Cisco 831 VPN Routing
Weili
192.168.212.0/24 --[ Cisco 831 Router A ]--Internal Network--
[192.168.212.1 192.100.80.100]
[ Cisco 831 Router B] ---- [ Firewall ] ---- 192.168.129.0/24
[203.x.x.18 172.x.x.133] 172.x.x.134 192.168.129.1]
I set up a VPN link between Rouer A and Router B. From 192.168.212.5,
I can ping 172.x.x.134 without any problem. I can also prove the
traffic pass through VPN by using traceroute. I can also ping from
192.168.129.5 to 172.x.x.133. However, when I try to ping
192.168.129.1 from 192.168.212.5, it is never reachable. By using
tcpdump, I can tell the traffic doesn't go through the VPN link.
Rather, it goes through Internal Network, and never reach the
firewall.
How can I route all traffic to 192.168.129.0 through the VPN link, so
that it can reach the firewall? Do I need to do something in Router A?
Is VPN Routing and forwarding the way to go?
Thank you very much.
Weili
RobO
Are you able to watch the firewall logs at the firewall on network B.
When you try and ping the address block behind the firewall check your
firewall logs to see if anything is blocked.
If you have NAT statements on router B they should include
192.168.129.0 subnet if its a 24 bit mask.
But make sure your firewall is not blocking packets from the network A
subnet.
What sort of routes do you have on router A
maybe add a static route to the likes of :
ip route 192.168.129.0 255.255.255.0 (external_intf) 3
try a hop of 3 at the end of the static route as above.
Rob
RobO
Also make sure that your match acl on router A has got statements for
the network behind firewall on network B.
Rob
Weili
Thank you very much Rob. Once I included the network behind firewall
on network B in ACL, it worked straight away. The traffic pass through
the VPN tunnel.
Thanks again.
Weili