Subnet multisite VPN connected routing

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Subnet multisite VPN connected routing

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Subnet multisite VPN connected routing
Subnet multisite VPN connected routing
2022-02-05 09:09:09
Model: OC200  
Hardware Version: V1
Firmware Version: 5.0.30

Hi all,

I have a background in network administration and systems management, so I have a decent idea of how this should work, nevertheless I am miserably failing to set up our WAN the way it is supposed to work.

My situation:

I have multiple small sites connected by VPNs to our central office, in a classic star topology, with the main office router acting as a small VPN concentrator (there are only 4 branches).

Each site has a router, one or more switches and APs, and a local hardware controller.

Everything seems to work, VPNs are up and running and the whole system seems reliable.

Unfortunately I can connect to each of the branches from our main office, and the way around, but I can't connect the branches between each other, even if I supposedly configured the whole network routing correctly.

I set up static routes from each subnet (each branch has its own subnet) to the others, with the IP of the main office gateway as first hop.

The same way around, I configured static routes from the main gateway to the branches, even if I guess the path should be automatic, because it's a local link.

I also set up an ACL policy in the main router to allow traffic between the branches, but unfortunately it doesn' t work.

What am I missing? Any idea?

Thank you in advance

  0      
  0      
#1
Options
3 Reply
Re:Subnet multisite VPN connected routing
2022-02-07 12:31:05

Dear @WideVisions ,

 

WideVisions wrote

My situation:

I have multiple small sites connected by VPNs to our central office, in a classic star topology, with the main office router acting as a small VPN concentrator (there are only 4 branches).

Each site has a router, one or more switches and APs, and a local hardware controller.

Everything seems to work, VPNs are up and running and the whole system seems reliable.

Unfortunately I can connect to each of the branches from our main office, and the way around, but I can't connect the branches between each other, even if I supposedly configured the whole network routing correctly.

I set up static routes from each subnet (each branch has its own subnet) to the others, with the IP of the main office gateway as first hop.

The same way around, I configured static routes from the main gateway to the branches, even if I guess the path should be automatic, because it's a local link.

I also set up an ACL policy in the main router to allow traffic between the branches, but unfortunately it doesn' t work.

 

If you use the PPTP/L2TP VPN LAN-to-LAN network, then wish these information can help you as below:

 

1. Configure PPTP/L2TP VPN LAN-to-LAN network, make sure VPN Server has built the connections with each Clients

2. Configure static routing based on VPN interface, and the Destination IP is configured as LAN IP address of other Clients, the Next Hop is configured as Local IP Address of VPN Server or 0.0.0.0.

3. Each Client connect with Server via individual VPN link, generally in different subnet.

 

Normally this scenarios is not recommended to adopt in the network, since many secure configurations such as ACL would not take effect for PPTP-L2TP VPN, thus may affect the security of your network.

 

Best Regards!

  0  
  0  
#2
Options
Re:Subnet multisite VPN connected routing
2022-02-07 13:32:09

@Hank21 hi and thank you for your answer.

What do you mean with "the next hop is the local IP of the VPN server or 0.0.0.0"?

I set in the static routes, the next hop as the main office gateway's IP (that is also a VPN server), where packets for the other subnets should be forwarded.

The same in each network so each path should be forwarded correctly each way.

0.0.0.0 is the packet destination for the clients, because the packets go to the default gateway of the LAN, but not the destination in the static route.

Or I get something wrong about how this specific setup works?

Kind regards

 

P.S. I understand and appreciate your recommendation about security, but in this case, it is not a big concern, there is no sensitive information in this network.

KIndest regards

  0  
  0  
#3
Options
SOLVED - Re:Subnet multisite VPN connected routing
2022-02-07 13:36:28

@Hank21 Hi, I just checked again after your message, and for a reason I actually don' t understand, the same setup I described in my first message and that wasn't working, now it works flawlessly.

So once more, thank you very much for your help! Kindest regards

  1  
  1  
#4
Options

Information

Helpful: 0

Views: 530

Replies: 3