×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

2 VPN Tunnels using FVS318v3, endpoints cannot "see" each other

2 VPN Tunnels using FVS318v3, endpoints cannot "see" each other

2 VPN Tunnels using FVS318v3, endpoints cannot "see" each other

(OP)
Hello everyone,

I have a Netgear FVS318v3 router that I have created 2 separate VPN tunnels with.  I will try to lay out the networks below:

Segment A: 172.21.6.0 network (application server)
Segment B: 192.168.127.0 network (FVS318v3)
Segment C: 192.168.126.0 network (remote client)

Segment A has a server with an application on it that Segment C needs access to.  Segment B has a VPN tunnel established to Segment A and Segment C.  There is no server for Segment B or Segment C and the router for Segment B is set up to provide DHCP.

I do not have access to Segment A's firewall.  It is controlled by a vendor that I worked with to get the VPN tunnel established between Segment A and Segment B.  I can ping Segment A from Segment B.

Segment C is a remote laptop client using Netgear's ProSafe VPN Client.  In the ProSafe VPN client, I was able to set up a virtual IP address of 192.168.126.50 (because it cannot be on the same segment as Segment B).  I can establish VPN connection between Segment C and Segment B.  Segment C can ping the internal address of Segment B's Netgear router and it can ping computers inside the 192.168.127.0 network.  The Netgear router can ping Segment C's virtual IP address of 192.168.126.50.  Segment B's Netgear router can ping Segment A's gateway and server that holds the application needed by Segment C (the 172.21.6.0 network).  The problem is, Segment C cannot ping Segment A...

I have set up several static routes listed below:

Destination: 192.168.127.0 Gateway: 192.168.126.50 Metric 2
Destination: 192.168.136.50 Gateway: 192.168.127.100 Metric 2
Destination: 172.21.6.0 Gateway: 172.21.6.1 Metric 2

It seems that no matter how I try to set up a static route from Segment C to Segment A, I cannot get them to communicate.

If anyone has any ideas on how to fix this or what I am doing wrong / overlooking, please feel free to let me know.  I am at my wits end and I have been working on this for a few days now.

Thanks in advance,
Pellet

RE: 2 VPN Tunnels using FVS318v3, endpoints cannot "see" each other

I have no idea if you will need access to the router you do not have access to but here goes.

I bet 172.21.6.x is allowed to see 192.167.127.x with a subnet mask of 255.255.255.0, (or /24) this allows clients from 192.168.127.1 to 192.168.127.254 to see into the 172.21.6.x subnet.  You want a mask of 255.255.0.0 (or /16) this would allow 192.168.0.1 to 192.168.255.254 to see into 172.21.6.x.

That would include your 192.168.126.x client, which your current mask does not.

If the subnet 172.21.6.x has other VPN peers, this greedy approach will not work as I grabbed all of the 192.168.x.x range.  Someone with a good subnet calculator could tell you the smallest mask that would work.

 

I tried to remain child-like, all I acheived was childish.

RE: 2 VPN Tunnels using FVS318v3, endpoints cannot "see" each other

(OP)
Thanks for the reply Jimbopalmer,

The admin for the 172.21.6.0 network won't give access to 192.168.0.0 network because he has multiple networks accessing the server.

I did talk to him before and he said he granted access to the network for the 192.168.127.0 network and the 192.168.126.0 network...  I don't know if the issue is the virtual IP on the client computer is 192.168.126.50 with a virtual netmask is 255.255.255.255 - but I did try to set up the network at 192.168.0.0 but I could not get a VPN connection.

Any other ideas?

Thanks again for the reply.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close