cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4345
Views
0
Helpful
15
Replies

RV320 VPN Gateway to Gateway : how to route another VLAN into the tunnel ?

Thierry_TDG
Level 1
Level 1

Hello all,

 

Here is the technical situation :

 

FAL.png

 

Everything is working as intended except routing VLAN 2 subnets through the VPN tunnel :

- I cannot reach 172.31.173.0 subnet from site A

- I cannot reach 172.31.172.0 subnet from site B

 

Please note :

- Reaching 172.31.172.0 network hosts from Cisco RV320 on site A is working

- Reaching 172.31.173.0 network hosts from Cisco RV320 on site B is working

- L3 switches are the default gateway for all hosts on their respective subnets

 

So I don't succeed to route 172.31.172.0 and 172.31.173.0 subnets through VPN tunnels.

 

What am I missing ?

 

In advance, a big thank to those who will spend some time on this problem :-)

 

Denis

1 Accepted Solution

Accepted Solutions

Hello Georg,

 

I finally found the solution by myself.

 

The keypoint is that RV320 seems to be unable to route trafic for a VLAN of which is not a member of.

 

So on each RV320 :

  • I enabled VLANs
  • I added a second interface on corresponding VLAN 2
  • I ensured VLAN 2 interface was matching the local group of the second IPSec tunnel.
  • I removed static routes

The working configuration schema becomes then :

 

2018-12-03_19h54_38.png

 

Thanks again for your assistance.

 

Best regards,

 

Denis

View solution in original post

15 Replies 15

Hello,

 

what does your Local and Remote Group setup look like (page 83 thru 85 in the attached guide) ?

 

https://www.cisco.com/c/dam/en/us/td/docs/routers/csbr/rv320/administration/guide/en/rv32x_ag_en.pdf

Hello Georg,

 

Here they are with details (sorry for bad quality pictures).

 

Site A :

 

2018-11-26_09h47_50.png

2018-11-26_09h50_17.png

2018-11-26_09h52_52.png

 

Site B :

 

 

2018-11-26_09h57_45.png

2018-11-26_09h59_46.png

2018-11-26_10h04_24.png

 

One thing I would like to point out is the different traceroute results between site A and site B. It seems that the RV320 in site A does not forward packets to VLAN 2 of site B through its VPN tunnel but I cannot find the culprit in the GUI :

 

From site A (VLAN 1) to site B (VLAN 2) :

 

 

2018-11-26_10h08_26.png

 

From site B (VLAN 1) to Site A (VLAN 2) :

 

 

2018-11-26_10h17_47.png

 

Thanks for your help. Very much appreciated :-)

 

Denis

 

 

Hello,

 

stupid question maybe, but I assume both devices are in gateway mode ?

 

Can you try and enable RIPv2 and check the routing table (page 41 of the attached guide) ?

 

Your traceroute show the public IP address, which should not be visible at all. How is your NAT setup ?

Re,

 

No stupid questions, only stupid answers ;-)

 

So yes indeed, both RV320 are in GW mode.

 

Site A :

2018-11-26_11h07_40.png

2018-11-26_11h10_19.png

 

2018-11-26_11h11_45.png

Site B :

2018-11-26_11h14_17.png

2018-11-26_11h15_19.png

2018-11-26_11h16_17.png

 

As suggested I tried to enable RIPv2 but that did not solve the problem...

2018-11-26_11h21_40.png

==> So I revert back to RIP disabled.

 

Thanks,

 

Denis

Should I redo the RV320 config of Site A from scratch ?

Hello,

 

I cannot tell from your screenshoys what the tunnel endpoints are. Do the static routes have the other end of the tunnel as the next hop, on both sides ?

Yes, they have both the RV320 LAN IP from other site as the next hop.

 

Site A :

2018-11-26_11h07_40.png

 

Site B :

2018-11-26_11h14_17.png

 

If you need more informations or value hidden in a picture, I can send it to you in PV ...

 

Best regards,

 

Denis

Hello Denis,

 

I am looking at some other posts. Can you check your Dual WAN setting (System Management --> Dual WAN, page 56 of the guide) ? Make sure you select Smart Link Backup (Load Balance is the default, so you have to manually change that)...

 

 

Georg,

 

Again, many thanks for the time you are spending on this case. This is very much apreciated !

 

So as asked, I switched Dual Wan Load Balance Mode to Smart Link Backup on both sites :

 

2018-11-26_14h08_18.png

 

Unfortunately that did not solve the problem. However I kept this setting as it because you advised me to do so.

 

Denis

Hello Denis,

 

below is the link to the post that suggested to change the Dual WAN setting. There are some other suggestions, you might want to read through that and see if it helps...

 

https://community.cisco.com/t5/small-business-routers/cisco-rv320-to-rv320-gateway-to-gateway/m-p/3365988

Hello Georg,

Unfortunately the problem remains : unable to route 172.31.x.x trafic between both sites.

 

  • Changing the Dual Wan settings from default value to Smart Link does not solve the problem ; I switched back to the default value.
  • Nor with Aggressive mode (already enabled)
  • Nor by enabling NAT transversal (switched back to disabled)
  • Nor by disabling "Block WAN request" in FW settings (reverted back to enabled)

By the way, what I pointed out before, regarding the different results in the traceroute tests between site A and B is not revelant (actually this is coming from the different behavior of equipments beyond the FW because of different provider). It is now cleary appearing to me that both routers RV320 do not forward 172.31.x.x trafic through the VPN tunnel but route it through the internet connection...

I am really wondering what's wrong in my setup... RV320 should normally be able to handle that without any problem.

Any further help would be really appreciated :-)

 

Denis

Hello Georg,

 

I finally found the solution by myself.

 

The keypoint is that RV320 seems to be unable to route trafic for a VLAN of which is not a member of.

 

So on each RV320 :

  • I enabled VLANs
  • I added a second interface on corresponding VLAN 2
  • I ensured VLAN 2 interface was matching the local group of the second IPSec tunnel.
  • I removed static routes

The working configuration schema becomes then :

 

2018-12-03_19h54_38.png

 

Thanks again for your assistance.

 

Best regards,

 

Denis

Hello Denis,

 

good stuff, glad that you found the solution, I will definitely keep it on file.

Hi Georg, the link you share is remove or something else, i can't find the guide in this. Can you check again!