0

I have my network setup with a sonicwall device as the default gateway so all my traffic goes in and out through it. Now I have just setup a VPN on a cisco router from our local network of 192.168.5.X to another network of 172.16.1.X. The Cisco router with the VPN has 2 interfaces, one facing our lan switch and one facing the Internet going around the default gateway which is our sonicwall. The LAN side of the router has IP 192.168.5.15 and the default gateway has ip 192.168.5.254.

If I change the default gateway in my computer to 192.168.5.15 I am able to ping the computers on the other side of the VPN and everythign works fine, but if I leave the settings intact with my original default gateway which is 192.168.5.254 then I am not able to ping the devices on the other side of the VPN because all traffic is being sent to the sonicwall and my switches don't know that the 172.16.1.X network can be accessed if packets are sent to 192.168.5.15...

Long story short, how can I overcome this conundrum of having to change the gateway to access the VPN? How could I solve this problem? attached is a diagram to help you visualize the setup.

rii
  • 117
  • 8

2 Answers2

2

You just need to add in some extra routing.

In this case adding a static route on your sonic wall to route traffic to 172.16.1.0(/24?) via 192.168.5.15 as the next hop should take care of it.

James Yale
  • 5,042
  • 1
  • 16
  • 20
  • Here is the image: http://img848.imageshack.us/i/networkingproblemvpn.jpg/ – rii Mar 17 '11 at 17:43
  • Thanks for your answer James Yale, I was assuming that was a possibility but currently the router is not going into the sonicwall. Any other ideas? If anything I will just modify the setup and do it like you explained, it's probably my only option right now. – rii Mar 17 '11 at 17:57
  • According to your diagram the Cisco router and the sonicwall are connected to the same switch so should be able to talk to each other unless you've got some specific configuration preventing it. Can you ping 192.168.5.254 (the sonicwall) from the Cisco router? – James Yale Mar 17 '11 at 18:35
  • Yeah from the cisco router I can ping the sonicwall. I can also ping both devices from my computer but if I try to ping something in the 172.16.1.X subnet that is connected and pingable from the cisco router I can't get to it unless I switch the default gateway on my computer to be the local ip of the router (192.168.5.15). – rii Mar 17 '11 at 21:26
  • Good, this and this is why you need to add the static route on the sonicwall. When it is in place the sonicwall will forward your packets for the 172.16.1.0 subnet to the Cisco router to forward. – James Yale Mar 18 '11 at 00:23
  • Problem, solved after adding route! also needed to add address object. – rii Mar 22 '11 at 20:22
0

Ideal would be to change the clients gateway IP to that first managed switch. Then have that Cisco switch route accordingly.

Course, ideal ideal would have been to just use the Sonicwall itself. If that's all of your clients default gateway, why do you even have that Cisco Router or 2nd managed switch?

TheCleaner
  • 32,352
  • 26
  • 126
  • 188
  • Well, we have the Cisco Router because we need to use BGP in order to create that VPN with the Amazon cloud and the sonicwall does not do BGP. The second managed switch is there to connect all our computers and phones. The first Cisco switch is used to split our 10mbit circuit to the Internet since we have several public IPs. – rii Mar 17 '11 at 18:28