN. The company LAN has a Small Business Server as DHCP server and another router as the default gateway. The company LAN has the subnet 192.168.1.0/24*, the cisco router's wan has the subnet 192.168.103.0/24 and my VPN client is connected to a wifi hotspot with the same wan and the LAN 192.168.3.0/24. The cisco router's LAN address is 192.168.1.1.

*I know now, that 192.168.1.0/24 is the worst possible choice for a company net, but I did not know when I installed the Small Business Server. I will try to change it to something like 10.123.45.0/24 later.

Thanks in advance
Mike

Kremena Ivanova · ‎07-23-2014

Hi,

You cannot reach a PC in the LAN of RV220, because the default gateway is not RV220.

This is what is happening: the PC with Quick VPN ( for example IP: 192.168.103.10) is pinging a PC with IP 192.168.1.10, through the VPN tunnel. Once the request arrives to the PC 192.168.1.10, this PC sends the reply to its default gateway (because does not have a direct connection to network 192.168.103.X). If the default gateway is RV220, it will know that the answer should be sent back through the VPN tunnel to the client, but if it is another machine, it will just drop the packet.

In this case this other router (the default gateway) needs to be configured with static route, saying that subnet 192.168.103.X has as default gateway - 192.168.1.1 (RV220).

As long as the IP of the Quick VPN machine is the same, it's ok. But if you move this PC to another LAN, you will have the problem again.

So if you are planning to change the LAN IP of the Quick VPN machine, I would advise you to use Shrew VPN instead, where you can configure virtual IP on the client, which does not need to change.

Regards,

Kremena

View solution in original post

Kremena Ivanova · ‎07-23-2014

Hi,

You cannot reach a PC in the LAN of RV220, because the default gateway is not RV220.

This is what is happening: the PC with Quick VPN ( for example IP: 192.168.103.10) is pinging a PC with IP 192.168.1.10, through the VPN tunnel. Once the request arrives to the PC 192.168.1.10, this PC sends the reply to its default gateway (because does not have a direct connection to network 192.168.103.X). If the default gateway is RV220, it will know that the answer should be sent back through the VPN tunnel to the client, but if it is another machine, it will just drop the packet.

In this case this other router (the default gateway) needs to be configured with static route, saying that subnet 192.168.103.X has as default gateway - 192.168.1.1 (RV220).

As long as the IP of the Quick VPN machine is the same, it's ok. But if you move this PC to another LAN, you will have the problem again.

So if you are planning to change the LAN IP of the Quick VPN machine, I would advise you to use Shrew VPN instead, where you can configure virtual IP on the client, which does not need to change.

Regards,

Kremena

mkoellmann · ‎07-23-2014

Hi Kremena,

thank you so much. That was really enlightening for me. I entered static routes to the default gateway and QuickVPN (and port forwarding) is working now. My plan was to make the Cisco router the default gateway anyway, therefore QuickVPN should be sufficient for us.

Thanks again and have a nice day

Mike