Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1534
Views
5
Helpful
9
Replies

Static Routing through VPN Tunnel

joeac
Level 1
Level 1

ā€Ž09-30-2021 12:20 PM - edited ā€Ž09-30-2021 12:31 PM

Hello friends, I'm currently having difficulties setting up the routing tables of my routers and would like some insight from the community. Below are the details.

 

I'm communicating Site A with Site B through a VPN Tunnel, using a couple of RV042G Cisco routers. The tunnel is working fine and hosts can ping each other on both networks.

 

Site A is the 172.31.32.120 network, Site B is the 172.30.32.120 network. But site B has a network connected further which is the 172.12.30.0 network.

 

My problem is that network 172.31.32.120 doesn't know about network 172.12.30.0 and I can't set up static routes because of the VPN tunnel. It won't let me choose the gateway for network 172.30.32.120 as the next hop router because it's on the other side of the tunnel.

 

The router's configuration won't let me make the changes to the routing table, it sends the packets destined for 172.12.30.0 through the default gateway and the packets get lost in the internet.

 

Perhaps I could try setting up some kind of NAT to facilitate the routing process, but it seems unlikely since I'm only working with private addresses besides the public ones used for Tunnel setup.

 

 

Labels:
0 Helpful
9 Replies 9

OleTimer
Level 1
Level 1

ā€Ž09-30-2021 01:51 PM

I'm going to make some assumptions, but you can change the command based on what you have.  You might need to change the subnet mask and the tunnel interface number, but you can point a static route out an interface.  You could also use dynamic routing, and advertise the network to your router from the tunnel neighbor.

 

ip route 172.12.30.0 255.255.255.0 interface tu0

0 Helpful

OleTimer
Level 1
Level 1
In response to OleTimer

ā€Ž09-30-2021 02:13 PM

It also just hit me that you might want to look at the router, or layer 3 switch that has the gateway for the 172.12.30.0 network to make sure it has a route to the 172.31.32.120 network.

0 Helpful

joeac
Level 1
Level 1
In response to OleTimer

ā€Ž10-01-2021 09:59 AM - edited ā€Ž10-01-2021 10:00 AM

Excuse my lack of understanding but, do all routers support command line inputs? I haven't figured out how to access it on my router so all I have for now is the GUI of the RV042G models. 

 

When I configured the tunnel on 172.31.32.120 to 172.30.32.120, a route to 172.30.32.120 via my internet modem, was added to the routing table.


When I try to add the line for 172.12.30.0 via 172.30.32.120 to the routing table via the Static Routing GUI window, the software won't add it, perhaps because the GUI software is not recognizing the VPN tunnel to 172.30.32.120 as an interface. 

OleTimer
Level 1
Level 1
In response to joeac

ā€Ž10-01-2021 11:00 AM

I hadn't seen that model before.  When I look at how it's configured in the gui I'm not sure exactly what it's doing.  Can you do a traceroute to the network that works, and see what hops are present?

0 Helpful

joeac
Level 1
Level 1
In response to OleTimer

ā€Ž10-01-2021 03:32 PM - edited ā€Ž10-01-2021 03:40 PM

Yes, when I do a traceroute from the 172.31.32.120 network, to the 172.30.32.120 network, the VPN tunnel works just fine, it gets there in 2 hops.

 

But when I try to do a traceroute from 172.31.32.120 to 172.12.30.0, the packet gets to the gateway of 172.31.32.120 and then is sent to the default route in the routing table instead of through the VPN tunnel. The routing table can't be configured much in the RV042G's GUI besides adding lines for static routing, but I don't think even the default route can be changed.

 

I'm starting to think that this model can't handle static routing through VPN tunnels, the GUI won't let me add a static route since it won't recognize the tunnel as an interface. And I think this model can't be configured with command lines.

0 Helpful

MHM Cisco World
VIP
VIP

ā€Ž09-30-2021 01:53 PM

Use tunnel outlet instead of next hop

0 Helpful

Georg Pauwen
VIP
VIP

ā€Ž10-01-2021 10:52 AM

Hello,

 

I don't have an RV042G around to test this, but can you add a second tunnel with the same source, but different remote subnet (172.12.30.0) ?

0 Helpful

joeac
Level 1
Level 1
In response to Georg Pauwen

ā€Ž10-01-2021 10:59 AM

Hello, I don't have access to the 172.12.30.0 router configuration, so I can't make a tunnel to that side, it's a requirement to get from 172.31.32.120 to 172.12.30.0 through 172.30.32.120, the topology has to remain like this because of the job requirements.

0 Helpful

Chris_R1
Level 1
Level 1

ā€Ž10-01-2021 07:28 PM

If Site A (172.31.32.120/29) can reach Site B (172.30.32.120/29) across the tunnel but not the downstream 172.12.30.0/24, try the following if using static routing:

 

On the Site A router configure:  ip route 172.12.30.0 255.255.255.248 <ip of the local interface which the tunnel is on>

Example:  ip route 172.12.30.0 255.255.255.248 172.31.32.121

 

On the router containing the remote network, configure:  ip route 172.31.32.120 255.255.255.248 <ip of the local interface which the tunnel is on>

Example:  ip route 172.12.31.0 255.255.255.248 172.30.32.121

 

What are your subnet sizes?

What are the IP's of the tunnel ends?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card