Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2105
Views
5
Helpful
13
Replies

RV340 Subnet

Go to solution
mcktx752
Level 1
Level 1

‎09-28-2021 09:35 AM

Hi all,

 

New to this so go easy on me. Ill attempt to explain everything I have so far.

 

I am using the RV340 VPN behind the ATT Arris BV320 residential gateway. The VPN "WAN" is configured as 192.168.1.xx

 

The LAN1(LAG with 1 and 2) is configured as 10.62.0.X. 10.62.0.1 being the RV340 LAN IP.


The residential gateway passes through no problem at all the the RV340.

 

I set up to PPTP connections. I cant configure the PPTP IP with 10.62.0.X because i get the 'subnet error'. The subnet I setup is 10.62.10.100-110. 

 

Internal connection and external. My results are as follows.

 

Connecting to the RV340 from public IP addresses. OK. Connects successfully

Connecting to the RV340 (192.168.1.XX from others in the 192 network). Connects successfully.

 

Here is where my problem is. In both cases above, I can only access resources in the 192. subnet. I have connected from various places outside the home (different states even) and connect successfully but only can see 192. devices. 

 

I CAN however access the RV340 from its 10.62.0.1 address when connected. What I cannot access though is other devices on the 10.62.0.X network. 

 

If I plug this laptop into the LAN2 port, I can access 10.62.0.X devices.

 

What I have eradicated is that the 10.62.0.X devices are ok and working fine. The tunnel is functioning fine.  For some reason other than the 10.62.0.1 address the RV340 has which I can access, nothing else on that network is accessible through the tunnel.

 

Any ideas?? 

 

Thanks!

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
nagrajk1969
Spotlight
Spotlight

‎10-02-2021 01:42 PM

Hi

 

so what i understand from your inputs is that your network deployment is as below (my assumption/approximation):

 

PC1----(switch)---LAG----vlan1[RV340]wan1----[isp-rtr]---PC2(pptp-client)

 

On RV340:

vlan1 ipaddress is 10.62.0.1/24 and is connected to internal lan-switch using LAG (LinkAggregation ports LAN1+LAN2????)

 

Pptp-server ip-pool is 10.62.10.100 to 10.62.10.110 ( which is absolutely correct config)

 

wan1 ipaddress is 192.168.1.2/24 with Default-Gw 192.168.1.1(which is the ipaddr of the ISP-Router)

 

On PC1:

 

PC1 ipaddress is 10.62.0.2/24 ; Default-Gw: 10.62.0.1

- you are confirming that the default route on this pc1 (checked using the command "route print" or route -n)

- you are able to ping to 10.62.0.1 and to wan1 ipaaddr 192.1681.2 from PC1???

- if not its a problem on PC1 network config and/or the switch/lag-config

 

On PC2:

- this is a windows-10 PC?

- its connected to internet and is able to access to access 192.168.1.2(rv340 wan1) from internet using a public-ipaddr that is static-NATed/DNATed by the ISP router to 192.168.1.2....

- As per your statement the PC2 is able to successfully establish a pptp-tunn to rv340....and so lets assume that after the tunnel is established, the virtual ipaddress 10.62.10.101 has been assigned to PC2

 

1. So you are confirming and checked that once the pptp-tunnel is up, on PC2, you are able to ping successfully to 10.62.0.1 ......???

 

2 But from PC2 you are NOT able to ping to 10.62.0.2 ? 

 

a) Ok, just to confirm, please check on this PC2 pptp-connection properties...in the ipv4 network properties (advanced), and ensure that the "Use default route/gateway on this interface/network" checkbox is enabled/checked

 

b) you will need to open/go into Network settings/ethernet/change-adapter-settings....page and then right-click the pptp-conn properties and access the Ipv4 network properties/advanced....something like that...on PC2

 

Note: As such once the tunnel is up, if you are able to ping to 10.62.0.1thru the pptp tunnel, then i guess the "use default gateway/route" checkbox is enabled by default...else you cannot ping ....but double check anyways

 

3. Try with removing the LAG connection (and connect normally) between the switch and rv340 vlan1....iam doubting the issue becos of the improper config of LAG on switch & rv340...its not forwarding the packets from PC2 to PC1 due to LAG misconfig

 

4. Another thing i can think of is to update the rv340 image to latest 1.0.03.22...

 

5.As such this is a simple enough (as you had mentioned that you are using all default settings on RV340...)....becos once the tunnel is established there is no reason whatsoever for PC2 not being able to ping to PC1 other than the settings/configs discussed in points above...

