Hi,

For the sake of simplification I'll truncate my network setup, but in essence I have the following;

192.168.1.0 range (3100 SDSL router here)
192.168.2.0 range (2800 ADSL router here)
192.168.3.0 range (2800 ADSL router here)

I have a clock in machine working on 192.168.2.99

Supplier has now installed a second clock in machine on 192.168.3.99

192.168.1.0 is our head office, VPN tunnels to all remote sites – no tunnels between

VPN tunnels are IPSec, 3DES with Encryption, Rip direction TX/RX (Both) – config is as per the Draytek tutorial at http://www.draytek.co.uk/support/vpn_setup.html

Ok, I had hoped that the network would route correctly with that setup, but something is amiss.

We have a 2008 Server acting as domain controller on 192.168.1.10, within the LAN config of the remote site routers it is setup as a forced DNS server also.

Output of route print on the server looks fine - server can "see" all routers

Yet when you try to ping from 192.168.2.*** to 192.168.3.*** and vice versa, nothing happens.

Today I added two new sites 192.168.4.0 and 192.168.5.0 for testing purposes. (using 2820s)

Each one has a VPN link to Head Office as per previous config. A look at the routing table on either router shows;

Key: C - connected, S - static, R - RIP, * - default, ~ - private
* 0.0.0.0/ 0.0.0.0 via 188.39.1.18, WAN1
S (test site ext IP)/ 255.255.255.255 via 78.33.94.225, WAN1
R~ 192.168.2.0/ 255.255.255.0 via 192.168.1.1, VPN (4/120000)
R~ 192.168.3.0/ 255.255.255.0 via 192.168.1.1, VPN (4/120000)
R~ 192.168.4.0/ 255.255.255.0 via 192.168.1.1, VPN (4/120000)
S~ 192.168.1.0/ 255.255.255.0 via (our external IP) VPN
* 188.39.1.18/ 255.255.255.255 via 188.39.1.18, WAN1
C~ 192.16.5.0/ 255.255.255.0 is directly connected, LAN

This looks fine, and implies to me that the routing is working, in fact I’m able to ping 192.168.4.1 (test site1 router) and in turn 192.168.4.10 (test site workstation with dhcp ip) from a pc sat on the 192.168.5.0 part of the network

But after a time something happens, I have been running a continuious ping and it drops, I either get “188.39.1.18 destination host unreachable”, or “request timed out” initially I tried restarting both VPN links on both test routers, but latterly I’ve noticed that if I leave it things just follow the same course.

Seems to me as if one or other (or both) router seems to lose its routing table and then rebuild it, but I’m not sure. I did wonder if I switched all traffic down the VPN it might work better – but this causes the internet connection to suffer, as local users use the local internet connection

Can anyone cast any light on this issue at all – is there a configuration with the VPN tunnels that’s at fault, or is it my routing setup? I tried static routes and nothing worked, hence reverting to RIP!

All and any suggestions gladly received!

cheers

Answered my own question - you have to add a static route via the VPN programming, section 4. TCP/IP Network Settings - on the far side router

I added in 192.168.2.0 / 24, 192.168.3.0 / 24 and so on

This appears in the routing table (shows route as VPN) and permits intra-site ping/packet flow

RIP needs to be enabled on the LAN to LAN configurations (at each end) but not on the general LAN settings of the router.

I have a dodgy 2820 that seems to lose it's routing table, but it's on an older firmware revision so hopefully will work better after flashing.

cheers