Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3724
Views
0
Helpful
6
Replies

RV110W Unable to access other subnets when using PPTP VPN

pwongkk77
Level 1
Level 1

‎01-02-2013 05:09 AM

Hi All,

I've encountered a problem when using PPTP VPN to access my network. I can connect in and able to ping the hosts connected to the RV110W.

My setup as follows:

RV110W (Router IP 192.168.254.1/24)

- Core router connecting to the Internet via WAN port

- Port 1 connect to a Linksys WRT54G router WAN port (IP 192.168.250.1/24 via static route 192.168.254.100/24)

- Port 2 connect to a Linksys WRT54G router WAN port (IP 192.168.251.1/24 via static route 192.168.254.200/24)

- Port 3 to a NAS (192.168.254.10)

- PPTP Server 192.168.254.2

- PPTP IP Range (192.168.254.240-244)

On the local network, I am able to ping the hosts in 192.168.250.x from 192.168.251.x and vice versa.

Static routes are configured to ensure that all networks are reachable.

The problem comes when I tried to VPN (PPTP) in from a remote location using the Windows XP's built in default VPN dialer.

When connected, I can ping all the hosts on 192.168.254.xxx segments, but when I tried to ping the hosts in 192.168.250.xxx and 192.168.251.xxx segments, I get a request timeout.

Using IPCONFIG /ALL, I get the following under the VPN section:

IP Address : 192.168.254.240

Subnet : 255.255.255.0

Gateway : 192.168.254.240

Doing a traceroute to 192.168.250.1, I get:

1st hop 192.168.254.2

2nd hop onwards all request timeout.

The routing table on the RV110W shows the gateway for 192.168.254.240 (the VPN IP address) as 0.0.0.0 and interface is WAN.

What am I missing and how should I configure the RV110W so that I can access the other subnets through VPN?

Labels:
0 Helpful
6 Replies 6

jonatrod
Level 7
Level 7

‎01-02-2013 07:08 AM

Good morning.

Thanks for using our forum.

Hi Kah, my name is Johnnatan and I am part of the Small business Support community.As you said, you can access just to one network per VPN using your RV042, in this case you set your PPTP VPN to access just to your network 192.168.254.xx, so you can ping all hosts in that network, however you can´t have access to another subnet per example 192.168.251.xx.

I hope you find this answer useful.

*Please mark the question as Answered or rate the answer so other will know when an answer has been found.

Greetings,

Johnnatan Rodriguez Miranda.

Cisco network support engineer.

“Please rate useful posts so other users can benefit from it” Greetings, Johnnatan Rodriguez Miranda. Cisco Network Support Engineer.
0 Helpful

pwongkk77
Level 1
Level 1
In response to jonatrod

‎01-02-2013 07:26 AM

Hi Jonathan,

Thanks for the reply.

In this case, how do I configure so that when I VPN into the RV110W, I can have access to the other segments such as 192.168.250.xxx and 192.168.251.xxx?

Any walkarounds?

The VPN IP address I got is 192.168.254.240/24, gateway is also 192.168.254.240. Is there any way I can change the gateway to something like 192.168.254.1? I suspect it is the gateway IP which is the same as my allocated IP being similiar preventing me to access the other networks.

As I've mentioned, I've configured static routes to the other segments and they are accessible when it's accessed locally.

Would really need help on this to get it working.

0 Helpful

Tom Watts
VIP Alumni
VIP Alumni
In response to pwongkk77

‎01-02-2013 07:55 AM

Hi KAH, PPTP usually isn't restricted by different subnets so long as the route table is present on the devices involved. You may be able to make separate VLAN for each subnet and use "intervlan routing" feature within the RV110W. This may clear it up and remove the need for the static routes.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

pwongkk77
Level 1
Level 1
In response to Tom Watts

‎01-02-2013 04:51 PM

Hi Tom,

This is my route table and topo. The routes to both networks are there but it just wouldn't get to 192.168.250.1 when I ping it.

0 Helpful

pwongkk77
Level 1
Level 1
In response to Tom Watts

‎01-06-2013 07:01 AM

I'm still unable to ping the other segments when I VPNed in from the RV110W.

But when I set up a VPN server using DDWRT in one of the Linksys routers, I am able to ping ALL the segments in the network. There is no change to the topology.

The problem definitely lies on the RV110W. Are there any solutions or is it a bug?

0 Helpful

Tom Watts
VIP Alumni
VIP Alumni
In response to pwongkk77

‎01-06-2013 08:01 AM

Are the other routers a NAT interface? Do those other routers contain the same static routes to send traffic back to the RV110W?

Like I said previously, you should make the 2 different VLAN on the RV110W to represent those other 2 LAN segments. This will ensure the PPTP is aware of those subnets and they are accessible through inter-vlan routing.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful
Customers Also Viewed These Support Documents