INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Sending data across 2 VPNS

Sending data across 2 VPNS

(OP)
Here's my scenario. At our main office I have a DFL 210, at Satelite office 1 I have a DSR500N, at Satelite office 2 I have a DSR250N.
Sate1 has an IPSec VPN to the main office. Works beautifully.
Sate2 has an IPSec VPN to the main office. Works beautifully.

Sate1 IP range is 192.168.10.0/24
Sate2 IP range is 192.168.97.0/24
Main office is 192.168.1.0/24

From the main office I can RDP to any computer in Sate1 or Sate2
From Sate1 I can RDP to any computer in Main office but NONE from Sate2
From Sate2 I can RDP to any computer in Main Office but NONE from Sate1

Looking for a way to get Sate1 to see computers in Sate2 and from Sate2 to Sate1.

Any thoughts?

To build may have to be the slow laborious task of years. To destroy can simply be the thoughtless act of a single day.

RE: Sending data across 2 VPNS

If the remotes see the main office as 192.168.0.0/16 then all 192.168.x.x traffic will go to the main office, not just 192.168.1.x traffic.
In the main office, keep the 192.168.10.0/24 and 192.168.97.0/16 destinations for the remotes, so the traffic will be forwarded along to the various remotes
in this example the remote in in a town called Greenwood and uses the subnet 192.168.123.0 while the hub is 192.168.1.0 but configured as a /16

I tried to remain child-like, all I achieved was childish.

Tsar of all the Rushers

RE: Sending data across 2 VPNS

get CISCO routers and setup DMVPN .. it would be less expensive on your SAT Links up/down ...

or do what the dude above me said.. fix your routing :D

We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

RE: Sending data across 2 VPNS

without setting up routing in routers the best thing is do set a second tunnel between sat 1 and sat 2 most routers can do more than 1 tunnel

RE: Sending data across 2 VPNS

(OP)
Thanks for the suggestion Jimbo. It led me down the right path. I made a slight variation on it.
On my DFL210 at the main office I created 3 IP4 ranges.
main office 192.168.1.0/24
sat2 192.168.97.0/24 and
sat1 192.168.10.0/24

Then I made an IP4 Group that includes MainOffice and Sat2 (group 1) and a group that includes MainOffice and Sat1.(group 2)
My IP Rules allow Sat1 to Sat1 on all networks
Sat2 to Sat2 on all networks
Sat1 to Sat2 on all networks
Sat2 to sat1 on all networks

Then I created 2 IPsec Interfaces. Interface1 is Group1 to sat1
Interface2 is group2 to sat2

On the 2 DSRs at the satellite locations I create a VPN to Main office using the external IPaddress and a second VPN to Sat1 but I also use the main office external address.

It all works lovely now.

As for the comment "Buy a Cisco..." come on...get over yourself and actual look at the issue. It doesn't matter what company's device you use. What matters is that you get it set up properly. Cisco, DLink, Gateway, IBM, Avaya, Belkin, as long as it is an enterprise device it will work. The absolute best product today will be obsolete in 6 months anyway.

To build may have to be the slow laborious task of years. To destroy can simply be the thoughtless act of a single day.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close