Menu
What's new
By:
Filters Better Search

Cisco RV320: From VPN A to LAN B

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

B

bernard038

Regular Contributor
Hello All,

I have a setup like this:

VPN A <-> [Router A / LAN A] <-- G2G VPN --> [Router B / LAN B] <-> VPN B


Both routers are Cisco RV320 in gateway mode, the gateway to gateway VPN is an IPsec vpn. I use OpenVPN for both VPN A and B.
  • When i log on to VPN A i can reach router A and LAN A
  • When i log on to VPN B i can reach router B and LAN B.
  • From LAN A i can reach LAN B, using the G2G VPN connection.
  • But when i log on to VPN A, i cannot reach LAN B (and the other way round)
What i would like to achieve is the possibility to reach both LANs from both VPNs. Is this possible?

Thanks in advance for your swift answer!

Best Regards, b.
 
the problem for you is with routing.
First its a question of subnets. Do A and B use the same or different subnets? Than its a matter of setting the routes correctly on both routers. @Samir is an expert with the cisco RV despite my usual warnings not to use such devices as they offer less benefits than a good consumer router does even with vpn and is also buggy. If you want easy dual WAN pfsense is much better and when it comes to QoS throughput, even consumer routers are faster as these platforms lack the CPU power as they're even slower than the ERL that has the same platform but with faster CPU.

Its best if both network A and B use different subnets. Mikrotik, ubiquiti and pfsense is easier to set up routing for VPN if all 3 networks are the same subnet. Essentially the router needs to know that a device belongs to which network so that it knows whether to send to VPN or back to LAN. If you have a layer 3 switch the switch will also need to know the routes too otherwise the switch will just send it to LAN instead.

If both networks use different subnets its easier to set it up. Easiest way is to NAT as routing may require setting up the clients on both ends.
 
Hi SEM,

Thanks for your reply, and yes, A and B are on different subnets. Issue is that i cannot use RIP or a static route to route traffic from the vpns over the G2G-vpn.

...and yes i agree, i would not recommend a cisco small business router to anyone in any situation....

Cheers, b.
 
i wouldnt call those routers cisco either. linksys which is owned by cisco also sells those same horrible routers under linksys brand. Many brands have it and they are outdated buggy devices that are still being sold around.

The easiest way if you can is to NAT traffic between A and B. In my cause my modem is on a different subnet but by using NAT on my LAN to the device (1 way) (like with normal internet access) i am able to access to modem's web page. If i wanted to use routing my modem would also need to have a route (0.0.0.0) with my router as the gateway. Since my modem is simple it does not have that capability in modem mode and netgear's firmware isnt that great.

So in your case you need to NAT 1 way on both routers like you would with the internet. I dont know if those routers are capable of that. You can also try setting your routes like this :
Router A
LAN 192.168.1.0/24 gateway 192.168.1.1 weight 0
VPN 192.168.2.0/24 gateway (Router B VPN interface IP not LAN), weight 0
WAN 0.0.0.0/0 gateway (your ISP) weight 1
Router B
VPN 192.168.1.0/24 gateway (Router A VPN interface IP not LAN), weight 0

The weightage is important too, the terms used might be different but WAN route must come after LAN and VPN otherwise the WAN route will supersede the VPN route as 0.0.0.0/0 means all IPs.
 
On both routers, the remote LAN is mentioned in the routing table. BUT! Router A is not aware of vpn B (and vice-versa) so when traffic originates from vpn B router A hasn't got a clue what to do with it... Is that what you are saying? Does my reasoning sound logical?
 
Last edited:
actually its more to do with the router isnt aware of each other's LAN. check that the gateway is correct for them as the gateway is going the be the router the LAN belongs to. You could have the remote LAN entered but possible the router itself as the gateway rather than the other router.
 
Router A and B are both aware of the remote LAN, backups are exchanged between the storage servers on these lans, shares on the other lan can be reached, that's not the issue. The issue is:
  • VPN A is aware of LAN A, but not of LAN B
  • VPN B is aware of LAN B, but not of LAN A
 
You must log in or register to reply here.

Similar threads

gdgross
Setting up VPN server (router?) for offsite access
Replies
13
Views
747
gdgross
gdgross
M
Vpn fusion not able to have 2 OpenVPN configs active.
Replies
0
Views
134
madifor
M
B
Firewall lan - vpn?
Replies
0
Views
262
blast
B
M
Should I Change From Router Mode to Something Else?
Replies
4
Views
435
jerry6
jerry6
A
Best way to set up vpn on router for gaming?
Replies
13
Views
1K
Benbrode
B
Similar threads
Thread starter Title Forum Replies Date
gdgross Setting up VPN server (router?) for offsite access VPN 13
C Instant Guard IPsec VPN Log Showing Regular Access Attempts VPN 3
A Best way to set up vpn on router for gaming? VPN 13
M VPN for a Cruise Ship VPN 11
F Router for VPN with AES-NI VPN 8
S How to start client VPN from the CLI on tomato firmware VPN 0
Diablo99 How to build a safe VPN VPN 3
F Site To Site VPN between Debian VM and AsusWRT-Merlin router, no routes exists VPN 2
P OPNsense / Adguard / DNS & VPN questions VPN 3
6 VPN problem on remote connection. VPN 0

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 639 (members: 18, guests: 621)
Top