Home

Forums

Stories

Knowledge Base

Business Community > Routers > static route through VPN

< Routers

static route through VPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

static route through VPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

heals1ic

2015-06-25 15:26:08 - last edited 2021-08-21 04:55:44

Posts: 6

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2015-06-25

static route through VPN

2015-06-25 15:26:08 - last edited 2021-08-21 04:55:44

Region : Argentina

Model : TL-ER6120

Hardware Version : V1

Firmware Version :

ISP :

I have a TL-ER6020 firewall product that I have setup with an IPSec VPN
between 2 sites. Site A <-> Site B

Site A : TL-ER6020 (192.168.0.0/24) with static route to 10.224.14.0/24 via
192.168.10.1 gateway address via WAN1 (hopefully through VPN on that
interface).

Site B : Cyberoam CR35wi (192.168.10.0/24) with working static route to WAN1
interface (192.168.51.1).

My aim is to get traffic from Site A through the VPN via static route to
Site B which will forward through WAN1 interface to network 10.224.14.0/24.
The static route for Site B is working for it's local subnet at present.

10.224.14.18 (destination address) -> Site A (192.168.0.1) -> (static route) -> VPN (WAN1) -> Site B (192.168.10.1) -> WAN1 (192.168.51.0) -> 10.224.14.0/24

Can traffic be routed through the VPN via static route or is there another
way to do it? Or is it not possible with the TL-ER6020?

9 Reply

Tony Seaford

LV5

2015-06-25 17:27:25 - last edited 2021-08-21 04:55:44

Posts: 591

Helpful: 14

Solutions: 1

Stories: 0

Registered: 2015-02-27

Re:static route through VPN

2015-06-25 17:27:25 - last edited 2021-08-21 04:55:44

Report the problem here.
http://ticket.tp-link.com/index.php?/Tickets/Submit

heals1ic

LV1

2015-06-25 17:47:39 - last edited 2021-08-21 04:55:44

Posts: 6

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2015-06-25

Re:static route through VPN

2015-06-25 17:47:39 - last edited 2021-08-21 04:55:44

I have done that and the ticket has not been answered for 36 hours

vpnrouter

LV2

2015-06-25 22:18:32 - last edited 2021-08-21 04:55:44

Posts: 106

Helpful: 1

Solutions: 0

Stories: 0

Registered: 2014-11-22

Re:static route through VPN

2015-06-25 22:18:32 - last edited 2021-08-21 04:55:44

1. You need to provide a better diagram than that.

2. It looks like you have the destination network address on both LAN sides of both routers. If that's the case, routing will never happen.

heals1ic

LV1

2015-06-30 10:53:36 - last edited 2021-08-21 04:55:44

Posts: 6

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2015-06-25

Re:static route through VPN

2015-06-30 10:53:36 - last edited 2021-08-21 04:55:44

Image attached I hope this makes it clearer.

vpnrouter

LV2

2015-07-01 01:10:31 - last edited 2021-08-21 04:55:44

Posts: 106

Helpful: 1

Solutions: 0

Stories: 0

Registered: 2014-11-22

Re:static route through VPN

2015-07-01 01:10:31 - last edited 2021-08-21 04:55:44

I believe I understand what you are attempting. Correct me if I am wrong;
1. you have multiple networks attached to Router B?
2. Router B - cyberoam CR35wi (192.168.10.0/24) & (10.224.14.0/24) ?
3. you have one network attached to Router A that needs to connect to all networks on Router B?
4. Router A - TL-ER6020 (192.168.0.0/24)?

IPSec does not work by routing tables.
IPSec encapsulates/encrypts one network's packets (Intranet) for destination over unsecure networks (Internet) to another network (Intranet) then unencapsulates/decrypts packets. Then any internal static routes are used to route packets for different attached networks.

A rule for each network's packets is needed.

