need to have remote users access to site-to-site subnets

LuvAggarwal61728 · ‎01-25-2020

hi,

I am using 2 rv340 routers on my 2 wan sites. i have 2 networks connected via a site-to-site vpn. 192.168.0.0 and 192.168.6.0.

I also have a l2tp vpn setup for remote users. network is 192.168.10.0 (this vpn is setup on the router for 192.168.0.0 network)

When a remote user is connected to router (ip 192.168.0.11), it can see the 192.168.0.0 network but it cannot see the subnet 192.168.6.0. I have added 192.168.10.0 to the both routers site to site vpn entries, but still nothing.

I used the router debug packet capture using http://routerip/debug/packet_capture.html and i found out that the traffic from the 192.168.10.0 network is going towards my ISP static ip address (wan address) but the traffic from my 192168.0.0 network is going directly to 192.168.6.0 network (probably over the site-to-site vpn).

Please help !!!

Georg Pauwen · ‎01-25-2020

Hello,

what do you mean with 'remote users' ? Are these users connected to either router through a VPN connection ? What about local LAN users on each side, can they reach the respective remote LAN ?

LuvAggarwal61728 · ‎01-26-2020

remote users means individual users logging in from home/offsite. These users are successfully connecting to the l2tp vpn configured on Site1's rv340 router (192.168.0.0) but they are not able to see (ping) any devices on site 2's subnet (remote subnet ) 192.168.6.0

The local LAN users are able to reach (ping/connect) any devices on the other subnet which is connected via site-to-site vpn.

LuvAggarwal61728 · ‎01-26-2020

below is the diagram for the network: 2 sites. AAP site (192.168.0.0) is where i have the router with the l2tp vpn setup. And the GAP site is the remote subnet. The users logging in from home are able to see all devices on aapsite but not on gap site.

Georg Pauwen · ‎01-26-2020

Hello,

is the AAP router the L2TP server, and if so, is the address pool added to the Local Traffic Selection in the Site-to-Site VPN configuration ?

Richard Burts · ‎01-26-2020

The original poster tells us that " I have added 192.168.10.0 to the both routers site to site vpn entries". I assume that means that 192.168.10.0 has been added to the access lists used to identify interesting traffic for the site to site vpn. It might be nice to see the details of that part of the configuration so that we can verify that 192.168.10.0 is a source going to 192.168.6.0 and is a destination coming from 192.168.6.0 to 192.168.10.0.

Beyond that there are several things that might be causing this issue:

- can you verify that the GAP router has a route for 192.168.10.0 that sends the traffic through the vpn?

- if there is any address translation being done on either router can you verify that 192.168.10.0 to 192.168.6.0 and 192.168.6.0 to 192.168.10.0 is exempt from translation?

- we do not know anything about how l2tp vpn is configured. Can you verify that l2tp vpn includes 192.168.6.0 as a valid destination network and that traffic from the remote client to 192.168.6.0 is transported over the vpn?

HTH

Rick

HTH

Rick

LuvAggarwal61728 · ‎01-27-2020

Hi rick,

on both routers, the firewall features are turn off. This is a small business router (rv340).

1. I have 192.168.10.0 network added as a static route on the gap router (192.168.6.11) and as part of the "ip address group" on both aap router and gap router site-to-site vpn configuration.
2. The routers on both sites are small business routers rv340. they don't allow any configuration through the console only thru the web interface.
3. for the l2tp vpn setup, there is not a lot of options on the web interface. i have added a picture to my post (See below).

Richard Burts · ‎01-28-2020

Thanks for the additional information. It does seem that there are not many options for configuring L2TP.

Is the GAP router doing any address translation?

HTH

Rick

HTH

Rick

LuvAggarwal61728 · ‎01-29-2020

gap router is doing NAT for wan traffic in the local network (192.168.6.0). But i have 192.168.10.0 network added in the site-to-site vpn config.

Richard Burts · ‎01-29-2020

Thanks for the additional information. Is it possible that traffic from 192.168.6.0 going to 192.168.10.0 is getting translated?

HTH

Rick

HTH

Rick

LuvAggarwal61728 · ‎02-01-2020

how to verify this? the routers knows to route the traffic from/to all 3 networks as they are part of the site-to-site vpn settings, so i don't think so but not 100% sure.

Richard Burts · ‎02-01-2020

I do not have much experience with that model of router and do not know what tools it offers to verify what is being translated. Perhaps a start would be for you to show us the section where translation is specified.

HTH

Rick

HTH

Rick

LuvAggarwal61728 · ‎01-27-2020

Yes aap router is also the l2tp server. i also have the address pool 192.168.10.0 added to the ip address group (i think this is specific to rv340 router) in the site-to-site vpn config.

paul driver · ‎01-26-2020

Hello

can you post a topology diagram please to help to visualise your setup and the issue your experiencing

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul