cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Please be advised, the GuideMe Wizard is no longer available on the Small Business Support Community. For search capability please use the community search field to find content related to Cisco Small Business documents, videos, and discussions.
1081
Views
0
Helpful
13
Replies
Highlighted
Beginner

RV320 VPN Gateway to Gateway : how to route another VLAN into the tunnel ?

Hello all,

 

Here is the technical situation :

 

FAL.png

 

Everything is working as intended except routing VLAN 2 subnets through the VPN tunnel :

- I cannot reach 172.31.173.0 subnet from site A

- I cannot reach 172.31.172.0 subnet from site B

 

Please note :

- Reaching 172.31.172.0 network hosts from Cisco RV320 on site A is working

- Reaching 172.31.173.0 network hosts from Cisco RV320 on site B is working

- L3 switches are the default gateway for all hosts on their respective subnets

 

So I don't succeed to route 172.31.172.0 and 172.31.173.0 subnets through VPN tunnels.

 

What am I missing ?

 

In advance, a big thank to those who will spend some time on this problem :-)

 

Denis

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Re: RV320 VPN Gateway to Gateway : how to route another VLAN into the tunnel ?

Hello Georg,

 

I finally found the solution by myself.

 

The keypoint is that RV320 seems to be unable to route trafic for a VLAN of which is not a member of.

 

So on each RV320 :

  • I enabled VLANs
  • I added a second interface on corresponding VLAN 2
  • I ensured VLAN 2 interface was matching the local group of the second IPSec tunnel.
  • I removed static routes

The working configuration schema becomes then :

 

2018-12-03_19h54_38.png

 

Thanks again for your assistance.

 

Best regards,

 

Denis

13 REPLIES 13
VIP Mentor

Re: RV320 VPN Gateway to Gateway : how to route another VLAN into the tunnel ?

Hello,

 

what does your Local and Remote Group setup look like (page 83 thru 85 in the attached guide) ?

 

https://www.cisco.com/c/dam/en/us/td/docs/routers/csbr/rv320/administration/guide/en/rv32x_ag_en.pdf

Beginner

Re: RV320 VPN Gateway to Gateway : how to route another VLAN into the tunnel ?

Hello Georg,

 

Here they are with details (sorry for bad quality pictures).

 

Site A :

 

2018-11-26_09h47_50.png

2018-11-26_09h50_17.png

2018-11-26_09h52_52.png

 

Site B :

 

 

2018-11-26_09h57_45.png

2018-11-26_09h59_46.png

2018-11-26_10h04_24.png

 

One thing I would like to point out is the different traceroute results between site A and site B. It seems that the RV320 in site A does not forward packets to VLAN 2 of site B through its VPN tunnel but I cannot find the culprit in the GUI :

 

From site A (VLAN 1) to site B (VLAN 2) :

 

 

2018-11-26_10h08_26.png

 

From site B (VLAN 1) to Site A (VLAN 2) :

 

 

2018-11-26_10h17_47.png

 

Thanks for your help. Very much appreciated :-)

 

Denis

 

 

VIP Mentor

Re: RV320 VPN Gateway to Gateway : how to route another VLAN into the tunnel ?

Hello,

 

stupid question maybe, but I assume both devices are in gateway mode ?

 

Can you try and enable RIPv2 and check the routing table (page 41 of the attached guide) ?

 

Your traceroute show the public IP address, which should not be visible at all. How is your NAT setup ?

Beginner

Re: RV320 VPN Gateway to Gateway : how to route another VLAN into the tunnel ?

Re,

 

No stupid questions, only stupid answers ;-)

 

So yes indeed, both RV320 are in GW mode.

 

Site A :

2018-11-26_11h07_40.png

2018-11-26_11h10_19.png

 

2018-11-26_11h11_45.png

Site B :

2018-11-26_11h14_17.png

2018-11-26_11h15_19.png

2018-11-26_11h16_17.png

 

As suggested I tried to enable RIPv2 but that did not solve the problem...