 

 

 

 

 

 

 

 

 

View solution in original post

0 Helpful

Go to solution
mcktx752
Level 1
Level 1
In response to nagrajk1969

‎10-04-2021 04:36 AM

When I was examining the routes per your suggestions yesterday and turning off the LAG, I noticed port mirroring was checked. 

 

I unchecked this and then saved and restarted the router. Now everything is working as expected.


I then went and reset the LAG to allow ports 1 and 2 to be aggregated. Again. No problems. Everything working as expected.


Not to sure if this is in fact the issue but I have a working configuration so the first thing I did was make a backup of the config file:)

 

Thank you so much for all your help. I have lost what was left of my hair the last couple of weeks with this thing!

 

Cheers

View solution in original post

13 Replies 13

Go to solution
nagrajk1969
Spotlight
Spotlight

‎09-28-2021 11:11 AM

Hi

 

Check whether all lan hosts in 10.62.0.x network have their default gateway (default route) ip address configured as 10.62.0.1

- ensure that this configured on the lan-hosts

 

Ensure that you have NOT added any firewall acl rules (permit/deny) manually/additionally/explicitly by you...that is any rules you may have added with reference to permit/deny traffic between 10.62.x.x and 192.x networks...please delete if any

 

 

0 Helpful

Go to solution
mcktx752
Level 1
Level 1
In response to nagrajk1969

‎10-02-2021 05:51 AM

Hi,

 

Thanks for your reply.


I confirm that the default route for the 10.62.0.x network is 10.62.0.1. I just tried to have the router assign the ip address via DHCP and still cannot access 10.62.0.x resources.

 

If I plug the same laptop into the 10.62.0.x switch no problems. Hard wired on the 10.62.0.x net can see the routers 10.62.0.1 IP address and access the cisco portal. Additionally, when bringing up the tunnel, the device connected from outside the network can also see the 10.62.0.1 portal when connected to the VPN.


No firewall rules other than default are there.

 

Any other ideas? 

0 Helpful

Go to solution
nagrajk1969
Spotlight
Spotlight

‎10-02-2021 01:42 PM

Hi

 

so what i understand from your inputs is that your network deployment is as below (my assumption/approximation):

 

PC1----(switch)---LAG----vlan1[RV340]wan1----[isp-rtr]---PC2(pptp-client)

 

On RV340:

vlan1 ipaddress is 10.62.0.1/24 and is connected to internal lan-switch using LAG (LinkAggregation ports LAN1+LAN2????)

 

Pptp-server ip-pool is 10.62.10.100 to 10.62.10.110 ( which is absolutely correct config)

 

wan1 ipaddress is 192.168.1.2/24 with Default-Gw 192.168.1.1(which is the ipaddr of the ISP-Router)

 

On PC1:

 

PC1 ipaddress is 10.62.0.2/24 ; Default-Gw: 10.62.0.1

- you are confirming that the default route on this pc1 (checked using the command "route print" or route -n)

- you are able to ping to 10.62.0.1 and to wan1 ipaaddr 192.1681.2 from PC1???

- if not its a problem on PC1 network config and/or the switch/lag-config

 

On PC2:

- this is a windows-10 PC?

- its connected to internet and is able to access to access 192.168.1.2(rv340 wan1) from internet using a public-ipaddr that is static-NATed/DNATed by the ISP router to 192.168.1.2....

- As per your statement the PC2 is able to successfully establish a pptp-tunn to rv340....and so lets assume that after the tunnel is established, the virtual ipaddress 10.62.10.101 has been assigned to PC2

 

1. So you are confirming and checked that once the pptp-tunnel is up, on PC2, you are able to ping successfully to 10.62.0.1 ......???

 

2 But from PC2 you are NOT able to ping to 10.62.0.2 ? 

 

a) Ok, just to confirm, please check on this PC2 pptp-connection properties...in the ipv4 network properties (advanced), and ensure that the "Use default route/gateway on this interface/network" checkbox is enabled/checked

 

b) you will need to open/go into Network settings/ethernet/change-adapter-settings....page and then right-click the pptp-conn properties and access the Ipv4 network properties/advanced....something like that...on PC2

 

Note: As such once the tunnel is up, if you are able to ping to 10.62.0.1thru the pptp tunnel, then i guess the "use default gateway/route" checkbox is enabled by default...else you cannot ping ....but double check anyways

 

3. Try with removing the LAG connection (and connect normally) between the switch and rv340 vlan1....iam doubting the issue becos of the improper config of LAG on switch & rv340...its not forwarding the packets from PC2 to PC1 due to LAG misconfig

 

4. Another thing i can think of is to update the rv340 image to latest 1.0.03.22...

 

5.As such this is a simple enough (as you had mentioned that you are using all default settings on RV340...)....becos once the tunnel is established there is no reason whatsoever for PC2 not being able to ping to PC1 other than the settings/configs discussed in points above...

 

 

 

 

 

 

 

 

 

0 Helpful

Go to solution
mcktx752
Level 1
Level 1
In response to nagrajk1969

‎10-02-2021 03:41 PM

I copied your message below with my responses. I wanted to make sure I checked off everything

 

so what i understand from your inputs is that your network deployment is as below (my assumption/approximation):

 

PC1----(switch)---LAG----vlan1[RV340]wan1----[isp-rtr]---PC2(pptp-client)

Yes, this is correct.

 

 

 

On RV340:

vlan1 ipaddress is 10.62.0.1/24 and is connected to internal lan-switch using LAG (LinkAggregation ports LAN1+LAN2????)

Yes this is correct.

 

 

Pptp-server ip-pool is 10.62.10.100 to 10.62.10.110 ( which is absolutely correct config)

Correct

 

 

wan1 ipaddress is 192.168.1.2/24 with Default-Gw 192.168.1.1(which is the ipaddr of the ISP-Router)

WAN1 ip address is 192.168.1.80. default gateway 192.168.1.254 Subnet 255.255.252.0 (Arris BV320 Gateway) I changed the subnet to 255.255.255.0. Still the same issue

 

On PC1:

 

PC1 ipaddress is 10.62.0.2/24 ; Default-Gw: 10.62.0.1

- you are confirming that the default route on this pc1 (checked using the command "route print" or route -n)

- you are able to ping to 10.62.0.1 and to wan1 ipaaddr 192.1681.2 from PC1???

- if not its a problem on PC1 network config and/or the switch/lag-config

 

PC1 is Linux (Centos)10.62.0.2

Can ping 10.62.0.1 and access 10.62.0.1 cisco through browser.

Can ping another 10.62.0.x host (Like 1 below). These are both hard wired.

 

 

Can ping PC2 below (Windows PC)

IP Address 10.62.0.30

Can ping 10.62.0.1 and access 10.62.0.1 cisco through browser.

Can ping another 10.62.0.x host (Like 1 above). These are both hard wired.

 

 

On PC2:

- this is a windows-10 PC? yes

- its connected to internet and is able to access to access 192.168.1.2(rv340 wan1) from internet using a public-ipaddr that is static-NATed/DNATed by the ISP router to 192.168.1.2....

- As per your statement the PC2 is able to successfully establish a pptp-tunn to rv340....and so lets assume that after the tunnel is established, the virtual ipaddress 10.62.10.101 has been assigned to PC2

Ill call this PC3.


I am able to connect via client to site and PPTP server from both internal to the 192. network AND exterior. When bringing up the tunnel from outside, I can access any resource on the 192. network but nothing on the 10.62 network

 

 

1. So you are confirming and checked that once the pptp-tunnel is up, on PC2, you are able to ping successfully to 10.62.0.1 ......???

I can ping 10.62.0.1 successfully.

 

 

2 But from PC2 you are NOT able to ping to 10.62.0.2 ? 

From PC3 I cannot reach either 62.0.2 or 62.0.30. But they can ping each other.

 

 

a) Ok, just to confirm, please check on this PC2 pptp-connection properties...in the ipv4 network properties (advanced), and ensure that the "Use default route/gateway on this interface/network" checkbox is enabled/checked

Confirmed. This is how its set

 

b) you will need to open/go into Network settings/ethernet/change-adapter-settings....page and then right-click the pptp-conn properties and access the Ipv4 network properties/advanced....something like that...on PC2

 

Note: As such once the tunnel is up, if you are able to ping to 10.62.0.1thru the pptp tunnel, then i guess the "use default gateway/route" checkbox is enabled by default...else you cannot ping ....but double check anyways

 

3. Try with removing the LAG connection (and connect normally) between the switch and rv340 vlan1....iam doubting the issue becos of the improper config of LAG on switch & rv340...its not forwarding the packets from PC2 to PC1 due to LAG misconfig

Removed so now VLAN1 is only to LAN1

 

 

4. Another thing i can think of is to update the rv340 image to latest 1.0.03.22...

This has already been updated to the latest.

