Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
328
Views
0
Helpful
2
Replies

VPN with different default gw

ireofunes
Level 1
Level 1

‎02-02-2006 09:34 AM - edited ‎02-21-2020 02:14 PM

Hi everybody,

I have done a national VPN with cisco series 800 router using site-to-site GRE

tunneling option.

All works fine I can ping any computer of any vpn but i have a little

problem.

I need to show you how is the netwok first:

Network A

192.168.1.0/24

cisco871 (VPN)

192.168.1.50

default gw

192.168.1.254

Example PC A

192.168.1.10

Network B

192.168.34.0/24

cisco871(VPN)

192.168.34.254

default gw

192.168.34.254

Example PC B

192.168.34.10

As you can see the problem is that in the network A I have a default gw

different from the cisco871 vpn.

So if I set default gw on PC A as *.254, then PC B is unalbe to ping PC A,

while PC A is always able to ping PC B.

But if I set gw of PC A as *.50 then all works fine.

I use a linux box as firewall as 192.168.1.254 as default gw, I also put a

route table to route any packets coming from 192.168.34.0/24 network

throught 192.168.1.72 (cisco 871 VPN).

But that seems not to work :/ I mean if i ping from PC B any computer in the

first network none reply :/

Please help me!

thanks for any advice

ireo

Labels:
0 Helpful
2 Replies 2

Patrick Laidlaw
Level 4
Level 4

‎02-02-2006 06:22 PM

Ireo,

Set your default gateway pointing towards your router. Then set your routers default gateway as the Linux FW, Add one more route out the external interface of the router for its normal gateway point to your other router.

So Hosts would put there GW point to the router

so RTR A would have these routes

ip route 0.0.0.0 0.0.0.0 192.168.1.254

ip route 192.168.34.0 255.255.255.0 external Gateway

ip route RTRB outside ip address 255.255.255.255 external gateway

Then do the reverse on the other router if you have a similar setup.

Please rate any posts that are helpful.

Patrick

0 Helpful

ireofunes
Level 1
Level 1
In response to Patrick Laidlaw

‎02-07-2006 02:02 AM

Thank you very much for your fast reply Patrick, but i would like not to change default GW on any of my client, neither put other route on each client.

But I follow your advice and I put only these two ip route on Router A:

ip route IpRouterB 255.255.255.255 FastEthernet4

ip route 192.168.34.0 255.255.255.0 Tunnel0

So in any client from first network (192.168.1.0) can ping second network (192.168.34.0) without put as gw router A but linuxFW.

But remain the problem that from network B i can't ping host of network A is they have not the right router A as gw.

That's wierd! I would like to figure out why!

thanks a lot again patrick

0 Helpful
Customers Also Viewed These Support Documents