2018-11-26_11h21_40.png

==> So I revert back to RIP disabled.

 

Thanks,

 

Denis

Beginner

Re: RV320 VPN Gateway to Gateway : how to route another VLAN into the tunnel ?

Should I redo the RV320 config of Site A from scratch ?

VIP Mentor

Re: RV320 VPN Gateway to Gateway : how to route another VLAN into the tunnel ?

Hello,

 

I cannot tell from your screenshoys what the tunnel endpoints are. Do the static routes have the other end of the tunnel as the next hop, on both sides ?

Beginner

Re: RV320 VPN Gateway to Gateway : how to route another VLAN into the tunnel ?

Yes, they have both the RV320 LAN IP from other site as the next hop.

 

Site A :

2018-11-26_11h07_40.png

 

Site B :

2018-11-26_11h14_17.png

 

If you need more informations or value hidden in a picture, I can send it to you in PV ...

 

Best regards,

 

Denis

VIP Mentor

Re: RV320 VPN Gateway to Gateway : how to route another VLAN into the tunnel ?

Hello Denis,

 

I am looking at some other posts. Can you check your Dual WAN setting (System Management --> Dual WAN, page 56 of the guide) ? Make sure you select Smart Link Backup (Load Balance is the default, so you have to manually change that)...

 

 

Beginner

Re: RV320 VPN Gateway to Gateway : how to route another VLAN into the tunnel ?

Georg,

 

Again, many thanks for the time you are spending on this case. This is very much apreciated !

 

So as asked, I switched Dual Wan Load Balance Mode to Smart Link Backup on both sites :

 

2018-11-26_14h08_18.png

 

Unfortunately that did not solve the problem. However I kept this setting as it because you advised me to do so.

 

Denis

VIP Mentor

Re: RV320 VPN Gateway to Gateway : how to route another VLAN into the tunnel ?

Hello Denis,

 

below is the link to the post that suggested to change the Dual WAN setting. There are some other suggestions, you might want to read through that and see if it helps...

 

https://community.cisco.com/t5/small-business-routers/cisco-rv320-to-rv320-gateway-to-gateway/m-p/3365988

Beginner

Re: RV320 VPN Gateway to Gateway : how to route another VLAN into the tunnel ?

Hello Georg,

Unfortunately the problem remains : unable to route 172.31.x.x trafic between both sites.

 

  • Changing the Dual Wan settings from default value to Smart Link does not solve the problem ; I switched back to the default value.
  • Nor with Aggressive mode (already enabled)
  • Nor by enabling NAT transversal (switched back to disabled)
  • Nor by disabling "Block WAN request" in FW settings (reverted back to enabled)

By the way, what I pointed out before, regarding the different results in the traceroute tests between site A and B is not revelant (actually this is coming from the different behavior of equipments beyond the FW because of different provider). It is now cleary appearing to me that both routers RV320 do not forward 172.31.x.x trafic through the VPN tunnel but route it through the internet connection...

I am really wondering what's wrong in my setup... RV320 should normally be able to handle that without any problem.

Any further help would be really appreciated :-)

 

Denis

Beginner

Re: RV320 VPN Gateway to Gateway : how to route another VLAN into the tunnel ?

Hello Georg,

 

I finally found the solution by myself.

 

The keypoint is that RV320 seems to be unable to route trafic for a VLAN of which is not a member of.

 

So on each RV320 :

  • I enabled VLANs
  • I added a second interface on corresponding VLAN 2
  • I ensured VLAN 2 interface was matching the local group of the second IPSec tunnel.
  • I removed static routes

The working configuration schema becomes then :

 

2018-12-03_19h54_38.png

 

Thanks again for your assistance.

 

Best regards,

 

Denis

VIP Mentor

Re: RV320 VPN Gateway to Gateway : how to route another VLAN into the tunnel ?

Hello Denis,

 

good stuff, glad that you found the solution, I will definitely keep it on file.