 

5.As such this is a simple enough (as you had mentioned that you are using all default settings on RV340...)....becos once the tunnel is established there is no reason whatsoever for PC2 not being able to ping to PC1 other than the settings/configs discussed in points above...

 

 

 

 

0 Helpful

Go to solution
mcktx752
Level 1
Level 1
In response to mcktx752

‎10-02-2021 04:15 PM

Additional information if its relevant:

 

On the ARP table screen on the router, both 10.62.0.x hosts are showing up and are assigned to VLAN1 interface.

 

On the wan settings screen, wan 1.2 and 1.2 (Ipv4 connection PPTP and L2TP respectively) are both showing IPv4 status as down.Is that supposed to be the case?

 

0 Helpful

Go to solution
nagrajk1969
Spotlight
Spotlight

‎10-02-2021 06:33 PM

you did not answer the query

 

Can you ping from PC1(and/or PC2) that are in vlan1-lan to 192.168.1.80????

 

If not, can you simply post the output of the commands "route -n" and/or " route print" run on PC1 and PC2?

 

The PC1(10.62.0.2) and PC2(10.62.0.30) can communicate with each other becos they are in same subnet...BUT if they have to reply or communicate with PC3(10.62.10.101) that is in different subnet, they need to be configured with a default route(default-gateway) ip of 10.62.0.1....

 

 

0 Helpful

Go to solution
mcktx752
Level 1
Level 1
In response to nagrajk1969

‎10-03-2021 05:45 AM

Yes, both hosts (Linux and Windows) are able to ping 192.168.1.80.

 

I also attached screenshots of both outputs.

 

 

Preview file
1654 KB
Preview file
1128 KB
0 Helpful

Go to solution
nagrajk1969
Spotlight
Spotlight

‎10-03-2021 07:20 AM

Hi

ok thank you. 

Iam sorry i should have asked you in earlier post itself

 

1. After the pptp tunnel is UP on the windows-PC3...which is connecting from internet to rv340-wan, could you post the output of "route print" on the PC3?...after the tunnel is up.

 

2.And after tunnel is up on PC3, when you start sending ping to 10.62.0.30 as below from the cmd-line window (a continuous ping traffic)

 

ping 10.62.0.30 -t

 

a) while the above ping is being sent continuously from PC3....on the PC2(with ipaddr 10.62.0.30) can you kindly run wireshark to capture all traffic on the interface configured with the ip addr 10.62.0.30?.....and post the capture pcap file here?

 

- this is to check whether the ping packet is coming up to pc2 or not (basically to see whether the rv340 is forwarding the ping packet the lan-host pc2 or not....???..

 

3.Would you be ok to download and post the "running config xml file" of this RV340?

 

- becos there is NO earthly reason that i can think of that is preventing the forwarding of the packets from the pptp-clients to the lan-hosts with the present existing configs that you have mentioned....

 

- so iam thinking all other remaining areas/options to ascertain the root-cause of the issue observed by you...

 

- This is very strange...if it had been universal, many RV34X users would have already raised an issue-reports by now with similar observations, becos its a standard tunneling config that is expected to be working without any glitch and/or added configs...

 

- there is something missing here and we have not considered it at all till now....?????????

0 Helpful

Go to solution
mcktx752
Level 1
Level 1
In response to nagrajk1969

‎10-03-2021 08:50 AM

Ill get through these piece by piece. Heres the two route prints. One using the PPTP server connection and the other using the Client to site connection.

 

Both of the prints are from outside my home.

Preview file
29 KB
Preview file
26 KB
0 Helpful

Go to solution
nagrajk1969
Spotlight
Spotlight

‎10-03-2021 09:45 AM

Hi

 

a quick update. I checked the "route print" output of both clients - its perfectly correct and is as expected. This area on PC3 can now be eliminated from any further debugging...

 

i was going thru all of the previous discussions above....and i see that you have made the below statement in one of your posts

 

_---------------------------------

 

On the wan settings screen, wan 1.2 and 1.2 (Ipv4 connection PPTP and L2TP respectively) are both showing IPv4 status as down.Is that supposed to be the case?

------------------------------------

 

So my additional queries are:

1. what is the wan interface you are using & what is the wan-type you have configured ?

- is it that you have configured pptp-wan and/or l2tp-wan type on the wanX interface of rv340?

 

or

- have you configured a vlan-subinterface on wanx (say for example on wan1)???

