Reply
New Member
Posts: 4
Registered: ‎07-14-2016

Access to remote subnets through VPN

[ Edited ]

Hello all,

First time post.

 

We have a IPsec VPN created between a remote site B(11.2.97.0/24) that connects to our main office site A(11.2.60.0/23).  

That connection works no problem.   We cannot connect starting at site B through to A to other subnets connected directly to A

A has multiple subnets that are connected to it including C(11.2.83.0/24), D(11.2.81.0/24) and so on.

 

When we try to tracert through a computer on the B network and try to connect to a computer on C or D which are subnets directly connected to A, it fails to go over the VPN.  The request goes out over the local internet instead of through the VPN tunnel.

 

How do you tell the Edgerouter to send this traffic through the VPN to A then the remote subnet?

 

Thanks in advance

Regular Member
Posts: 547
Registered: ‎01-06-2017
Kudos: 113
Solutions: 47

Re: Access to remote subnets through VPN

[ Edited ]

 

You need to create a new/additional tunnel in the IPSEC config between A & B that includes subnet pairs for A and C that you want connected. This needs to be done for every pair of subnets that you want connected. I you have a lot of subnets, you can use a route-based VPN or GRE tunnel.

 

 

New Member
Posts: 4
Registered: ‎07-14-2016

Re: Access to remote subnets through VPN

[ Edited ]

Is this how you would initiate that in the GUI?

 

 Peers.jpg

 

Regular Member
Posts: 547
Registered: ‎01-06-2017
Kudos: 113
Solutions: 47

Re: Access to remote subnets through VPN

 

In principle, yes.  You need the mirror image on the other end of the VPN.

 

However, the tunnel specifications would normally include private LAN IP subnets and those don't look like private subnets I've seen before.

New Member
Posts: 4
Registered: ‎07-14-2016

Re: Access to remote subnets through VPN

[ Edited ]

Would that mirror be on the Site A router VPN config?  C doesnt have a vpn config and is directly connected to A.  Those are private subnets that we had to follow suit with the parent company.  They have been in place for 20 years.  

 

 

Highlighted
Regular Member
Posts: 547
Registered: ‎01-06-2017
Kudos: 113
Solutions: 47

Re: Access to remote subnets through VPN

 


@OMHD wrote:

Would that mirror be on the Site A router VPN config?  C doesnt have a vpn config and is directly connected to A.  Those are private subnets that we had to follow suit with the parent company.  They have been in place for 20 years.  

 

 


Yes. The tunnels need to match-up on both sides of the IPSEC config, except local and remote are swapped on routers B and A.

 

It actually doesn't matter how the subnets are connected to router A.  They can be directly connected to the router, at another site via another IPSEC tunnel, remote clients on L2TP connections, etc.

New Member
Posts: 1
Registered: a week ago

Re: Access to remote subnets through VPN

I work with OMHD, we don't have a public IP at site C can we not force traffic to route from site B to A to C?


@stshaw wrote:

 


@OMHD wrote:

Would that mirror be on the Site A router VPN config?  C doesnt have a vpn config and is directly connected to A.  Those are private subnets that we had to follow suit with the parent company.  They have been in place for 20 years.  

 

 


Yes. The tunnels need to match-up on both sides of the IPSEC config, except local and remote are swapped on routers B and A.

 

It actually doesn't matter how the subnets are connected to router A.  They can be directly connected to the router, at another site via another IPSEC tunnel, remote clients on L2TP connections, etc.


 

Reply