Sending data across 2 VPNS

Question

Sending data across 2 VPNS

jeepxo (Programmer)

(OP)

9 Jun 14 13:56

Here's my scenario. At our main office I have a DFL 210, at Satelite office 1 I have a DSR500N, at Satelite office 2 I have a DSR250N.
Sate1 has an IPSec VPN to the main office. Works beautifully.
Sate2 has an IPSec VPN to the main office. Works beautifully.

Sate1 IP range is 192.168.10.0/24
Sate2 IP range is 192.168.97.0/24
Main office is 192.168.1.0/24

From the main office I can RDP to any computer in Sate1 or Sate2
From Sate1 I can RDP to any computer in Main office but NONE from Sate2
From Sate2 I can RDP to any computer in Main Office but NONE from Sate1

Looking for a way to get Sate1 to see computers in Sate2 and from Sate2 to Sate1.

Any thoughts?

To build may have to be the slow laborious task of years. To destroy can simply be the thoughtless act of a single day.

jimbopalmer (Programmer) · Answer 1 · 2014-06-09 17:23:31

If the remotes see the main office as 192.168.0.0/16 then all 192.168.x.x traffic will go to the main office, not just 192.168.1.x traffic.
In the main office, keep the 192.168.10.0/24 and 192.168.97.0/16 destinations for the remotes, so the traffic will be forwarded along to the various remotes
in this example the remote in in a town called Greenwood and uses the subnet 192.168.123.0 while the hub is 192.168.1.0 but configured as a /16

I tried to remain child-like, all I achieved was childish.

Tsar of all the Rushers

imbadatthis (TechnicalUser) · Answer 2 · 2014-06-09 20:08:46

get CISCO routers and setup DMVPN .. it would be less expensive on your SAT Links up/down ...

or do what the dude above me said.. fix your routing :D

We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

obtsystems (Programmer) · Answer 3 · 2014-06-22 09:01:49

without setting up routing in routers the best thing is do set a second tunnel between sat 1 and sat 2 most routers can do more than 1 tunnel

jeepxo (Programmer) · Answer 4 · 2014-06-24 16:37:36

Thanks for the suggestion Jimbo. It led me down the right path. I made a slight variation on it.
On my DFL210 at the main office I created 3 IP4 ranges.
main office 192.168.1.0/24
sat2 192.168.97.0/24 and
sat1 192.168.10.0/24

Then I made an IP4 Group that includes MainOffice and Sat2 (group 1) and a group that includes MainOffice and Sat1.(group 2)
My IP Rules allow Sat1 to Sat1 on all networks
Sat2 to Sat2 on all networks
Sat1 to Sat2 on all networks
Sat2 to sat1 on all networks

Then I created 2 IPsec Interfaces. Interface1 is Group1 to sat1
Interface2 is group2 to sat2

On the 2 DSRs at the satellite locations I create a VPN to Main office using the external IPaddress and a second VPN to Sat1 but I also use the main office external address.

It all works lovely now.

As for the comment "Buy a Cisco..." come on...get over yourself and actual look at the issue. It doesn't matter what company's device you use. What matters is that you get it set up properly. Cisco, DLink, Gateway, IBM, Avaya, Belkin, as long as it is an enterprise device it will work. The absolute best product today will be obsolete in 6 months anyway.

To build may have to be the slow laborious task of years. To destroy can simply be the thoughtless act of a single day.

Come Join Us!

Posting Guidelines

Sending data across 2 VPNS