06-29-2013 11:42 AM
Hi there,
I have setup a IPsec connection between 2 sites.
Site A (RV220W) <---> Site B (Some other makes)
Both site connection established just fine, I can ping the hosts of Site B from Site A and thats how I know the tunnel is created.
My question is quite simple:
How can I force all traffic from Site A (including internet traffic) to Site B? And all internet surfing or whatsoever will no longer flow through the Site A's internet gateway, but instead flowing thrugh Site B's internet gateway.
Cheers!
Nemo
07-01-2013 08:44 AM
Hi,
The site to site tunnel needs to be Exchange Mode: Main; Direction Type: Both, try to use "Any" for the Remote IP
Regards,
Kremena
07-01-2013 09:48 AM
Hi there,
I believe that's the current settings, while both side host can see, ping and access each other respectively.
However it's the internet traffic would not route to Site B, instead it just route through local Site A gateway.
So i.e. where Site A's ISP blocked facebook.com and youtube.com and Site B's ISP does not, even though both are connected, all clients on Site A can still never be able to access facebook.com and youtube.com
Any suggestions?
Cheers!
07-02-2013 12:18 AM
Hi again,
Are you using the latest firmwre on RV220?
Apart from that i think your problem has 2 parts. First, you can easily check if RV220 is routing the i-net trafic through the VPN. Make Capture trafic from the Diagnositc menu, while you make ping to google.com from a PC in the LAN. You can open the file with Wireshark.
So if the ping is routed through the VPN you should see only ESP packets, if the trafic is routed through your ISP you should see one of the public IP of google as a destinatination in a ICMP request/replies.
Second story is if the remote router can route such trafic to i-net and back.through the VPN tunnel.
Best Regards,
Kremena
07-03-2013 11:34 PM
Thanks, I know it's not becasue clients on Site A is not appearing as Site B's public IP to the i-net
07-02-2013 11:12 AM
Hi,
If you want to route all the traffic through the VPN tunnel then you need to disable the split tunneling on the VPN router which is RV220 in your case. Split tunneling is commonly configured on the connecting client to receive pushed secure route's or set statically. In this situation, only specific traffic matching a "secure" destination address is forwarded out the virtual tunnel interface. All other traffic is routed normally and un-secured through the configured default gateway.
Split tunneling is a setting for SSL VPN that controls how the client decides what traffic must be sent through the VPN tunnel and what traffic may be sent out on its local network. There are some scenarios where only selected traffic destined for the corporate intranet must be sent through the tunnel, other (for example, Web) traffic may be sent out on the local network. By default split tunneling is enabled on VPN connection so that only traffic which needs secure connection sent over VPN tunnel and all other traffic like mails, messaging will be routed through unsecured channel. Once you disable the split tunneling feature then all the traffic will be routed to VPN Tunnel.
Regards,
Phanikrishna
07-03-2013 11:36 PM
Can you tell me step by step how to do this? I do not seems to find such option in RV220's interface menu, cheers!
07-04-2013 12:29 PM
The only way I ever figured out how to do this is for a client to dial into the second site's PPTP server. Then all the traffic on that client will route over the VPN, over PPTP, and out that site's IP.
Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
07-08-2013 09:29 PM
yes, but how?
Can anyone give me a step by step instruction guide? cheers!
07-08-2013 10:34 PM
Starting at page 122 in the manual, it describes how to add pptp users into the router. Then, you use Microsoft's built-in vpn client on xp/win7/etc to 'dial' the vpn connection. Here's a link to a guide from Microsoft:
http://support.microsoft.com/kb/314076
Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
08-13-2013 09:44 AM
Well, this is not exactly what we really want to configure, what I want is to forcing all traffic from Site A (including internet traffic) to Site B from the router.
Any clude?
11-10-2013 08:22 AM
What I described will do just that. You'll have to read the instructions for the particulars as I don't know the firmware well enough to walk you through it. But I'll try to answer any specific questions you have.
On the PC side, the setup is pretty simple. Again, read the guide, and I'll answer any specific questions.
Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide