Multi-Vpn Setup: can access all subnets when in office, while vpn’d can only access local subnet
Cisco, Default route, File servers, LAN, Multi Server, Ping, PIX, Print Server, problem, Routing, Static route, Subnets, VPN, WAN
I am having troubles with vpn users being able to see other subnets. It is set up as follows
Any computer locally on the domain can see / ping/ access any other computer on any subnet / location. When someone vpn's into any of the routers they can only see the local subnet of the router they are vpn'ing into. So if someone vpn's to the LA router, they cant access the Chicago Subnet. I have static routes set up for each router.
ex: La to Chicago
192.168.111.0 255.255.255.0 12.x.x.x
I'm not sure if those are set up correctly.
I'm really confused as to why the traffic through the vpn is confusing the router and only getting to that subnet.
Any help would be greaaaaaaaaaaaatly appreciated.
Thanks
Software/Hardware used:
Any computer locally on the domain can see / ping/ access any other computer on any subnet / location. When someone vpn's into any of the routers they can only see the local subnet of the router they are vpn'ing into. So if someone vpn's to the LA router, they cant access the Chicago Subnet. I have static routes set up for each router.
ex: La to Chicago
192.168.111.0 255.255.255.0 12.x.x.x
I'm not sure if those are set up correctly.
I'm really confused as to why the traffic through the vpn is confusing the router and only getting to that subnet.
Any help would be greaaaaaaaaaaaatly appreciated.
Thanks Software/Hardware used:
ASKED:
March 14, 2008 5:08 PM
UPDATED:
March 17, 2008 3:18 PM
Answer Wiki:
You need to tell the routers on each end that the subnet that the VPN traffic is on can traverse the routers. Also check your routes and make sure that the traffic going through the correct VPN.
To see all answers submitted to the Answer Wiki: View Answer History.
There’s a couple of possibilities here. One is that using VPN permits only access to the local LAN on that device. This means that “split tunnelling” is not enabled. Split tunnelling provides the capability of accessing devices on the user’s local LAN as well as other remote devices that they are able to normally able to reach.
The other issue is like what Mrdenny says. It could be a routing issue where the remote router does not know a route back to the networks in question. You may be trying to reach a network from a different source address than is permitted to route to it. Your source address may be masked when you VPN to the remote device.
I’m not sure we have enough information to really help solve this problem.