Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
745
Views
0
Helpful
2
Replies

PPTP VPN access to Main Branch - Enable access to all other locations connected via MESH Topology

warrickscpdla
Level 1
Level 1

‎07-16-2015 10:24 AM

I currently have 7 locations connected in a mesh topology via Gateway to Gateway VPN Tunnels.

All locations can see all other locations without any problems.

 

What I'm trying to achieve is PPTP remote access to the main location that allows that user access to all other locations connect in the mesh.

 

Currently when connected externally via PPTP I can only access the subnet of the head office.

 

Head office is running an RV325, all other locations running RV042Gs.

 

Subnets are 192.168.1.x thru 192.158.7.x 

 

Any advice would be appreciated.

Labels:
0 Helpful
2 Replies 2

Dan Miley
Level 3
Level 3

‎07-23-2015 12:13 PM

I set this up in the lab and it came up fairly easily

First set the LAN of the rv320 to 10.0.10.1, and the PPTP range to 10.0.100.100-129.  These are both covered by the network  range 10.0.0.0 /16, and that is the range used for the local and remote traffic selectors.

Next we configure the tunnel, set the interesting traffic for site 2 -192.168.2.x/24 and the head office to -10.0.0.0 /16, make sure the encryption, shared key,  and timers match. That site to site tunnel came up,

Then connected the pptp client . At this point I was able to ping, and test with RJL port listener across the tunnel (both to the 192.168.2.x from pptp, and to the pptp client from the 192.168.2.x net)

 

There are a couple considerations,

  • Pptp client needs to be full tunnel to allow it to send traffic to the remote site to site vpn.  This config would probably also work with ipsec client if it was full tunnel.
  • Rv042 can only do one vpn policy per ipsec policy so we cannot have 2 tunnels for the lan and pptp ranges from the  remote sites.
  • The lan side of the rv320 and the pptp network range need to be included in the range used for the site to site tunnel.
  • You can use another smaller range than 10.0/16 , but I figured using the 10 range gave less confusion with where networks are located.  I could have used 192.168.0/23, but  192.168.1.x and 192.168.0/x are used for the default lan address of many home/small business routers.  Those ranges could conflict and cause network overlap.
  • Windows firewall prevented my connecting with http and ping, until I allowed it on the windows workstation firewall. Be aware if you can ping and remotely manage the remote router (192.168.2.1) but not the client, that may be why.

 

see attached doc for screenshots of the router gui and routing table.

 

 

Dan

Preview file
10340 KB
0 Helpful

Dan Miley
Level 3
Level 3

‎07-30-2015 07:04 AM

I set this up in my lab with rv320, and rv042 site to site, with the pptp network on the same ip range as the rv320 lan.

 

I was able to get the traffic to go to the remote site without any supernetting by setting 'use default gateway on the remote network' in the pptp network adapter settings

properties --> networking--> ipv4--> advanced.

 

hope this helps, Flag this post if it does.

Dan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents