Problem getting local subnet access using GRE tunneling...

  • 1
  • Question
  • Updated 3 years ago
  • Answered
We've setup our "off-campus" sites to connect back to the main facility using GRE tunneling.

This works great in all cases....except one!

I have several sites that need their local subnet to be the default VLAN that gets connected to when they connect to an SSID for their local office.

Perhaps there's something simple that's missing.

We are NOT using VPN or CVG -- this is strictly GRE tunneling.

These sites are indeed getting all the correct IP information assigned.   Address, Mask, default gateway, DNS....  They just don't go anywhere... Like they're stuck in their own little box.   They cannot get out, and no one can get in.

I'm thinking there's something that is routing related, but I cannot seem to find anything that jumps out at me.

As I said, this works for my other sites, but the have no local subnet to use, it's all mine.

Not sure what to include here to help get to a solution....

I have a unique network policy that applies to all of the "off-site" locations.
Within that, there's user profiles for their "guest" access and their "production" access.
Guest works perfectly....but, like the other sites, it's all "my" subnets, not the local one.

Ideally, I want to get this working using the GRE tunneling....    

Anyone done this?     Connected an SSID to a local subnet to the site can connect to their local network servers and apps, and another SSID for guest access that connects at a central site.  Both on their own VLAN?

Now... a possible twist to this ---
I learned when I started this project that the original installation was using someone elses subnet...internally....  In other words, instead of the proper non-routable subnets, they used a real one!!!   Because it's all internal, it shouldn't be a problem, but since much of this part of the install is "in the cloud" so to speak, perhaps it DOES matter?
Photo of Bryan Tetlow

Bryan Tetlow

  • 78 Posts
  • 2 Reply Likes

Posted 4 years ago

  • 1
Photo of J. Goodnough

J. Goodnough, Champ

  • 266 Posts
  • 32 Reply Likes
I would say the use of an actual routable subnet is causing you problems somewhere along the line, but without seeing the details it's hard to see what's actually going on. Is that the only configuration difference between the site that doesn't work and the sites that do?
Photo of Bryan Tetlow

Bryan Tetlow

  • 78 Posts
  • 2 Reply Likes
This issue was resolved..... rather simply too ---   This is not a routing issue, but rather a VLAN issue.
The VLAN in question needed to match the local subnet vlan, AND because GRE tunnels are being used, this same vlan had to be taken off the GRE setting so that it would just "drop" to that VLAN outside of the tunnel.

In short -- make sure the local vlan matches the vlan used by the SSID, and make sure when using GRE tunneling, that this vlan has that GRE tunnel UN-checked.
Photo of BJ

BJ, Champ

  • 374 Posts
  • 45 Reply Likes
Where in the config are you finding these options? Will you include a screen shot?