VPN 2 ISP's Main Office - 1 ISP BranchOffice Gateway Problem

aceclub123 · ‎11-07-2011

We currently have an exchange server located at our head office IP address 192.168.0.10 with a Cisco Firewall/modem at gateway address 192.168.0.254. Connecting to the Internet picking up exchange mail and web browsing for the PC’s attached to Head office

We recently installed an additional Cisco VPN Router at address 192.168.0.253 (head Office) with its own isp connection to allow the remote office to connect ot our server and hopefully access exchange mail, accounting software etc.

A VPN Tunnel has been setup between Head office and the remote office; the tunnel stays connected and works fine. We can ping or connect to any computer at the remote office from the head office.

The problem is that we can’t ping or connect to any computers at the head office from the remote site that don’t the have the Cisco’s VPN Router’s IP address of (192.168.0.253)

The IP range at the Remote Office is 192.168.12.1-254 Gateway Address is 192.168.12.1

We can ping any Computer at head Office from the remote Office if the gateway address in the PC at the Head Office is changed to 192.168.0.253

Is there any way to translate IP address’s to allow access to Servers/printers at the Head Office from the Remote Office?

Remote Office IP Range

192.168.12.1 - 192.168.12.254

DNS Server (Windows 2008 Standard Server) 192.168.12.20

Gateway Ip 192.168.1.1

Head Office IP Range

192.168.0.1 – 192.168.0.254

DNS Server (Windows 2003 Standard Server) 192.168.0.254

Gateway Ip 192.168.0.10

Other Severs I need to get access to Head Office from the Remote Office

192.168.0.10 Exchange/active directory server

192.168.0.20 Aristocrat Database Server

192.168.0.4 Document Server

Routers – Cisco 8-Port VPN Routers Model No RV082

Marwan ALshawi · ‎11-07-2011

it seesm to be that you have issues with routing the traffic

if you can post the config of both head office routers and the remote office router config too

mask the public ips like x.x.x.10 for example

and remove any username and passowrd before posting it here

aceclub123 · ‎11-07-2011

Please find ip address info as follows if you need further info pls don’t hesitate to ask

Thank you for you help

Head Office Main Internet Connection

Cisco Router 192.168.0.254

Head Office VPN Connection to Remote Office

Gateway Ip 192.168.0.253 - Cisco VPN Router Model No RV082

Other Severs I need to get access at Head Office from the Remote/branch Office

192.168.0.10 Exchange/active directory server

192.168.0.20 Aristocrat Database Server

192.168.0.4 Document Server

Remote Office

IP Range 192.168.12.1 - 192.168.12.254

192.168.12.20 DNS Server (Windows 2008 Standard Server)

Gateway Ip 192.168.1.1 - Cisco VPN Router Model No RV082

We can ping any Computer at head Office from the remote Office if the gateway address in the PC at the Head Office is changed to 192.168.0.253

Marwan ALshawi · ‎11-07-2011

as i mentioned if you can attach the configurations of the routers will be helpful for people to help you

as it could be VPN ACL, or routing issue for example

aceclub123 · ‎11-09-2011

Main Internet Connection

NO DHCP Servers turned on in any Modems, Router or Firewalls

Modem Cisco 800 Series

Cisco Firewall Model – ASA 5510 Series

IP Address 192.168.0.254

Subnet 255.255.255.0

Secondary Internet VPN Connection

Head office can access all PC’s at the branch office, Branch office can only access Pc’s/Servers at head office if they have the secondary Internets connection gateway applied

Head Office - Network Setup

Linksys VPN Router RVo82

Head Office - Network Setup

Linksys VPN Router RVo82

VPN Connection

Branch Office - Network Setup

Linksys VPN Router RVo82

Branch Office - Network Setup

Linksys VPN Router RVo82

VPN Connection

darren.g · ‎11-09-2011

Michael Nobbs wrote:

Please find ip address info as follows if you need further info pls don’t hesitate to ask

Thank you for you help

Head Office Main Internet Connection

Cisco Router 192.168.0.254

Head Office VPN Connection to Remote Office

Gateway Ip 192.168.0.253 - Cisco VPN Router Model No RV082

Other Severs I need to get access at Head Office from the Remote/branch Office

192.168.0.10 Exchange/active directory server

192.168.0.20 Aristocrat Database Server

192.168.0.4 Document Server

Remote Office

IP Range 192.168.12.1 - 192.168.12.254

192.168.12.20 DNS Server (Windows 2008 Standard Server)

Gateway Ip 192.168.1.1 - Cisco VPN Router Model No RV082

We can ping any Computer at head Office from the remote Office if the gateway address in the PC at the Head Office is changed to 192.168.0.253

You've got a routing issue at the head office.

Basically, you have two different routers, but only one default route - so, since you don't have an entry for the network at the remote end, the traffic is sent to the default gateway - which doesn't know where to send the traffic, so drops it off.

You can do one of two things.

1) Connect the two routers to the same layer 2 domain (which it seems you may have already), and put a static route into the device at 192.168.0.254 basically saying "anything for network 192.168.12.0/24, send via 192.168.0.253" - not sure of the exact format for this because I've not worked with these apparent Linksys devices before, but on an IOS router you would do something like

ip route 192.168.12.0 255.255.255.0 192.168.0.253

on the device at 192.168.0.254

2) Put a static route for the 192.168.12.0/24 network into every device/PC/server on the 192.168.0.0 network - in a windows machine it goes something like this

route add -p 192.168.12.0 mask 255.255.255.0 192.168.0.253

Option 1 is easier and has the benefot of only needing to be done on one device, but may lead to issues with redirects or traffic load levels on your main router.

Hope this helps.

Cheers.