0

There are a network 192.168.0.0/24 and a different network on a second location with 192.168.50.0/24 on both networks are a router with 192.168.x.1 who route the traffic.

Now i install a new Router with 192.168.0.2 and connect with ipsec to 192.168.50.1, i can route from one net to another, but only if i add 192.168.0.2 as gateway for the network. Now i add a route from 192.168.0.1 over to 192.168.0.2 to 192.168.50.1 and it works i can ping hosts from 192.168.0.x to the 192.168.50.x but not in the other direction. So if i test the route from 192.168.50.x over 192.168.50.1 to 192.168.0.2 over 192.168.0.1 to 192.168.0.x then i can't ping the Host. What can i do that it works?

kockiren
  • 886
  • 2
  • 14
  • 35

1 Answers1

5

Update After discussing this in chat, we determined the problem was handling the static routes between 10.1.1.2. and 10.1.1.1. There aren't any hosts connected to 10.1.1.2, but if there were, there would be no way to route traffic to 10.1.1.0 and get that traffic to both groups of hosts. Even with no hosts, getting to the router itself (for admin purposes) at 10.1.1.2 puts you in a static loop with 10.1.1.1.

Th solution is to subnet out the two routers, and then statically route the two subnets properly, thereby avoiding any conflicts in routing.

Univ426
  • 2,139
  • 14
  • 26
  • Hey John, thanks for your answer. Yes we use static route and i don't set a route from 192.168.0.2 to 192.168.0.1 because i don't know what route i should set. If i set route add 192.168.0.0 net mask 255.255.255.0 192.168.0.1 i can access my 192.168.0.2 – kockiren Aug 23 '12 at 14:31
  • Well, you shouldn't need a route from 192.168.0.2 to 192.168.0.1, as they're on the same network, but you *should* have one from 192.168.50.0 to the 192.168.0.0 network. It sounds like the only connection there is from 192.168.50.1 to 192.168.0.2 - is there a static route set at the 192.168.50.1 router for the 192.168.0.0 network? – Univ426 Aug 23 '12 at 14:37
  • There are no routes because it is set over the ipsec-tunnel. I don't need any routes in this tunnel. I think. If i ping devices who set 192.168.0.2 as gateway then it works. – kockiren Aug 23 '12 at 14:53
  • Ahh ok, in that case, try setting a default route on 192.168.0.1 to 192.168.0.2. I think that would look like "ip route 0.0.0.0 0.0.0.0 192.168.0.2" – Univ426 Aug 23 '12 at 14:56
  • Okay but i cant set a default route because the default traffic should go over the WAN Gateway of 192.168.0.1 – kockiren Aug 23 '12 at 14:59
  • OK sorry, slowly building a picture here. If I understand this correctly, the problem seems to be that you've segmented the network across those two routers - basically you've plugged two of the same networks into each other. I would recommend having two subnets for router 0.1 and 0.2 and then setting static routes between the two. – Univ426 Aug 23 '12 at 15:05
  • In the 192.168.0.0/24 network there are two Router, one Router is for accesss the internet and the other is for access the 2nd location 192.168.50.0/24 so all devices in the 192.168.0.0 network has the 192.168.0.1 Router as Gateway and if any of this need access to the second network they have a route over 192.168.0.2 to the second network – kockiren Aug 23 '12 at 15:09
  • If you want, let's move this to chat and I'll delete this answer - looks like we keep iterating through solutions ;) – Univ426 Aug 23 '12 at 15:13
  • let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/4601/discussion-between-john-k-and-kockiren) – Univ426 Aug 23 '12 at 15:13
  • Hey John, its works now with one router and three network cards. thx! – kockiren Aug 24 '12 at 08:17
  • That's great! Glad it worked out! – Univ426 Aug 24 '12 at 13:20