Search this Blog

Thursday, November 10, 2011

VPN 2 ISP's Main Office - 1 ISP BranchOffice Gateway Problem

We currently have an exchange server located at our head office IP address 192.168.0.10 with a Cisco Firewall/modem at gateway address 192.168.0.254. Connecting to the Internet picking up exchange mail and web browsing for the PC’s attached to Head office
We recently installed an additional Cisco VPN Router at address 192.168.0.253 (head Office) with its own isp connection to allow the remote office to connect ot our server and hopefully access exchange mail, accounting software etc.

A VPN Tunnel has been setup between Head office and the remote office; the tunnel stays connected and works fine. We can ping or connect to any computer at the remote office from the head office.

The problem is that we can’t ping or connect to any computers at the head office from the remote site that don’t the have the Cisco’s VPN Router’s IP address of (192.168.0.253)

The IP range at the Remote Office is 192.168.12.1-254 Gateway Address is 192.168.12.1

We can ping any Computer at head Office from the remote Office if the gateway address in the PC at the Head Office is changed to 192.168.0.253
Is there any way to translate IP address’s to allow access to Servers/printers at the Head Office from the Remote Office?
Remote Office IP Range
192.168.12.1 - 192.168.12.254
DNS Server (Windows 2008 Standard Server) 192.168.12.20
Gateway Ip 192.168.1.1

Head Office IP Range
192.168.0.1 – 192.168.0.254
DNS Server (Windows 2003 Standard Server) 192.168.0.254
Gateway Ip 192.168.0.10

Other Severs I need to get access to Head Office from the Remote Office
192.168.0.10 Exchange/active directory server
192.168.0.20 Aristocrat Database Server
192.168.0.4 Document Server

Routers – Cisco 8-Port VPN Routers Model No RV082

Looks like you have a routing issue at the head office.

Basically, you have two different routers, but only one default route - so, since you don't have an entry for the network at the remote end, the traffic is sent to the default gateway - which doesn't know where to send the traffic, so drops it off.

You can do one of two things.

1) Connect the two routers to the same layer 2 domain (which it seems you may have already), and put a static route into the device at 192.168.0.254 basically saying "anything for network 192.168.12.0/24, send via 192.168.0.253" - not sure of the exact format for this because I've not worked with these apparent Linksys devices before, but on an IOS router you would do something like

ip route 192.168.12.0 255.255.255.0 192.168.0.253

on the device at 192.168.0.254

2) Put a static route for the 192.168.12.0/24 network into every device/PC/server on the 192.168.0.0 network - in a windows machine it goes something like this

route add -p 192.168.12.0 mask 255.255.255.0 192.168.0.253

Option 1 is easier and has the benefot of only needing to be done on one device, but may lead to issues with redirects or traffic load levels on your main router.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

2 comments :

  1. I like this site its a master peace ! Glad I noticed this on google .
    Software Akuntansi Laporan Keuangan Terbaik

    ReplyDelete
  2. since you don't know an content for the meshing at the remote end, the interchange is sent to the nonpayment gateway 338a | agen bola | agen sbobet | bola tangkas | casino sbobet | liga champion | prediksi bola | cool mobile gagdet | Jasa SEO | Jasa SEO Profesional

    ReplyDelete

 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */