Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1243
Views
0
Helpful
2
Replies

Cannot add static route on RV130

daniels
Level 1
Level 1

‎08-22-2016 03:30 PM

Hi, this is my scenario

(Please see the attached image for further details)

Headquarters
LAN subnet 192.168.1.0/24
WAN with Static IP 200.40.221.15
1 site-to-site VPN with 3rd party site (172.25.12.149)

Branch (Cisco RV130 Firmware 1.0.13.0)
LAN subnet 192.168.2.0/24
WAN with Dynamic IP over PPPoE
1 site-to-site VPN with Headquarters

Results
Traffic from Headquarters(192.168.1.0/24) to 3rd party(172.25.12.x) is routed through Headquarters-to-3rd VPN. Correct.
Traffic from Branch (192.168.2.0/24) to Headquarters(192.168.1.0/24) is routed through Branch-Headquarters VPN. Correct.
Traffic from Branch (192.168.2.0/24) to 3rd party(172.25.12.x) SHOULD be routed through Branch-Headquarters VPN, but it gets sent through Internet.

So, I think I should a static route with the following information:

Destination LAN IP: 172.25.12.x (the 3rd party host I want to reach)
Subnet Mask: 255.255.255.0 (common subnet mask for all gateways)
Gateway: ??? (What should I set here?)

No matter what I specify I keep getting "Invalid static route" message

How should I setup the static route?

2 people had this problem
Labels:
Preview file
253 KB
0 Helpful
2 Replies 2

Terence Payet
Level 1
Level 1

‎08-23-2016 12:43 AM

Hi,

If you are terminating your site to site vpn on your cisco device then you need to add the interesting traffic via the tunnel. In other words you will need to add the below in your site to site ACL.

ip access-list extended SITE_TO_SITE

 permit ip 192.168.1.0 0.0.0.255 host 172.25.12.149

This needs to be configured on the remote site as well. So the third party will need to add the interesting traffic on their side as well.

HTH.

Please rate helpful post.

Regards,

Terence

0 Helpful

daniels
Level 1
Level 1
In response to Terence Payet

‎08-23-2016 06:24 AM

Thanks for your time to answer.

I'm sorry but I have some additional questions:

1) I don't have CLI command window in the GUI. How can I execute such commands?

2) If my understanding is correct, I should execute such commands in Branch, Headquarters and 3rdParty. Why should I run them in 3rdParty since all the traffic to it would arrive from the Headquarters, which is something that is already working?

3) What about the static route? Would it be only necessary the ACL change? Should I set up a static route (which is what I'm unable to do)?

Thanks

0 Helpful
Customers Also Viewed These Support Documents