Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3949
Views
0
Helpful
5
Replies

[Solved]RV082 - SRP527W site-to-site VPN - routing table ?

Go to solution
g2metric_g2metric
Level 1
Level 1

‎08-30-2012 01:17 AM

Hello,

i'm trying to create a VPN IPSEC link between 2 offices. The VPN link is created, and i can communicate but only one way.

Clients in Office B seems to have routing problem. Can you help me ?

Details :

Office A :

- SRP527W router.

- Client Network : 192.168.0.0 / 24

- Internal Address : 192.168.0.254 / 24

Office B :

- RV082 router (behind another router)

- Client Network : 192.168.6.0 / 24

- Internal Address : 192.168.6.253 / 24

- Internal Address that goes to the 1st router : 192.168.5.253

- 1st router internal address : 192.168.5.254

Layout :

Office A ----> SRP527W ----> INTERNET <----- GLOBAL ROUTER <------ RV082 -----< OFFICE B

       192.168.0.254                                                     192.168.5.254    5.253  6.254

VPN details :

Office A :

- remote group type = SUBNET 192.168.6.0 / 24

- local group = SUBNET 192.168.0.0 /24

- ID Address = 82.127.XXX.XXX

Office B :

- remote group type = SUBNET 192.168.0.0 /24

- local group = SUBNET 192.168.6.0 / 24

- IP Address = 192.168.5.253 (it can be reached however from Internet by passing through the 1st router with IP Address 37.1.XXX.XXX)

Facts :

From Office A, i can ping everything in 6.0 addresses.

From Office B, i can't ping anything in 0.0 subnet addresses. From the router itself with the diagnostic page, ping 192.168.0.1 works ?? But no other ping. Curious...

Routing table from Office B computer shows the following :

Itinéraires actifs :

Destination réseau    Masque réseau  Adr. passerelle   Adr. interface Métrique

           0.0.0.0          0.0.0.0    192.168.6.253    192.168.6.10       10

         127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1

       192.168.6.0    255.255.255.0     192.168.6.10    192.168.6.10       10

      192.168.6.10  255.255.255.255        127.0.0.1       127.0.0.1       10

     192.168.6.255  255.255.255.255     192.168.6.10    192.168.6.10       10

         224.0.0.0        240.0.0.0     192.168.6.10    192.168.6.10       10

   255.255.255.255  255.255.255.255     192.168.6.10    192.168.6.10       1

   255.255.255.255  255.255.255.255     192.168.6.10               3       1

   255.255.255.255  255.255.255.255     192.168.6.10           40005       1

Passerelle par défaut :     192.168.6.253

===========================================================================

Itinéraires persistants :

   Aucun

Tracert from Client computers at Office B shows that packets arrived to 192.168.6.253 and then it never reaches anything.

Is the problem related to the architecture at Office B ?

See attached files for a layout of Office B, and the routing table of the router at office B.

Thank you.

Labels:
Preview file
32 KB
Preview file
17 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Andrew Hickman
Cisco Employee
Cisco Employee
In response to g2metric_g2metric

‎08-30-2012 02:58 PM

Enable NAT-T on the SRP and configure remote ID as 192.168.5.253 in the IKE policy.

Not sure about the RV and whether that supports NAT-T.  It may detect NAT-T automatically, or may need to be configured (in which case, you'd configure the local ID)

Andy.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Andrew Hickman
Cisco Employee
Cisco Employee

‎08-30-2012 02:59 AM

Hi Adrien,

Ensure that you configure the SRP to use NAT-T.  Configure remote ID as the RV private address.

Regards,

Andy

0 Helpful

Go to solution
g2metric_g2metric
Level 1
Level 1
In response to Andrew Hickman

‎08-30-2012 05:11 AM

Thank you Andrew.

Do I need to enable NAT-T on both router or only on the SRP ?

(just to be sure, the SRP is the router on the office (A) where all clients can ping Office B)

0 Helpful

Go to solution
Andrew Hickman
Cisco Employee
Cisco Employee
In response to g2metric_g2metric

‎08-30-2012 02:58 PM

Enable NAT-T on the SRP and configure remote ID as 192.168.5.253 in the IKE policy.

Not sure about the RV and whether that supports NAT-T.  It may detect NAT-T automatically, or may need to be configured (in which case, you'd configure the local ID)

Andy.

0 Helpful

Go to solution
g2metric_g2metric
Level 1
Level 1
In response to Andrew Hickman

‎09-03-2012 06:29 AM

I've tryied your suggestion but i'm still unable to ping anything from site B to site A.

- NAT-T is enabled on the SRP. Remote ID is "192.168.5.253"

- NAT-T is enabled on the RV.

Doesn't work

I removed NAT-T from the RV, keeping only NAT-T configuration on the SRP, still no ping.

Traceroute still shows nothing after reaching default gateway (the VPN router) (192.168.6.253).

Thanks.

0 Helpful

Go to solution
g2metric_g2metric
Level 1
Level 1
In response to g2metric_g2metric

‎09-03-2012 07:22 AM

I've finally solved the problem.

During configuration of the RV, we had problem so i manually entered the routes in the advanced routing menu.

That's why you can see in the screenshot that each routes are set up twice.

By deleting all the entered routes, the router seems to understand better where the traffic should go.

Whatever, these routes are created automatically by learning from subnet and interfaces where cables are connect so no need to add them manually.

Thank you for your answer andy, i was missing the NAT-T things too i think.

Adrien.

0 Helpful
Customers Also Viewed These Support Documents