I followed the steps that applied to me. They are the same as what I've done, but I've added the following options

- Netbios broadcast.

- NAT Traversal

- Dead Peer ... 30 secs

Do I need to add the networks in the routing tables? If this is the case, do i do it on the RV042s only or on the SG300 as well?

-----

From the .100.*

Tracing route to 192.168.1.1 over a maximum of 30 h

  1     1 ms     5 ms     4 ms  192.168.100.254
  2    <1 ms    <1 ms    <1 ms  10.1.1.1
  3     1 ms     1 ms     1 ms  x.x.x.1  (my ISPs Cisco800 gateway)
  4    22 ms    22 ms    26 ms  10.94.104.1
  5     *        *        *     Request timed out.

Thanks

ipsec peer ip is usually the public ip address where it terminates when nat is configured and its an edge router , is the Cisco 800  the device with the public ip or the RV042 as your screenshot shows the 800 series as the ISP router so im guessing that has the public ip  ? you need to have the ipsec tunnel set between public ip devices if its across the internet

This doc shows/explains the few steps you would need to configure in cli and whats required for a ipsec vpn , just setup the tunnel withy the security and then with your access-lists specify which lan subnets to go through the tunnel

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/867-cisco-router-site-to-site-ipsec-vpn.html

The RV042 has the public IP. The 800 is placed by our provider so we can have multiple IPs, so really we shouldn't consider the 800 as existing. I don't even have access to it.

The routers that I am using are not that advanced. Please see the attached screenshot. The one in the screenshot is what exists at the remote location. The one I am using at the company is its Cisco counterpart.

Do I have to create the routes manually? How does the remote router know about the 10.0.0.0 and .100 and .200 networks?

You need to allow those subnets .100.200  out on the vpn from the 10.1.1.1 side or else the remot side will not know about them , you do this on normal router through the access-list which is bound to the ipsec crypto map , specify which subnets are allowed across the tunnel anything that's not gets either natted or pushed directly to the internet

does it allow you do this under the gateway - gateway section in vpn

The access list I have on the routers is in the firewall screen. I am not sure if this is the one that you are talking about, but this is the only one that exists.

I was wondering if there is something that needs to be done on the advanced routing page (image 9). I know both routers know about each other because they are connected and they can ping each other, but we can't go beyond them.

Images 4-7 show the firewall settings on both routers.

What I am not sure of is when I add a static route, do I use the WAN port or the LAN port (image 9)

the acls looked correct allowing each lan subnet to speak to each other , to rule out your routing connect a device directly to each router set the ips and see if it works

The computers connected to each router (RV042) is able to see the remote router (the RV042 on the other side of the VPN). They are also able to see devices that have the same ip as the remote router. Ex:

PC with ip 192.168.1.100 is able to ping 10.1.1.1 and 10.1.1.2 and vice versa.

Does this answer your question?

The 10.1.1.x network is not part of the vpn acls looking at your previous screenshots , if you put in aN ACL rule allow 192.168.100.x - 10.1.1.x put a laptop connected to each rv042 with their respective ips and see if you can still ping as that traffic should then be going through vpn tunnel from subnet -subnet

Hello Mark,

I've added the ACLs on both routers as per your recommendation, but the problem still persists. Please take a look at images 10 and 11.

When i tracert to the other side, packets go through my ISP. I've never implemented something like this before, but my expectation is that if i am doing tracert 192.168.100.100, it would show something like:

192.168.1.1

10.1.1.1

192.168.100.254

192.168.100.100

When I try to add a static route, I am not sure whether to choose the WAN interface or LAN interface, nevertheless I tried both with no luck.

I should also note that I was only able to get the 100 and 200 networks to see the internet after I enabled multiple subnets on the RV042 and gave it an address of each of those networks (image 12). 

Hello Mark,

Do you think this is doable with the equipment I have or I have to look for a workaround?

Hello Mark,

Any new ideas about my issue?

Hello, CiscoEng

solve your issue? I have the same issue, regards,