05-27-2015 07:23 PM
Hello All,
I have three RV320 routers connected via gateway to gateway VPNs as follows:
Router A > Router B < Router C
Such that routers A and C connect to router B. All works fine as far as the VPN connections go except that clients from router A cannot get to router C and vice versa. Clients on router B can talk to both remote boxes without issue.
I've tried adding manual routing table entries in A and C but cannot seem to get them to work. I also enabled RIPv2 and was hoping the boxes would all broadcast their routes to one another but that doesn't work either.
Anybody have any of the same issues or any suggestions?
05-27-2015 07:42 PM
Hi,
what type of VPN did you referring too,
and would you able to share the config to analyze it
05-27-2015 08:28 PM
I'm not sure what you mean by what type of VPN other than it is a router to router VPN.
Each is configured using the following encryption settings:
Phase 1 -
Group 2 - 1024 bit
DES Encryption
SHA1 Authentication
SA Lifetime 28800
Phase 2 -
Group 2 - 1024 bit
DES Encryption
SHA1 Authentication
SA Lifetime 3600
Perfect Forward Secrecy is selected
All routers have static IP addresses.
Local group setup as follows:
Router A: 10.85.0.0/16
Router B: 10.33.0.0/16
Router C: 10.11.0.0/16
The only advanced setting selected is "Keep Alive"
So right now clients on 10.33.0.0/16 can ping 10.85.0.0/16 and 10.11.0.0/16. Clients on subnet 10.85.0.0/16 can ping 10.33.0.0/16 but not 10.11.0.0/16 and vice versa.
The VPN connections between routers all connect just fine. It's more a matter of getting the routing tables to update so the traffic can pass across them.
Thanks
05-27-2015 10:48 PM
If I understand correctly, you are trying to set up a hub-and-spoke network, i.e. B as "hub" and A/C as "spoke", spokes can access each other (directly or through hub). Currently RV320 does not support this kind of setup.
05-28-2015 04:03 PM
Hello Taylor Vick,
Sorry you are experiencing this issue but as Li Zhang said it is currently not supported for a hub-and-spoke network. However you can configure a Mesh network where you have a Gateway to Gateway tunnel configured to each router. If A and C are the spoke then you will need to configure a Gateway to Gateway tunnel between those two routers.
Hope this helps,
Michael D.
If this post is helpful please rate or mark as correct.
05-28-2015 07:16 PM
There is no way to configure the routing tables manually to get this to work? RIP cannot be used to distribute the routing tables? I don't understand why this wouldn't work.
05-28-2015 07:35 PM
RIP uses multicast or broadcast, which is not supported by native IPsec VPN. To carry multicast traffic over IPsec VPN tunnel requires something like GRE over IPsec, unfortunately RV320 does not support it.
05-28-2015 09:34 PM
Why can't I add manual routing entries to make this work? I can't seem to get that to work no matter what I try.
05-28-2015 10:46 PM
RV320 tunnels traffic based on the interesting traffic (local/remote network) of the VPN policy, instead of the static routes.
P.S. What static routes did you add?
05-29-2015 08:28 PM
I added this route:
Destination: 10.11.0.0
Mask: 255.255.0.0
Gateway: [public IP of router]
Hop Count: 5
Interface: WAN1 (eth1)
05-31-2015 06:51 PM
It's added to Router A, right? With it Router A will route the traffic destined to 10.11.0.0/16 out of WAN1 instead of encapsulating it in the tunnel.
04-18-2016 07:30 AM
In case you are still following this thread.
I am wondering if this is still the case.
I have a similar setup I am trying to do....
We purchased a RV320, so our workers can VPN into the RV320
I have the RV320 connected to two PIX 515e's
I want my remote users to be able to access resources behind the two 515e's.
Right now, I have things set up where servers that are on the LAN attached to the RV320 can access resources behind the 515e's.....
Now I need for my remote users to be able to do the same thing.
04-18-2016 06:56 PM
Is that Gateway-to-Gateway VPN tunnel between your RV320 and PIX 515E, and Client-to-Gateway VPN tunnel between the remote user and RV320? If so, the remote user can access the resources behind PIX515E, as long as the G2G tunnel between RV320 and PIX515E has the Local Network set to the address pool of the C2G VPN.
04-19-2016 03:40 AM
Yes you are correct.
The RV320 and two PIX 515Es are Gateway to Gateway
The clients are doing individual tunnels.
But you are saying the network has to be all the same LAN?
Hmm....
I have 3 networks behind one PIX
10.75.x.x/16, 10.76.x.x/16 and 10.77.x.x/16
Behind the other PIX
10.10.0.0/24
On the RV320 the LAN hanging off of it is
10.78.x.x/16
04-19-2016 11:58 PM
To access PIX subnet 10.75.x.x/16 from RV320 subnet 10.78.x.x/16, you must have a G2G tunnel configured on RV320 as:
Local Network: 10.78.x.x/16
Remote Network: 10.75.x.x/16
Is it correct?
Then suppose the remote clients get virtual address 192.168.200.x/24 (depending on how you configured the VPN server address pool on RV320), to enable access between 192.168.200.x/24 and 10.75.x.x/16, you will need to create a new G2G tunnel with:
Local Network: 192.168.200.x/24
Remote Network: 10.75.x.x/16
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide