cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2272
Views
0
Helpful
6
Replies

RV042 not annoucing vpn routes over rip v2

curtdutton
Level 1
Level 1

Problem: RV042 is not announcing a class C VPN route via RIP to other routers. It announces the gateway public address via rip, but not the VPN route.

I am attempting to use a pair of RV042 as a redundant links between our home office and a branch. The home office and branch is already connected via a T1. Each location also has an additional cable internet connection with public IP address and a cisco 1921 router controlling the traffic.

The 1921 routers are using OSPF to route traffic over the T1 and have RIPv2 enabled to talk to their local respective RV042s. Here is a description of how the network is set up.

MainRouter - cisco 1921

   Eth0 - Network is 192.168.41.0/24

             IP address is 192.168.41.20

   Eth0/1 - Network 10.1.1.1 255.255.255.254

            T1 connection to branch router

MainRV - RV042 v3 with fw 4.2.1.02

   Wan1 - Public IP A X.X.X.X

    LAN- Network 192.168.41.0/24

              IP 192.168.41.11 255.255.255.0

BranchRouter - cisco 1921

  Eth0/0 - Network is 192.168.46.0/24

               IP address is 192.168.46.10

  Eth0/1 - Network 10.1.1.2 255.255.255.254

            T1 connection to main router

BranchRV - RV042 v3 with fw 4.2.1.02

  Wan1 - Public IP B Y.Y.Y.Y

    LAN - Network 192.168.46.0/24

              IP 192.168.46.11 255.255.255.0

I have established a VPN from BranchRV to MainRV and it passes traffic correctly. My "MainRouter "

rip database looks like this....

192.168.41.0/24    auto-summary

192.168.41.0/24    directly connected, GigabitEthernet0/0

X.X.X.X/24    auto-summary

X.X.X.Z/30

    [1] via 192.168.46.11, 00:00:01, GigabitEthernet0/0

Notice that there is no route to 192.168.46.0/24 in there....

Now here is the kicker, just messing around, I changed the VPN settings to use subnets 10.0.10.0/24 on MainRV and 10.0.11.0/24 on BranchRV instead of 192.168.41.0/24 and 192.168.46.0/24 respectivly. After I tried that the routes for the 10.0.3.0 were announced via RIP

Here is what the MainRouter's rip database looked like after I tried that

10.0.0.0/8    auto-summary

10.0.11.0/24

    [2] via 192.168.41.11, 00:00:18, GigabitEthernet0/0

192.168.41.0/24    auto-summary

192.168.41.0/24    directly connected, GigabitEthernet0/0

X.X.X.X/24    auto-summary

X.X.X.Y/30

    [1] via 192.168.41.11, 00:00:18, GigabitEthernet0/0

What gives? This really looks like a bug to me...

Anyhow I'm thinking a workaround might be to set up a GRE tunnel across those 10.0.X.X subnets to the other side so I can at least dynamically route traffic accross.... Without the RIP routes being announced I don't have automatic failover!

Thanks for your help,

   Curtis

6 Replies 6

janickle
Level 1
Level 1

Hi,

RIP V2 uses multicast to communicate routes.  Unfortunately multicast and broadcast traffic will not pass across an IPSec VPN.  To transmit this traffic across an IPSec you would need to build a GRE tunnel and then encapsulate that traffic with the IPSec.  However I do not believe the RV042 is capable of doing this.

Thank you,

Jason Nickle

Thanks for taking a look at my question.

I'm not looking ot have the routes announced across the vpn connection, what I'm looking for is to have the RV042 announce that it has routes to other subnets via the VPN connections to all local routers.

Right now it does not announce these VPN routes to locally connected routers. Thats the problem I'm facing.

Thanks,

   Curtis

Current RV series routers do not allow multicast traffic going through a site-to-site tunnel.

Yes as was explained to me previously.... by Jason Nickle multicast does not cross a site-to-site tunnel.

That is not what I want to have happen. What I want is for my RV042 to announce it's VPN routes to other routers on the same physical network. Which it currently is not doing.

Site 1

    Cisco IOS Router X - main router, local network traffic runs across this

     RVO42 X - has VPN link to RVO42 Y at Site 2

Site 2

  Cisco IOS Router Y - main router, local newtok traffic runs acress this

   RVO42 Y - has VPN link to RVO42 X at Site 1

The problem is that RV042 Y doesn't tell Router Y that it has a route to Site 1. And RV042 X doesn't tell Router X that it has a route to Site 2. So they are not locally announcing via RIP, the routes they have TO the respective remote sites.

What I was trying to say in my original post, is that the router will announce VPN routes if the vpn subnets are a class A 10.X.X.X subnet, but it doesn't announce them if they are a class C 192.168.X.X subnet. So what I am doing should be working, however it is not.

The problem is that RV042 Y doesn't tell Router Y that it has a route to Site 1. And RV042 X doesn't tell Router X that it has a route to Site 2. So they are not locally announcing via RIP, the routes they have TO the respective remote sites.

What I was trying to say in my original post, is that the router will announce VPN routes if the vpn subnets are a class A 10.X.X.X subnet, but it doesn't announce them if they are a class C 192.168.X.X subnet. So what I am doing should be working, however it is not.

If you could contact SBSC to let them confirm this, there is a good chance that the issue can be resolved in future firmware.

Ok I'll talk to them and report back.

Thanks teklui