cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3618
Views
0
Helpful
5
Replies

[Solved]RV082 - SRP527W site-to-site VPN - routing table ?

Hello,

i'm trying to create a VPN IPSEC link between 2 offices. The VPN link is created, and i can communicate but only one way.

Clients in Office B seems to have routing problem. Can you help me ?

Details :

Office A :

- SRP527W router.

- Client Network : 192.168.0.0 / 24

- Internal Address : 192.168.0.254 / 24

Office B :

- RV082 router (behind another router)

- Client Network : 192.168.6.0 / 24

- Internal Address : 192.168.6.253 / 24

- Internal Address that goes to the 1st router : 192.168.5.253

- 1st router internal address : 192.168.5.254

Layout :

Office A ----> SRP527W ----> INTERNET <----- GLOBAL ROUTER <------ RV082 -----< OFFICE B

       192.168.0.254                                                     192.168.5.254    5.253  6.254

VPN details :

Office A :

- remote group type = SUBNET 192.168.6.0 / 24

- local group = SUBNET 192.168.0.0 /24

- ID Address = 82.127.XXX.XXX

Office B :

- remote group type = SUBNET 192.168.0.0 /24

- local group = SUBNET 192.168.6.0 / 24

- IP Address = 192.168.5.253 (it can be reached however from Internet by passing through the 1st router with IP Address 37.1.XXX.XXX)

Facts :

From Office A, i can ping everything in 6.0 addresses.

From Office B, i can't ping anything in 0.0 subnet addresses. From the router itself with the diagnostic page, ping 192.168.0.1 works ?? But no other ping. Curious...

Routing table from Office B computer shows the following :

Itinéraires actifs :

Destination réseau    Masque réseau  Adr. passerelle   Adr. interface Métrique

           0.0.0.0          0.0.0.0    192.168.6.253    192.168.6.10       10

         127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1

       192.168.6.0    255.255.255.0     192.168.6.10    192.168.6.10       10

      192.168.6.10  255.255.255.255        127.0.0.1       127.0.0.1       10

     192.168.6.255  255.255.255.255     192.168.6.10    192.168.6.10       10

         224.0.0.0        240.0.0.0     192.168.6.10    192.168.6.10       10

   255.255.255.255  255.255.255.255     192.168.6.10    192.168.6.10       1

   255.255.255.255  255.255.255.255     192.168.6.10               3       1

   255.255.255.255  255.255.255.255     192.168.6.10           40005       1

Passerelle par défaut :     192.168.6.253

===========================================================================

Itinéraires persistants :

   Aucun

Tracert from Client computers at Office B shows that packets arrived to 192.168.6.253 and then it never reaches anything.

Is the problem related to the architecture at Office B ?

See attached files for a layout of Office B, and the routing table of the router at office B.

Thank you.

1 Accepted Solution

Accepted Solutions

Enable NAT-T on the SRP and configure remote ID as 192.168.5.253 in the IKE policy.

Not sure about the RV and whether that supports NAT-T.  It may detect NAT-T automatically, or may need to be configured (in which case, you'd configure the local ID)

Andy.

View solution in original post

5 Replies 5

Andrew Hickman
Cisco Employee
Cisco Employee

Hi Adrien,

Ensure that you configure the SRP to use NAT-T.  Configure remote ID as the RV private address.

Regards,

Andy

Thank you Andrew.

Do I need to enable NAT-T on both router or only on the SRP ?

(just to be sure, the SRP is the router on the office (A) where all clients can ping Office B)

Enable NAT-T on the SRP and configure remote ID as 192.168.5.253 in the IKE policy.

Not sure about the RV and whether that supports NAT-T.  It may detect NAT-T automatically, or may need to be configured (in which case, you'd configure the local ID)

Andy.

I've tryied your suggestion but i'm still unable to ping anything from site B to site A.

- NAT-T is enabled on the SRP. Remote ID is "192.168.5.253"

- NAT-T is enabled on the RV.

Doesn't work

I removed NAT-T from the RV, keeping only NAT-T configuration on the SRP, still no ping.

Traceroute still shows nothing after reaching default gateway (the VPN router) (192.168.6.253).

Thanks.

I've finally solved the problem.

During configuration of the RV, we had problem so i manually entered the routes in the advanced routing menu.

That's why you can see in the screenshot that each routes are set up twice.

By deleting all the entered routes, the router seems to understand better where the traffic should go.

Whatever, these routes are created automatically by learning from subnet and interfaces where cables are connect so no need to add them manually.

Thank you for your answer andy, i was missing the NAT-T things too i think.

Adrien.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: