Hi
I hope someone will be able to help.
In our branch network, we have three sites, SITE A, B and C.
At SITE A, we have router on IP Address 10.9.1.1/24 which gives SITE A's users access to SITE C's mainframe server on IP Address 172.16.0.3/24, we also have a Billion 7402X on IP Address 10.9.1.2/24 with a DSL connection.
At SITE B, we have a Billion 7402X on IP address 10.9.3.3/24 with a DSL connection.
Between SITE A and SITE B, we have an L2TP VPN connection set up on the Billion routers linking SITE A's 10.9.1.0/24 network to SITE B's 10.9.3.0/24 network.
At the moment we are able to make a connection from a device at SITE B to a device at SITE A and vice versa, so connectivity between the two sites works perfectly.
We now want to give users at SITE B 10.9.3.0/24, access to the mainframe server 172.16.0.3/24 via the L2TP VPN connection.
We have added a route in router 10.9.1.1 pointing to the 10.9.3.0 network using 10.9.1.2 as it's gateway. We have a route in Billion 10.9.1.2 pointing to 172.16.0.3 using 10.9.1.1 as its gateway.
Then finally in Billion 10.9.3.3 we have left the default route 0.0.0.0 0.0.0.0 0.0.0.0/ipwan to send ALL traffic from devices in the SITE B 10.9.3.0 network over the L2TP VPN.
But users at SITE B are not able to connect to the Mainframe server 172.16.0.3 at Site C. If we trace the traffic from a PC at SITE B, the packet hits the Billion 10.9.3.3 an then goes out on the WWW and NOT over the L2TP tunnel as it should.
We have tried multiple types of routes to send this traffic over the tunnel but none have worked. Also, using the GUI Web browser interface, when creating a route the only interface options I see are the iplan and ipwan interfaces, there is no way to direct this route to the vpn tunnel.
Please assist!
Routing problem on 7402X - L2TP VPN
-
- Posts: 3
- Joined: Sun Jul 29, 2012 9:28 am
Re: Routing problem on 7402X - L2TP VPN
The web interface is not sophisticated enough to properly configure VPN connections for all but the simplest use cases. I think you can make this work by using the 7402X command line interface for additional routes as I've done.
On my 7402NX I have an always on L2TP VPN connection that is not the default route, with explicit exceptions to route over VPN. My approach was to configure using the web UI as far as possible, then use the router CLI for the rest.
I'm guessing that your L2TP tunnel is also not configured to be the default route so other external traffic routes to the wan - as you suggest it would need an explicit route to reach the mainframe from SITE B.
This page helped me: http://plusplusyou.blogspot.com.au/2012 ... odems.html, it probably has all the info you need, though I've extracted, tailored and added info below.
Before you start, I'd recommend taking a backup of the router configuration through the web UI: Advanced > Configuration > System > Backup/Restore.
To set up a route on the 7402X at SITE B, telnet from a command prompt:
(default user:admin, pass:admin)
Find out the L2TP tunnel interface name (it will start with @):
You probably need something like (replace @ip_pppdevice7 as appropriate):
This adds a route to a single IP address over a specific interface, it should at least get packets to the 7402X at SITE A.
Syntax: ip add route <route name> <destination base ip address> <subnet mask> interface <interface name>
If you need to remove the route:
These router commands may be useful for debugging:
Also, typing ? gives (context sensitive) help on the router command line.
On my 7402NX I have an always on L2TP VPN connection that is not the default route, with explicit exceptions to route over VPN. My approach was to configure using the web UI as far as possible, then use the router CLI for the rest.
I'm guessing that your L2TP tunnel is also not configured to be the default route so other external traffic routes to the wan - as you suggest it would need an explicit route to reach the mainframe from SITE B.
This page helped me: http://plusplusyou.blogspot.com.au/2012 ... odems.html, it probably has all the info you need, though I've extracted, tailored and added info below.
Before you start, I'd recommend taking a backup of the router configuration through the web UI: Advanced > Configuration > System > Backup/Restore.
To set up a route on the 7402X at SITE B, telnet from a command prompt:
Code: Select all
telnet 10.9.3.3
Find out the L2TP tunnel interface name (it will start with @):
Code: Select all
ip list interface
Code: Select all
ip add route mainframe 172.16.0.3 255.255.255.255 interface @ip_pppdevice7
Syntax: ip add route <route name> <destination base ip address> <subnet mask> interface <interface name>
If you need to remove the route:
Code: Select all
ip delete route mainframe
Code: Select all
ip list route
ip show debuginfo
traceroute 172.16.0.3
-
- Posts: 1
- Joined: Wed Jul 30, 2014 4:32 pm
Re: Routing problem on 7402X - L2TP VPN
Here's the cause of the problem ...
- when the Billion 7402 restarts it only has the default ipwan interface in existence;
- it connects firstly to Afrihost via PPP0E and assigns the router's dynamic IP to the ipwan interface;
- the nat port forwards have to be bound to interface @ip_pppdevice16 ... but until the L2TP VPN tunnel to Afrihost connects that interface is not present ... so the nat port forwards FAIL;
- the L2TP VPN tunnel to Afrihst comes up AFTER the Billion has already attempted the port forwards - which have already failed with errors ... and which do not automatically reset and try again.
Hope that helps,
- when the Billion 7402 restarts it only has the default ipwan interface in existence;
- it connects firstly to Afrihost via PPP0E and assigns the router's dynamic IP to the ipwan interface;
- the nat port forwards have to be bound to interface @ip_pppdevice16 ... but until the L2TP VPN tunnel to Afrihost connects that interface is not present ... so the nat port forwards FAIL;
- the L2TP VPN tunnel to Afrihst comes up AFTER the Billion has already attempted the port forwards - which have already failed with errors ... and which do not automatically reset and try again.
Hope that helps,
-
- Posts: 3
- Joined: Fri Jun 08, 2018 11:05 am
Routing problem on 7402X L2TP VPN
Hello all,
I have configured VPN client to site on SSG5 recently. also, I configured profile on client as well,the client use NCP Secure Entry Client as VPN client software to connect remotely, the clients can connected successfully VPN through internet 3G sim card but not successfully through WIFI connection although WIFI connection always in good condition. The client show error "VPN error Connection to VPN gateway failed". as on NCP client software.
I cannot find how is reason. someone suggest me.
Thank in advance.
I have configured VPN client to site on SSG5 recently. also, I configured profile on client as well,the client use NCP Secure Entry Client as VPN client software to connect remotely, the clients can connected successfully VPN through internet 3G sim card but not successfully through WIFI connection although WIFI connection always in good condition. The client show error "VPN error Connection to VPN gateway failed". as on NCP client software.
I cannot find how is reason. someone suggest me.
Thank in advance.