CVG, BR200, L3 VPN almost working, need help to complete set up.

  • 1
  • Question
  • Updated 5 years ago
  • Answered
I have a 90% working solution but I'm just blanking on the last aspect of the configuration. I'm hoping some obvious suggestions will help (thanks in advance..)

Scenario
-IPsec tunnel is successfully established between BR200 and the CVG.

-The WAN IP (Eth0) of the CVG is 10.200.2.104 with router DMZ interface as the default gateway of 10.200.2.1

-The CVG has an Eth1 address of 10.0.0.3/24 (internal network is 10.0.0.0/24 and the router interface/gateway is 10.0.0.1)

-From the CLI of the BR200 I can ping the CVG WAN IP (10.200.2.104) but I cannot ping the gateway (10.200.2.1).

-Again from the BR200 I can ping the LAN address (10.0.0.3) but cannot ping the router interface (10.0.0.1) or indeed any other internal IP's.

I am not using any dynamic routing, and there is only one internal subnet at this stage (10.0.0.0/24 - this will expand when I have this working).

Under the configuration of the CVG I have entered 10.0.0.0 / 255.255.255.0 under internal networks and no static routes.

Anything I've missed thats obvious? I'm assuming with an established VPN tunnel that routing should allow me to reach beyond the configured WAN & LAN on the CVG.?
Photo of Melissa J

Melissa J

  • 12 Posts
  • 3 Reply Likes

Posted 5 years ago

  • 1
Photo of Manoah Coenraad

Manoah Coenraad, Champ

  • 72 Posts
  • 67 Reply Likes
Hello Melissa,

I think you have to configure the route back. The Default gateway of the CVG doesn't know the way to the BR200. Can you configure static routes at the Gateway? I think you have to tell the Gateway(10.200.2.1) that he can find the network behind the BR200 at the CVG.
Photo of Melissa J

Melissa J

  • 12 Posts
  • 3 Reply Likes
Hi Manoah,
Thank you. I knew I had missed something obvious. I had the firewall rules set up and active but forgot to switch the Static Route rule on - as you stated above.
Everything is working perfectly now.