|
Title: Branch Office connection problem. Post by: Eduardo on August 18, 2009, 08:23:32 PM Hi Mike.
I'm a first time poster, long time reader. And I'm having some trouble with a branch office connection between a contivity 1010 and a BSR 222. The tunnel is up and I get a response both ways to the LAN IP of each router. But here is the thing. When I ping from the BSR network to the 1010 network all pings respond. The problem occurs when I tried pinging the from the 1010 network to the BSR network, I could only get a response from the LAN IP of the BSR. Any suggestions on what I'm doing wrong? Thanks. Title: Re: Branch Office connection problem. Post by: Michael McNamara on August 18, 2009, 09:07:05 PM Hi Eduardo,
There are a few things that could be wrong... I replied on my blog but since you took the time and effort to post in the forums I thought I would follow-up with you here. Are there any other routers/switches in the topology at the main office network? The fact that you can ping from oneside but not the other suggests an interface filter or ACL is blocking the traffic. In a simple network design if you can ping in one direction you should be able to ping in the other direction, or at least it helps to eliminate any possible routing problems. What do you get when you perform a trace route (tracert.exe in Windows XP)? If you can post the results of a tracert that should help show us where to go next. Good Luck! Title: Re: Branch Office connection problem. Post by: Eduardo on August 20, 2009, 02:14:52 PM Hi Mike.
Is very stange what happens, I have done this type of configuration manny times and did not have this type of problem. In the topology of the main network where the 1010 is I have switches. I tried to do a trace route from a PC on the main network, to the 192.168.2.1 (LAN IP of the BSR in the remote network) and roked great, the hops were 192.168.1.1 and 192.168.2.1 But when I do a trace rout to 192.168.2.3 I get only th ehop 192.168.1.1 evry thing else is Request time out. Please help. And thanks for taking the time to asnwer. Title: Re: Branch Office connection problem. Post by: Michael McNamara on August 21, 2009, 12:42:00 AM Hi Eduardo,
I would check to make sure you have the correct IP network in the tunnel configuration of both VPN routers. I've attached a quick diagram I threw together than shows the topology I believe you have at your site. Is the default gateway of PC2 defined correctly as 192.168.2.1? Is it possible for you to perform a trace route from PC2 to PC1? From your comments it seems that the route to the 192.168.2.0/24 network is in place since you can ping the LAN interface of the BSR222 (192.168.2.1). What networks did you define in the tunnel for the BSR222? Are you routing everything back to the main office (0.0.0.0/0.0.0.0) or are you just routing traffic for the IP networks (192.168.1.0/24) back to the main office? Have you looked at the routing table on the VPN 1010 router? Perhaps you have an address conflict with another tunnel? Mike Title: Re: Branch Office connection problem. Post by: Eduardo on August 21, 2009, 05:54:07 PM Thanks for your answer Mike.
I will double check the configuration on both sides, most of all on the network configuration. I will let you know if I found something. Thanks. |