1. Forum
  2. Usenet
  3. COMP.DCOM.SYS.CISCO

  • Can packets be routed sequentially through two different VPNs?

    From bobneworleans@gmail.com@21:1/5 to All on Sun Oct 4 07:46:50 2015
    I use the ShrewSoft VPN Client to temporarily set up a remote IPSEC VPN from my laptop at home to the office RV120 VPN Firewall. Another permanent site-to-site IPSEC VPN is set up between the RV120 and a customer's site. I can RDP from my laptop at
    home to my office computer, then from there I can RDP to the customer's server. However, I cannot RDP from home to the customer's server.

    I did a "fw monitor" trace on the customers Checkpoint firewall. This showed the progression of packets from the outside interface to the kernel and from the kernel to the inside interface when pinging from the office. No packets were received when I
    did the ping from my home. I tried adding a route statement to the customer's private network in my laptop with the next hop set to the LAN address of the RV120 but this did not help.

    In general, is it possible to route packets through two VPNs in series? If not, why not? If so, what additional configuration is needed to make this work for me?
    Bob

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rob@21:1/5 to bobneworleans@gmail.com on Sun Oct 4 17:31:46 2015
    bobneworleans@gmail.com <bobneworleans@gmail.com> wrote:
    I use the ShrewSoft VPN Client to temporarily set up a remote IPSEC VPN from my laptop at home to the office RV120 VPN Firewall. Another permanent site-to-site IPSEC VPN is set up between the RV120 and a customer's site. I can RDP from my laptop at
    home to my office computer, then from there I can RDP to the customer's server. However, I cannot RDP from home to the customer's server.

    I did a "fw monitor" trace on the customers Checkpoint firewall. This showed the progression of packets from the outside interface to the kernel and from the kernel to the inside interface when pinging from the office. No packets were received when I
    did the ping from my home. I tried adding a route statement to the customer's private network in my laptop with the next hop set to the LAN address of the RV120 but this did not help.

    In general, is it possible to route packets through two VPNs in series? If not, why not? If so, what additional configuration is needed to make this work for me?
    Bob

    I remember that I had that issue (on a generic Cisco router with IOS)
    some years ago, but I cannot remember how I fixed it... it can have
    been a firmware upgrade, or maybe some config command. But looking in
    the config now, I don't see a command that rings a bell.

    (this comes with getting older, I guess)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bob Simon@21:1/5 to Rob on Sun Oct 4 14:43:45 2015
    On Sunday, October 4, 2015 at 12:32:24 PM UTC-5, Rob wrote:
    bobneworleans@gmail.com <bobneworleans@gmail.com> wrote:
    I use the ShrewSoft VPN Client to temporarily set up a remote IPSEC VPN from my laptop at home to the office RV120 VPN Firewall. Another permanent site-to-site IPSEC VPN is set up between the RV120 and a customer's site. I can RDP from my laptop at
    home to my office computer, then from there I can RDP to the customer's server. However, I cannot RDP from home to the customer's server.

    I did a "fw monitor" trace on the customers Checkpoint firewall. This showed the progression of packets from the outside interface to the kernel and from the kernel to the inside interface when pinging from the office. No packets were received when
    I did the ping from my home. I tried adding a route statement to the customer's private network in my laptop with the next hop set to the LAN address of the RV120 but this did not help.

    In general, is it possible to route packets through two VPNs in series? If not, why not? If so, what additional configuration is needed to make this work for me?
    Bob

    I remember that I had that issue (on a generic Cisco router with IOS)
    some years ago, but I cannot remember how I fixed it... it can have
    been a firmware upgrade, or maybe some config command. But looking in
    the config now, I don't see a command that rings a bell.

    (this comes with getting older, I guess)

    Please let me know if you find what you did. I suspect I am missing the right kind of route statement but, of course, I won't know what the real issue is until it's working.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)