Route to different subnet via VPN
Posted: Wed May 01, 2013 12:47 pm
Hi All.
I've got a 7402nx. I use an IPsec VPN to connect to my office which is a hub in a hub and spoke model to other sites/subnets.
My local subnet is defined as: 192.168.50.0 / 255.255.255.0
My Office (hub) Subnet is defined as 192.168.100.0 / 255.255.255.0
The VPN my side is defined as: 192.168.0.0 / 255.255.0.0
The VPN office side is : 192.168.50.0 / 255.255.255.0
As I have a /16 subnet definition on the VPN to my office hub, all I have to do is tell the far end spoke networks to push anything to my subnet (.50.x) through to the office hub gateway via the VPN already in place (I literally just stick a static route in to that effect on those firewalls). All this works a treat and I can access the office network and the networks on the far end of those spokes.
However, we have two network on a completely different network range defined as 10.0.1.0 and 10.0.2.0 (both subnetted down to /24 like the other spoke 192.168 networks).
Through my Billion’s web UI I cannot add a static route for these network via the VPN (you can only define lan or wan and neither work in this scenario). I don’t especially want to create direct VPNs to those remote/spoke end networks either. In my mind, the IPSec VPNs on the router should show in the list of interfaces when defining a route. This would be exactly what I need (and is exactly how I do this on my other kit).
Is there a way I can tell my Billion to shove any traffic for those 10.0.x. subnets back down to my office hub on the 192.168.100.x network? I’ve had a bit of a look on the CLI but it’s not obvious if there is a way to do this.
Crappy diagram to illustrate below:
In the above the routing is working fine for everything but Spoke3 as I cannot define a static route from "Me" via a VPN as an interface.
Any help appreciated.
I've got a 7402nx. I use an IPsec VPN to connect to my office which is a hub in a hub and spoke model to other sites/subnets.
My local subnet is defined as: 192.168.50.0 / 255.255.255.0
My Office (hub) Subnet is defined as 192.168.100.0 / 255.255.255.0
The VPN my side is defined as: 192.168.0.0 / 255.255.0.0
The VPN office side is : 192.168.50.0 / 255.255.255.0
As I have a /16 subnet definition on the VPN to my office hub, all I have to do is tell the far end spoke networks to push anything to my subnet (.50.x) through to the office hub gateway via the VPN already in place (I literally just stick a static route in to that effect on those firewalls). All this works a treat and I can access the office network and the networks on the far end of those spokes.
However, we have two network on a completely different network range defined as 10.0.1.0 and 10.0.2.0 (both subnetted down to /24 like the other spoke 192.168 networks).
Through my Billion’s web UI I cannot add a static route for these network via the VPN (you can only define lan or wan and neither work in this scenario). I don’t especially want to create direct VPNs to those remote/spoke end networks either. In my mind, the IPSec VPNs on the router should show in the list of interfaces when defining a route. This would be exactly what I need (and is exactly how I do this on my other kit).
Is there a way I can tell my Billion to shove any traffic for those 10.0.x. subnets back down to my office hub on the 192.168.100.x network? I’ve had a bit of a look on the CLI but it’s not obvious if there is a way to do this.
Crappy diagram to illustrate below:
In the above the routing is working fine for everything but Spoke3 as I cannot define a static route from "Me" via a VPN as an interface.
Any help appreciated.