Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1998
Views
0
Helpful
5
Replies

VPN between selected VLANS - RV320

jakovmisura
Level 1
Level 1

‎10-22-2014 02:45 AM

Hi all,

I use Cisco RV320 routers.

My VPN tunnel is established. I have multiple VLANs on each router, and I want only specified VLANs to use tunnel.

(I want VLAN 192.168.0.0 on router Lab to comunicate with 192.168.7.0 VLAN on router Pha)

 

Router name Lab - config

Local Group Setup
Local Security Gateway Type:IP only
IP Address:XXX.XXX.XXX.XXX
Local Security Group Type:Subnet
IP Address:192.168.0.0
Subnet Mask:255.255.255.0
Remote Group Setup
Remote Security Gateway Type:IP only
IP addressXXX.XXX.XXX.XXX
Remote Security Group Type:Subnet
IP Address:192.168.7.0

Subnet Mask

255.255.255.0

 

 

Router name Pha - config 

Local Group Setup
Local Security Gateway Type:IP only
IP Address:xxx.xxx.xxx.xxx
Local Security Group Type:Subnet
IP Address:192.168.7.0
Subnet Mask:255.255.255.0
Remote Group Setup
Remote Security Gateway Type:IP only
IP Addressxxx.xxx.xxx.xxx
Remote Security Group Type:Subnet
IP Address:192.168.0.0
Subnet Mask:255.255.255.0

 

With this configuration, I can ping from 192.168.0.0 to 192.168.7.0, but not from 192.168.7.0 to 19.168.0.0

When I change configuration and set everywhere 192.168.0.0, and subnet 255.255.0.0, it work's but

all VLAN networks, on both routers can use VPN tunnel and that is not what I need.

 

Do you have any suggestions to help me?
If you need any other information please ask me?

Labels:
0 Helpful
5 Replies 5

Kremena Ivanova
Cisco Employee
Cisco Employee

‎10-23-2014 12:21 PM

Hi,

 

Once the tunnel is establish can you test to ping the LAN IP address of each router from remote side PC. Meaning from LAN 192.168.7.X PC try to ping 192.168.0.1 (assuming that this is the IP of the route).  If this ping receive reply this would mean that the VPN tunnel is ok and the problem is purely routing issue.

 

Regards,

Kremena

 

0 Helpful

imrshaik
Level 4
Level 4
In response to Kremena Ivanova

‎06-27-2015 03:27 PM

What if the tunnel shows established however the pings are not successful? what would you suggest would be a good way to troubleshoot?

0 Helpful

Kremena Ivanova
Cisco Employee
Cisco Employee
In response to imrshaik

‎06-29-2015 05:19 AM

You have to specify which ping is not successful:

-if ping to the remote gateway is not successful this could mean that the tunnel is not established at all, though it shows the opposite. It could be PFS mismatch. Or ESP filtered packets by the device infornt if any of the site is behind NAT

-if ping to a machine behind the router is not successful, this could be firewall on the PC itself or routing issue - usually when the gateway on the PC is not the router configured with the VPN

 

Regards,

Kremena

 

0 Helpful

imrshaik
Level 4
Level 4
In response to Kremena Ivanova

‎06-30-2015 05:16 AM

Ping to remote gateway is not successful

https://supportforums.cisco.com/discussion/12543461/rv325-rv325-vpn-routing-issue

0 Helpful

Ismael Arroyo
Level 1
Level 1

‎10-24-2014 10:56 AM

Jako,

 

Have you tried creating site to site tunnels for those different subnet/Vlans?

Reason all Vlans work is because you are using a class b subnet mask of 255.255.0.0 therefore you are using Network 192.168.x.x as suppose to a class c subnet mask of 255.255.255.0 which would be network of 192.168.0.x. So now all vlans are in tunnel communication would be seen in the 192.168.x.x.

 

Please mark or endorse this post if this helps you!

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents