cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.
Get the latest news in this issue of the Cisco Small Business Monthly Newsletter

1172
Views
0
Helpful
10
Replies
Beginner

RVL200 IPSEC: Channel all or some data traffic through tunnel, possible?

Is it at all possible to channel all/some data traffic through an established ipsec tunneled connection using the RVL200?

I have successfully established an ipsec connection through RVL200 and RV042 routers and are able to connect to servers/computers behind it.

Now I want to channel all or some traffic through the ipsec-tunnel for computers that reside on 192.168.1.0 subnet of RVL200 network.

Main office - RV042 router - 10.200.62.1

Remote office - RVL200 router - 192.168.1.1

I am trying to use the Advanced Routing option to add static routes but I am not 100% sure if I am configuring the routes correctly.

To give an example of routing DNS requests for HOTMAIL.COM [65.55.72.183]:

Destination IP - 65.55.0.0

SM - 255.255.0.0

GW - 10.200.62.1

Hop - 1

Interface - LAN

For some reason this does not appear to work. I have also tried using the interface setting of WAN and tested - this also does not work.

Can this be done? If anyone has tried doing this I would be very interested in finding out how to configure this.

Cheers.

MP

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Rising star

Re: RVL200 IPSEC: Channel all or some data traffic through tunne

The Linksys RVL200 or RV042 does not support Split DNS over IPsec tunnel, which seems to be what you need. You might consider upgrade the routers to the Cisco Small Business RV0xx routers, which do support Split DNS over IPsec. 

View solution in original post

10 REPLIES 10
Highlighted
Beginner

Re: RVL200 IPSEC: Channel all or some data traffic through tunne

I came across the below information from the routers help page:

This    Router is also capable of dynamic routing (see the Dynamic Routing tab). In    many cases, it is better to use dynamic routing because the function will allow    the Router to automatically adjust to physical changes in the network's layout.

In order to use static routing, the Router's DHCP settings    must be disabled.

Is it actually necessary to disable DHCP in order to make static routing work properly?

I have a wireless router connected to the RVL200 which receives a DHCP address.

One thing I also noted was when I add the static route and save, the routes does is not displayed when I click on "Show Routes".

Could do with some pointers.

Highlighted
Rising star

Re: RVL200 IPSEC: Channel all or some data traffic through tunne

>Is it actually necessary to disable DHCP in order to make static routing work properly?

No, it's not necessary. The help info you referred to is incorrect.

Highlighted
Rising star

Re: RVL200 IPSEC: Channel all or some data traffic through tunne

What traffic can go into an IPsec tunnel depends on the definition of the local subnet and remote subnet associated with the tunnel.

Highlighted
Beginner

RVL200 IPSEC: Channel all or some data traffic through tunnel, p

Thank you for confirming that I don't need to disable DHCP in order to get Static Routing to work. I have spent quite a lot of time but for some reason just can't seem to register any static routes because when I look at the table it is not there.

Basically, what I have got setup is a Gateway-Gateway IPSEC tunnel. The configuration of both RV042 and RVL200 does not provide for adding any additional routes. There are two settings Local Group and Remote Group Setups. 

The basic diagram of my network connectivity.

What I am trying to do is enable connectivity to a cloud hosted web based accounting application which is Geo-location restricted. The aim is to route the dns request of 192.168.1.0 clients of www.website.co.uk via the VPN tunnel.

Besides the access to the web application the tunnel is functionally working without issues for Windows AD authentication and print services, its just that I can seem to get the DNS resolution to work.

Highlighted
Rising star

Re: RVL200 IPSEC: Channel all or some data traffic through tunne

The Linksys RVL200 or RV042 does not support Split DNS over IPsec tunnel, which seems to be what you need. You might consider upgrade the routers to the Cisco Small Business RV0xx routers, which do support Split DNS over IPsec. 

View solution in original post

Highlighted
Beginner

RVL200 IPSEC: Channel all or some data traffic through tunnel, p

Tekliu, thank you very much for your reply. It looks like I will have to revert to using a RDP desktop in order to access the application across the VPN to get by until I can get upgrade to newer RV0xx routers. Just one last question.

Please advice if I can get away with replacing only one of the routers, in this case if this is possible which side should I replace first bearing in mind I need the split DNS to work from the remote office where the RVL200 router is sited.

Thanks again!

Highlighted
Rising star

RVL200 IPSEC: Channel all or some data traffic through tunnel, p

RVL200 can be replaced first to test the Split DNS feature on the remote site.

Highlighted
Beginner

Re: RVL200 IPSEC: Channel all or some data traffic through tunne

Because the VPN tunnel is working very reliably and doing what it was meant to do. The Split DNS requirement is not a must have feature because the access to the web application is only required on ad-hoc basis once a month.

As a side note, I was wondering if anyone knows or has tried to overcome hardware split DNS for VPN tunnels by configuring some sort of lite weight DNS service on one of the client PCs at the remote site?

Thanks

Highlighted
Advocate

Re: RVL200 IPSEC: Channel all or some data traffic through tunne

You can statically assigned the DNS server to the computer of a remote DNS IP. However, once the tunnel is down, your local machine won't resolve DNS without being able to reach the DNS.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
Highlighted
Beginner

Re: RVL200 IPSEC: Channel all or some data traffic through tunne

For some reason the DNS IP settings does not seem to work.

I started looking at the option of using the Quick VPN client which appears to have a setting for enabling Remote DNS.

I have setup a test user on both the RV042 and RVL200 to test if I can overcome the Split DNS limitation. But for some reason I can't connect to either of the two routers. I have installed the client on a 64bit Windows 7 client machine which has the Windows Firewall service enabled.

I keep getting the below error, there is no conflict with the IP address scheme and the password is correct.

Could it be this new client does not support the older Linksys badged RV0xx routers? Because Split DNS is only supported on v3 hardware. The firmware on my RVL200 is v1.1.12 .1.

What should I check to enable connectivity using this client? Or is because it does not support 64bit WIndows 7? I have even exported the certificates for both Admin and User into the C:\Program Files (x86)\Cisco Small Business\QuickVPN Client folder.