cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

421
Views
0
Helpful
1
Replies
richieaharbour
Beginner

RV160 - Unable to access local network over VPN

I have RV160 Router that is part of my network, the RV160 is only used for VPN access. When I am connected to the VPN I am unable to access local network. IE can't print to printers or access mapped network drives. 

 

My network topology is as follows:

 

ISP Modem cat 5 to > RV160 WAN Port (RV160 172.16.10.1) LAN 1 to > Linksys MX400 Wireless Router 192.168.2.1. The Linksys MX400 handles internet access for all my wired and wireless devices. 

 

The RV160 Configuration: WAN Settings: IPv4 Settings: Connection Type: DHCP DHCP Settings: Use DHCP Provided DNS Server > Dynamic DNS Enabled using No-ip.com account. > VLAN Settings: VLAN ID: 1, Name: Default, Inter-VLAN Routing: Enabled, Device Management: Enabled, IPv4 Address/Mask: 172.16.10.1/24, 255.255.255.0, DHCP Server 172.16.10.100-17.16.10.149 > Static Routing: Network: 192.168.2.0, Mask: 255.255.255.0, Next Hop: 172.16.10.2, Hop Count: 1, Interface: VLAN 1 > Entry 2: Network: 10.1.4.0, Mask: 255.255.255.0, Next Hop: 192.168.2.0, Hop Count: 1, Interface: WAN > Firewall: NAT: Interfaces: WAN, Enable NAT: Yes

 

VPN is configured as follows: OpenVPN is Enabled, Interface: WAN, Client Address Pool: 10.1.4.0, Netmask: 255.255.255.0, Protocol: UDP, Port: 1194, Encryption: AES-256, Tunnel Mode: Split Tunnel with following IP Address: 172.16.10.0  255.255.255.0 and 192.168.2.0  255.255.255.0

 

I am able to connect to the VPN. I am also able to RDP into a PC on my network using 172.16.10.2 and the port number. 

However, when not connected to the VPN and just on my local network, when I login to the RV160 and go to: Administration > Diagnostic > Ping or Trace on IP Address and I attempt to ping the Linksys Router (192.168.2.1) the network is unreachable. 

 

But if I go to CMD on Windows PC while connected to local network and ping 192.1682.1 or 172.16.10.1 I get replies as i should.

1 REPLY 1
nagrajk1969
Beginner

1. who or what is 172.16.10.2? 

a) from your description of the static-route entry you have added in RV160 for reaching the network 192.168.2.0/24, you have mentioned that the next-hop is configured as 172.16.10.2

b) So is this 172.16.10.2 a router? Or is it a windows-host configured with 2 interfaces - 1 interface configured with 172.16.10.2 and another interface configured with a ipaddr as 192.168.2.x????

- iam assuming that you have tried to configure a windows-host (with 2 interfaces ) as a router...becos you have mentioned that you are able to connect RDP to 172.16.10.2 from the openvpn client after the vpn-tunnel is UP

 

2. Is this below your present setup/deployment?

 

(lan-wireless-hosts)-----lan[LinksysRouter]192.168.2.1/wan-----192.168.2.x[Internal-Router]172.16.10.2---10.1/vlan1[rv160]wan--------(Internet)

 

a) I wonder why you did not connect the Linksys-Router wan interface directly to the LAN1 port of RV160 AND configured it a ipaddress of 172.16.10.2???

- why did you introduce a internal-router in between the Linksys-router and RV160?

 

3. One more thing, immediately delete the Static-Route Entry2 (for network 10.1.x.x), its unnecessary and its wrong to add this route. 

- when you configure openvpn-server with the ip-pool 10.1.x.x, it knows how to route to the clients (via the wan interface)- you dont assume that you need to add a explicit route additionally...remove it!

 

4. As for you being able to reach 192.168.2.1 from a windows-host in the lan-network ...which windows-PC are you talking about?..is this the same PC with the ipaddress 172.16.10.2 (and also has one more interface with the ipaddr in 192.168.2.x network??)????

 

5. I would very strongly recommend and suggest the following:

 

Suggestion-1:

 

lets assume that:

- the lan-side network behind Linksys-router is 192.168.100.0/24, and the lan-interface ipaddr of Linksys-router is configured as 192.168.100.1/24

- also lets assume that all the wireless-hosts and other lan-hosts conneted to lan-network of Linksys-router are configured with the ipaddr in the network 192.168.100.x/24 AND very importantly their Def-Gateway ipaddr is configured as 192.168.100.1

 

step-a) Instead of a Internal-Router (that too a windows-PC!!!????), as mentioned by me above, you should configure the wan-interface of Linksys-router with the ipaddr 172.16.10.2/24 (and default-gw 172.16.10.1) and connect it directly to the lan1 port of RV160....

 

step-b) and once you have connected as in step-a above, add a static-route entry in RV160 for  192.168.100.0/24 and next-hop is 172.16.10.2 (the Linksys-Router wan ipaddr)

 

c) In the split-tunnel config in OpenVPN server on RV160, add the 2 subnets 172.16.10.0/24 and 192.168.100.0/24 

d) thats all you will need to do for the openvpn clients to access the 192.168.100.x network & 172.16.10.x network after establishing the vpn-tunnel

 

Suggestion-2:

No you dont want to follow suggestion-1 and insist on using the Internal-router connectivity that is deployed now...then please enable IP-Routing/IP-Forwarding on the Windows-Router that you have configured...this has to be done in registry...its NOT enabled by default..thats windows for you

 

OR the better method would be to replace the Windows-Router with a Linux-Host (say a Ubuntu-Linux) and it has IP-Forwarding/IP-Routing enabled by default...and will route traffic between its directly-connected interfaces (172.16.10.2 and 192.168.2.x) easily