cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Please be advised, the GuideMe Wizard is no longer available on the Small Business Support Community. For search capability please use the community search field to find content related to Cisco Small Business documents, videos, and discussions.
1979
Views
0
Helpful
3
Replies
Highlighted
Beginner

Cisco RV042, VPN Hub and Spokes, connecting spokes issue

Hi,

I have few router Cisco RV042, and VPN links between them with a hub and spokes topology.

Every spoke VPN works, they succeed to connect to the hub.

The hub can see every spokes VPN active.

A computer under the hub can connect to a computer under any spoke.

A computer under any spoke can connect to a computer under the hub.

That works great.

Now, what I really need is to connect computers under a spoke to connect to computers under an other spoke.

This do not work.

Actual LAN configuration :

HUB     IP / mask: 192.168.0.1 / 255.255.255.0

Spoke1 IP / mask: 192.168.1.1 / 255.255.255.0

Spoke2 IP / mask: 192.168.2.1 / 255.255.255.0

I was wondering if the Cisco RV042 can be configure to allow that and HOW?

If it can't be done, what other router should I use as the HUB? Does I need to change the spokes as well?

Thank you and have a nice day

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Rising star

Cisco RV042, VPN Hub and Spokes, connecting spokes issue

Hope this document can point you to the right direction.

https://supportforums.cisco.com/docs/DOC-12534

3 REPLIES 3
Beginner

Cisco RV042, VPN Hub and Spokes, connecting spokes issue

Hi Charles,

I don't think thes devices will support that very easily.  For this to work over the tunnel the RV's need to 'tag' the traffic that is destined for the tunnel.  You do this by defining the networks for the remote and local ends.

You will need to convince the router at a spoke site that it needs to send the traffic destined for the other spoke through the tunnel to the HUB. On more sophisticated devices you include the destination network in the encryption group so the device knows traffic to this network must be forwarded to the tunnel.  The RV's don't have this capability it seems.

The only way I think is to create another tunnel from a spoke to all the other spokes that it needs to communicate with - essentially a mesh the VPN tunnels.  This should work for you because there are a small number of sites.

If there's a requirement of passing through the hub you may need to create separate tunnels to the hub for the different network pairs you need to communicate (I don't know if the router will allow this). For example:

For Spoke1->Spoke2(via HUB)

Configure VPN from Spoke1 to HUB using Spoke1 Local network and Spoke2 as Remote network.

Configure VPN from HUB to Spoke1 to using Spoke2 Local network and Spoke1 as Remote network.

Then the reverse:

For Spoke2-Spoke1(via HUB)

Configure VPN from Spoke2 to HUB using Spoke2 Local network and Spoke1 as Remote network.

Configure VPN from HUB to Spoke2 using Spoke1 Local network and Spoke2 as Remote network.

Again, this becomes tedious as the number of sites grows (assuming it even works).

Possibly a feature consideration on the RV series Cisco?

Regards,

T.

Rising star

Cisco RV042, VPN Hub and Spokes, connecting spokes issue

Hope this document can point you to the right direction.

https://supportforums.cisco.com/docs/DOC-12534

Beginner

Re: Cisco RV042, VPN Hub and Spokes, connecting spokes issue

Thank you tekliu to pin point this thread, it's the way toward the solution.

Things that I've done:

In the VPN tunnels configuration, set the hub mask as 255.255.0.0

So the Spokes redirects 192.168.x.x trafic toward the HUB.

I have tryed this before, without good result, but the post told me what was wrong:

"The issue is now fixed in firmware 4.0.3.03."

There is still one problem that remain: unstable link.

When a spoke ping the other spoke, 25% succeed, 75% fail. ALWAYS! wierd.

I mean, on a computer under spoke1, I did:

ping 192.168.2.1 -t

The first ping gets a reply, the 3 other timeout, then a reply, then 3 timeout, then a reply, etc...

When the HUB ping any spoke, it's fast and reliable (100% succeed).

BUT when the HUB ping a spoke AT THE SAME TIME the computer under spoke1 do the ping on spoke2, the HUB has the same problem.

I think the problem here is that the HUB don't know what to do with trafic.

I added static routing to the HUB:

subnet 192.168.1.0 / 255.255.255.0 -> gateway 192.168.1.1

subnet 192.168.2.0 / 255.255.255.0 -> gateway 192.168.2.1

Still does not work.

Any idea?