- And if yes, what is the wan-type configured on this wan-with-vlansubinterface?...is it a static-ipaddr?....or is it pptp-wan/l2tp-wan on this vlansubinterface-on-wanX???

 

iam trying to gather the info so that i could try to run a similar simulation in my network using RV340...and check with the vpn tunnels and traffic thru them...based on the same wan config as in your network...

 

0 Helpful

Go to solution
nagrajk1969
Spotlight
Spotlight

‎10-04-2021 03:14 AM - edited ‎10-04-2021 03:20 AM

Hi

 

- with reference to the below network deployment of yours:

 

PC1----(switch)---LAG----vlan1[RV340]wan1(192.168.1.80)---[switch]---(1.254)[isp-rtr](public-ipaddr)------PC2(ipsec/pptp-client)

 

and on further study of your statement below (posted earlier):

 

>>>>On the wan settings screen, wan 1.2 and 1.2 (Ipv4 connection PPTP and L2TP respectively) are both showing IPv4 status as down.Is >>>>that supposed to be the case?

 

I did some experiments in my network (on RV345/340)...and in my personal opinion

 

1. You have configured for some reason a "pptp-wan-type/l2tp-wan-type" on your wan interfaces, and:

 

a) if you are really NOT requiring to connect to your ISP using  PPTP/L2TP connection, then please immediately "change" this to your actual requirement of configuring a "Static-WAN-IPadress" of 192.168.1.80/24 (with default-gw 192.168.1.254) on the wan-interface of RV340

 

b) just configure the 192.168.1.80 as a static-ipaddress on wan-interface

 

2.  if you have this requirement that your internet-linl/isp-link is to be configured as a pptp-wan-type/l2tp-wan-type, then i believe that presently its "mis-configured" on your RV340....

Note: If you want to discuss on how to actually configure a pptp-wan-type and l2tp-wan-type on RV340, we could discuss it separately 

 

3. Iam assuming that from outside/internet you are connecting the pptp/ipsec-clients from home using the "Public-IPaddress" provided by ISP AND also assuming that the required DNAT/1:1-STATIC-NAT is configured on ISP to map this "Public-IP to 192.168.1.80" for ALL-TRAFFIC

 

So in summary,

 

- with reference to above info and assumptions, in the tests done in my network (with Static-wan-ipaddr), the observations/results are that it is working as it should and iam NOT seeing any forwarding/routing issues for traffic from the ipsec/pptp-client to the internal-lan-hosts

NOTE: Ofcourse i have to mention that i HAVE NOT CONFIGURED LAG in my network...unfortunately i dont have the switch-resource in my lan-network at this point of time...so the lan-hosts are connected directly to the lan-ports of my RV340

 

- and just FYI and confirmation, i also did the same tests after i configured a PPTP-wan-type AND also next with L2TP-wan-type in my network...and in both cases, it was working correctly as expected.

 

hope the above info will be of some help

 

thanks & best wishes

 

 

0 Helpful

Go to solution
mcktx752
Level 1
Level 1
In response to nagrajk1969

‎10-04-2021 04:36 AM

When I was examining the routes per your suggestions yesterday and turning off the LAG, I noticed port mirroring was checked. 

 

I unchecked this and then saved and restarted the router. Now everything is working as expected.


I then went and reset the LAG to allow ports 1 and 2 to be aggregated. Again. No problems. Everything working as expected.


Not to sure if this is in fact the issue but I have a working configuration so the first thing I did was make a backup of the config file:)

 

Thank you so much for all your help. I have lost what was left of my hair the last couple of weeks with this thing!

 

Cheers

Go to solution
nagrajk1969
Spotlight
Spotlight

‎10-04-2021 06:44 AM

Thank you. Iam very happy to know that you have been able to solve your issue with the RV340

 

>>> I noticed port mirroring was checked.

>>>>Not to sure if this is in fact the issue but...

Interesting. I suppose the port-mirroring was enabled on the Internal-Lan-switch. I dont see any on RV340 though.

 

With port-mirroring enabled on the lan-switch - and iam assuming that it must be mirroring the 2-LAG switch-ports (configured on the Internal-lan-switch)

- there must be an issue on the lan-switch itself with this port-mirroring of LAG-PORTS 

- as such port-mirroring of normal switch-ports (non-lag ports) would NOT create any issue...becos thats what it is for...capturing active/flowing traffic without disrupting the standard routing/behavior...

 

best wishes and cheers

 

 

 

0 Helpful
Customers Also Viewed These Support Documents