Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2842
Views
0
Helpful
12
Replies

VPN Tunnel - Can't see networks

julifdela
Level 1
Level 1

‎05-16-2016 08:50 PM

Hi,


I created a VPN network between office #1 (RV325 - 10.0.10.1/255.255.255.0) and office #2 (RV130W - 10.0.1.1/255.255.255.0). The VPN seems to be working well. Both routers can ping each other and I can ping from one office computer to the router of the opposite office successfully.


The problem I'm having is not being able to see from one office into the other office beyond the router. I'm under the impression the missing link might be setting up static routing tables correctly but I have not been able to successfully do that. The current routing tables are shown on the attached pictures as well as the section where to modify them.


Any help and guidance on how to make both offices visible to each other is greatly appreciated. The objective is to be able to access equipment across both offices. For instance, computer on office #1 can see and print on printer in office #2 and the other way around from the other office.


Thanks in advance.

Labels:
Preview file
412 KB
Preview file
175 KB
Preview file
192 KB
Preview file
325 KB
0 Helpful
12 Replies 12

Borgenstrand
Level 1
Level 1

‎05-17-2016 02:59 AM

Hi,

when you ping from office1 computer to the router on the other side, do you ping on the external IP or the internal IP 10.0.1.1?

Can you show the VPN local group and remote group on RV130W, so we can verify the IP addresses mirror the other side?

0 Helpful

julifdela
Level 1
Level 1
In response to Borgenstrand

‎05-17-2016 03:06 AM

Hi Borgenstrand,

The ping is done to to the internal IP of each office. So router in office #1 can ping internal IP of router on office #2 and the other way around too.

Is what you are asking what I uploaded on image rv130w_tunnel.png on previous post?

0 Helpful

Borgenstrand
Level 1
Level 1
In response to julifdela

‎05-17-2016 03:13 AM

Hi,

Yes, I saw that now. So, the Ping traffic can go over the VPN tunnel.  

The printers you use, do you connect to them using their domain name or an IP address?

0 Helpful

julifdela
Level 1
Level 1
In response to Borgenstrand

‎05-17-2016 03:23 AM

Hi Borgenstrand,

Printers are IP based.

Attempting to do a ping from any computer on on office to any computer in the opposite office fails. No device can see anything on the opposite network other that the opposite router.

0 Helpful

Borgenstrand
Level 1
Level 1
In response to julifdela

‎05-17-2016 03:52 AM

Office1 RV325. 10.0.10.0/24
Office2 RV130W. 10.0.1.0/24
The VPN connection itself looks good.

If you do a tracert from an computer in Office1 to an IP in Office2 subnet, when does it stop?

From Office1, you can access the internet correctly right?
Same from Office 2?
I am thinking about your NAT config.

0 Helpful

julifdela
Level 1
Level 1
In response to Borgenstrand

‎05-17-2016 11:36 AM

Tracert gets stuck on the local router. Did tracert from computer 10.0.1.109 to 10.0.10.100

Both offices can access internet. Each one has it' own WAN

Preview file
28 KB
0 Helpful

Borgenstrand
Level 1
Level 1
In response to julifdela

‎05-17-2016 12:20 PM

For me, it seems like the traffic gets nat'ed and then your ISP on Office1 side gets a packet to destination 10.0.10.100 so it drops it. Normally the "interesting traffic" should get denied from being nat'ed so it goes over the VPN tunnel instead. 

On RV130w, can you go to IPSec Connection Status under Advanced VPN Setup?

0 Helpful

julifdela
Level 1
Level 1
In response to Borgenstrand

‎05-17-2016 12:24 PM

IPSec Status on RV130W attached

Preview file
238 KB
0 Helpful

Jebadhas_John
Level 1
Level 1
In response to julifdela

‎05-26-2016 04:59 AM

Hi,

Are the resources in office 1 and 2 that you wish to access from each other site part of their respective Native VLAN?

If they are not try checking access to a resource which is on native VLAN of each site from the other site and share your findings.

Jeb

Toronto

0 Helpful

Yasien Adams
Level 1
Level 1

‎05-25-2016 05:25 AM

Hello julifdela,

Did you end up fixing this problem?

All you needed to do was configure your ACL's to first deny the traffic between the sites, then permit it. (no NAT)

0 Helpful

julifdela
Level 1
Level 1
In response to Yasien Adams

‎05-25-2016 12:47 PM

Hi Yasien,

I haven't been able to solve the issue yet. I did add some rules to the routers to allow access but it didn't work. Wondering if you could take a look at the attached images and let me know if you see it being configured wrong.

Office1 RV325. 10.0.1.0/24

Office2 RV325. 10.0.10.0/24

Preview file
175 KB
Preview file
188 KB
0 Helpful

Yasien Adams
Level 1
Level 1
In response to julifdela

‎05-25-2016 11:09 PM

Hi hard to tell from those shots.

I would break the VPN config on both sides, and re-do again with the wizard.

Delete all reference to each site in the ACL lists.

The wizard should re-create the VPN tunnel with appropriate NAT config.

also, what are the 192.168.x.x networks in your list?

0 Helpful
Customers Also Viewed These Support Documents