cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5174
Views
0
Helpful
29
Replies

RV320 Issue Routing Between VPNs

Taylor Vick
Level 1
Level 1

Hello All,

I have three RV320 routers connected via gateway to gateway VPNs as follows:

 

Router A > Router B < Router C

 

Such that routers A and C connect to router B. All works fine as far as the VPN connections go except that clients from router A cannot get to router C and vice versa. Clients on router B can talk to both remote boxes without issue.

I've tried adding manual routing table entries in A and C but cannot seem to get them to work. I also enabled RIPv2 and was hoping the boxes would all broadcast their routes to one another but that doesn't work either. 

 

Anybody have any of the same issues or any suggestions?

29 Replies 29

I gave that a try yesterday while I was playing with things...and for a bit it worked, I could ping from my remote test client to my workstation behind one of the PIXs
But I rebooted the RV320 and it stopped working.

Li Zhang
Cisco Employee
Cisco Employee

That setup is supposed to work, so you might want to try again. Otherwise you can also back up the config file and open a support case to check where the problem is.

I will see if I can.

One thing I did notice, much later after I had been poking around for what cause the problem, was that the RV320 side of the tunnel, the NAT-T setting was unchecked after reboot.  It was set when I built the tunnel to the PIX and the PIX side setting was still in place.

On the RV320 side, do I need to set the Firewall -> Allow for the two subnets?
192.168.5.0 (RV320 Remote client) and 10.10.0.0/24 on the PIX side to talk?
Or is that done by just setting up the tunnel on the RV320 and exempting things on the PIX side?

Li Zhang
Cisco Employee
Cisco Employee

Unlike Cisco IOS/ASA, you don't need to create ACLs manually to allow VPN traffic. Just setting up the tunnel will automatically allow and NAT exempt such traffic.

Regarding the disappeared NAT-T setting, that is indeed weird. Not sure if the reboot caused configuration loss (partially if not all). So my suggestion is to try configure again.

Ok, gonna try again....
Gonna clear out the stuff on the PIX side...and go from there.

And to confirm what you said, the above "Allow" firewall rules, I can remove?
They are not needed?

what about the one for the Remote VPN Pool
should I put one in for 192.168.5.0 -> Any?

Li Zhang
Cisco Employee
Cisco Employee

The "allow" ACL rules are not necessary.

Roger that.

Ok, so I think I figured out how to get it working.....now I need to know if there is another way of doing this.....

What I had to do was build a tunnel for the PIX at one side (10.10.0.0) to connect to the RV320 Remote VPN Tunnels (192.168.5.0)
Then I set up the tunnel parameters for the remote users to connect to subnet 10.10.0.0 instead of the local lan hanging off the RV320

Doing that allowed me to ping from the Remote test client I have to my workstation sitting behind the PIX

How will I be able to do this for all the LANs I need access to?
10.75.../16
10.76../16
10.77../16
10.78../24
10.10.../24

Ok, I got it working.
Connection to all my networks are good to go. :)

Li Zhang
Cisco Employee
Cisco Employee

Good to know that! ;-)

Would you mind sharing with me the final topology? It would be interesting for me to find out if this is what I have in my mind.

So I built the G2G tunnels on the RV320 and PIXs to their respective LANs....the tunnels on the RV320 side went to the Virtual Pool subnet for the remote users (192.168.5.0/24)
So
At PIX #1
10.75../16
10.76../1610.77../16

At PIX #2
10.10.0./24

Subnet off of RV320 is 10.78.0./24


Then for the Remote Client tunnels, I set them so that they connected to
10.0.0.0/8
By doing so, the RV320 handled the routing between the proper tunnel.

Li Zhang
Cisco Employee
Cisco Employee

This is what I think. Thank you for confirming it.

;-)

You are welcome.
Thanks for the help.

well I removed the settings for the Tunnel on the PIX side, and re-did that setup.
It establishes the Tunnel
If I look at the established tunnels in the PIX, it is there.

You can see Bytes Sent counter goes up.....but the Bytes Received Counter is staying at zero.

My remote client test setup (192.168.5.100) I have set to ping my workstation, and it has no response.