On Router A:
You would have to create a second tunnel IPSec Policy with the source network (Router A - TL-ER6020) 192.168.0.0/24 to destination network (Router B - cyberoam CR35wi) 10.224.14.0/24.

On Router B:
You would have to create a second tunnel IPSec Policy with the source network (Router B - cyberoam CR35wi) 10.224.14.0/24 to destination network (Router A - TL-ER6020) 192.168.0.0/24.

heals1ic

LV1

2015-07-02 08:36:15 - last edited 2021-08-21 04:55:44

Posts: 6

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2015-06-25

Re:static route through VPN

2015-07-02 08:36:15 - last edited 2021-08-21 04:55:44

Here is a more detailed map of the topology.

I am hoping to create a static route from 192.168.0.0 to direct traffic to the CR35wi (192.168.10.0/24) and it will in turn use its static route to forward to the destination at 10.224.14.0/24.

File:

static_routes.jpgDownload

vpnrouter

LV2

2015-07-02 23:57:13 - last edited 2021-08-21 04:55:44

Posts: 106

Helpful: 1

Solutions: 0

Stories: 0

Registered: 2014-11-22

Re:static route through VPN

2015-07-02 23:57:13 - last edited 2021-08-21 04:55:44

The diagram is missing some components;

Does, Router A (192.168.0.0/24) connect to Router B (192.168.10.0/24) via WAN 1 using IPSEC/VPN ?
Does, Router C (192.168.51/0) connect to Router B (192.168.10.0/24) via WAN 2 using IPSEC/VPN?
How do Router C (192.168.51/0) connect to Router D (10.224.14.0/24) ? IPSEC/VPN/LAN?

Send me a private message with details.

heals1ic

LV1

2015-07-03 15:57:16 - last edited 2021-08-21 04:55:44

Posts: 6

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2015-06-25

Re:static route through VPN

2015-07-03 15:57:16 - last edited 2021-08-21 04:55:44

Does, Router A (192.168.0.0/24) connect to Router B (192.168.10.0/24) via WAN 1 using IPSEC/VPN ? IPSEC/VPN
Does, Router C (192.168.51/0) connect to Router B (192.168.10.0/24) via WAN 2 using IPSEC/VPN? WAN2 (no VPN, private wide area network)
How do Router C (192.168.51/0) connect to Router D (10.224.14.0/24) ? IPSEC/VPN/LAN? Private LAN

This might be clearer -

vpnrouter

LV2

2015-07-04 04:26:07 - last edited 2021-08-21 04:55:44

Posts: 106

Helpful: 1

Solutions: 0

Stories: 0

Registered: 2014-11-22

Re:static route through VPN

2015-07-04 04:26:07 - last edited 2021-08-21 04:55:44

vpnrouter wrote

I believe I understand what you are attempting. Correct me if I am wrong;
1. you have multiple networks attached to Router B?
2. Router B - cyberoam CR35wi (192.168.10.0/24) & (10.224.14.0/24) ?
3. you have one network attached to Router A that needs to connect to all networks on Router B?
4. Router A - TL-ER6020 (192.168.0.0/24)?

IPSec does not work by routing tables.
IPSec encapsulates/encrypts one network's packets (Intranet) for destination over unsecure networks (Internet) to another network (Intranet) then unencapsulates/decrypts packets. Then any internal static routes are used to route packets for different attached networks.

A rule for each network's packets is needed.

On Router A:
You would have to create a second tunnel IPSec Policy with the source network (Router A - TL-ER6020) 192.168.0.0/24 to destination network (Router B - cyberoam CR35wi) 10.224.14.0/24.

On Router B:
You would have to create a second tunnel IPSec Policy with the source network (Router B - cyberoam CR35wi) 10.224.14.0/24 to destination network (Router A - TL-ER6020) 192.168.0.0/24.

Did you create the two IPSec Policies mentioned above?

#10

static route through VPN

static route through VPN

Information

Voters 0

Tags