cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2051
Views
0
Helpful
15
Replies

Problem VPN RV082

Gustavo Oka
Level 1
Level 1

HI guys,

 

I am setup a VPN with another site, the VPN is working but we have problem to connect the pcs through this VPN. My local network is 192.168.0.0/24 and the local group of the VPN is 172.29.0.13/32. The question is how can I connect the PCS through this VPN?

15 Replies 15

Richard Burts
Hall of Fame
Hall of Fame

We do not know much about your environment and that makes it difficult to give good advice. Can you clarify whether this vpn is a site to site vpn or is a remote access vpn? Can you provide some specifics about how you configured this vpn?

 

HTH

 

Rick

HTH

Rick

Hi Richard,

First of all thank you for your reply.

 

So, the VPN is a site to site and the links are connected. What I don't know is how to connect the computers through this VPN because is /32.

Thanks for confirming that this is site to site vpn. In configuring site to site vpn you generally configure the address of the remote peer and you generally configure an access list for crypto. In that access list you generally define a network or subnet on your side whose traffic will be encrypted going to a network or subnet on the remote side. Is that how you configured your router? Can you provide some specifics from your configuration?

 

HTH

 

Rick

HTH

Rick

Yes, above the print of my VPN configuration. Look the local group /32.

 

 

Thank you for the additional information. It does make clear what is configured and with that configuration you would not be able to connect PCs to communicate through this vpn. If you want a group of PCs to use this vpn then the local group must be a subnet which includes the addresses of those PCs.

 

Note that in configuring site to site vpn that the configurations on both sides must agree. What you configure as local group must match what they configure as remote group, and what you configure as remote group must match what they configure as local group. So if you change your local group then they need to change their remote group.

 

HTH

 

Rick

HTH

Rick

Can I do a manual route in windows like this?

route -p add 172.29.0.13 mask 255.255.255.255 192.168.0.4

192.168.0.4 it's the IP of my RV082 that I used to connect the VPN.

A manual route in Windows will not have any effect on the site to site vpn. The Windows PC can only forward its traffic to your router. And the router has no knowledge of whether the PC used a specific route or used a default gateway. The control of what IP packets are encrypted and sent over the vpn depends on the router configuration.

 

HTH

 

Rick

HTH

Rick

Thank you.

I tried but I don't know. I created the subnet with LAN IP address 172.29.0.13 and Subnet Mask 255.255.255.0 but the local group continues IP 172.29.0.13/32 and didn't work. Is it correct?

There are several things that I do not understand and so have difficulty giving good advice. Please help me understand these things:

- You tell us in the original post that the LAN for your network is 192.168.0.0/24. Is that where the PCs will be that you want to use the vpn? If not then where will those PCs be? And what IP addresses will they have?

- the config page that you posted has the local group as 172.29.0.13/32. What is this address? Where is it? How did it get chosen for the vpn?

- the config that you posted has the remote group as 172.28.0.16/30. Are these the addresses that your PCs will need to access?

 

HTH

 

Rick

HTH

Rick

- You tell us in the original post that the LAN for your network is 192.168.0.0/24. Is that where the PCs will be that you want to use the vpn? If not then where will those PCs be? And what IP addresses will they have?
A: Yes, It's my local network.

- the config page that you posted has the local group as 172.29.0.13/32. What is this address? Where is it? How did it get chosen for the vpn?
A: The client send me it and said that I need to use this local group to use the VPN.

- the config that you posted has the remote group as 172.28.0.16/30. Are these the addresses that your PCs will need to access?
A: Yes

So, I tried to create a subnet with LAN IP address 172.29.0.13 and Subnet Mask 255.255.255.0 to connect to the IP of the VPN 172.29.0.13/32. Is it correct this logic?

Thank you for the additional information. Based on what you are telling me I believe that the local group should be 192.168.0.0/24. Perhaps you can ask the client what they intended 172.29.0.13 to be and how they intend it to be used.

 

Do you have anything in your network that is in 172.29.x.x?

 

HTH

 

Rick

HTH

Rick

Thank you.
The client won't change the local group to 192.168.0.0/24. So, I need to do something to attend they requirements, and I don't have anything in my network 172.29.x.x

What I tried to do is to create a subnet with the gateway 172.29.0.13 and mask 255.255.255.0 and configure the IPs in each desktop but didn't work.

Perhaps there is something about your environment (or the client's environment)  that I do not know which would explain it. But at this point it is not making much sense to me. Are you sure that 172.29.0.13 was intended as your local group? Could it perhaps have been their peer address or something?

 

If your LAN is 192.168.0.0 and they want it to appear in the vpn as 172.29.0.13 then perhaps the solution might be to do address translation for traffic going through the vpn. I am not sure if your RV082 would support that? And it would be quite unusual to translate addresses going through a site to site vpn, but perhaps that is what they intended. Can you ask the client to clarify what 172.29.0.13 means to them?

 

HTH

 

Rick

HTH

Rick

Richard,
Many thanks for your patience to help me.

The RV082 just has One to One NAT.
The configuration of the image is correct and my local LAN is 192.168.0.0. In my understand, for example if my local group is 172.29.0.13/30 I can create a subnet and has two computers with access in the VPN, but the problem is /32. I don't know how can I redirect the packets of some desktop in my lan 192.168.0.0 trough vpn or create a subnet with 172.29.0.13/32 to access the VPN

Review Cisco Networking for a $25 gift card