I have few router Cisco RV042, and VPN links between them with a hub and spokes topology.
Every spoke VPN works, they succeed to connect to the hub.
The hub can see every spokes VPN active.
A computer under the hub can connect to a computer under any spoke.
A computer under any spoke can connect to a computer under the hub.
That works great.
Now, what I really need is to connect computers under a spoke to connect to computers under an other spoke.
This do not work.
Actual LAN configuration :
HUB IP / mask: 192.168.0.1 / 255.255.255.0
Spoke1 IP / mask: 192.168.1.1 / 255.255.255.0
Spoke2 IP / mask: 192.168.2.1 / 255.255.255.0
I was wondering if the Cisco RV042 can be configure to allow that and HOW?
If it can't be done, what other router should I use as the HUB? Does I need to change the spokes as well?
Thank you and have a nice day
Solved! Go to Solution.
I don't think thes devices will support that very easily. For this to work over the tunnel the RV's need to 'tag' the traffic that is destined for the tunnel. You do this by defining the networks for the remote and local ends.
You will need to convince the router at a spoke site that it needs to send the traffic destined for the other spoke through the tunnel to the HUB. On more sophisticated devices you include the destination network in the encryption group so the device knows traffic to this network must be forwarded to the tunnel. The RV's don't have this capability it seems.
The only way I think is to create another tunnel from a spoke to all the other spokes that it needs to communicate with - essentially a mesh the VPN tunnels. This should work for you because there are a small number of sites.
If there's a requirement of passing through the hub you may need to create separate tunnels to the hub for the different network pairs you need to communicate (I don't know if the router will allow this). For example:
For Spoke1->Spoke2(via HUB)
Configure VPN from Spoke1 to HUB using Spoke1 Local network and Spoke2 as Remote network.
Configure VPN from HUB to Spoke1 to using Spoke2 Local network and Spoke1 as Remote network.
Then the reverse:
For Spoke2-Spoke1(via HUB)
Configure VPN from Spoke2 to HUB using Spoke2 Local network and Spoke1 as Remote network.
Configure VPN from HUB to Spoke2 using Spoke1 Local network and Spoke2 as Remote network.
Again, this becomes tedious as the number of sites grows (assuming it even works).
Possibly a feature consideration on the RV series Cisco?
Thank you tekliu to pin point this thread, it's the way toward the solution.
Things that I've done:
In the VPN tunnels configuration, set the hub mask as 255.255.0.0
So the Spokes redirects 192.168.x.x trafic toward the HUB.
I have tryed this before, without good result, but the post told me what was wrong:
"The issue is now fixed in firmware 4.0.3.03."
There is still one problem that remain: unstable link.
When a spoke ping the other spoke, 25% succeed, 75% fail. ALWAYS! wierd.
I mean, on a computer under spoke1, I did:
ping 192.168.2.1 -t
The first ping gets a reply, the 3 other timeout, then a reply, then 3 timeout, then a reply, etc...
When the HUB ping any spoke, it's fast and reliable (100% succeed).
BUT when the HUB ping a spoke AT THE SAME TIME the computer under spoke1 do the ping on spoke2, the HUB has the same problem.
I think the problem here is that the HUB don't know what to do with trafic.
I added static routing to the HUB:
subnet 192.168.1.0 / 255.255.255.0 -> gateway 192.168.1.1
subnet 192.168.2.0 / 255.255.255.0 -> gateway 192.168.2.1
Still does not work.