DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Allowing traffic between two remote sites via a central location
- daveb-wist
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 12
- Thank you received: 0
02 Nov 2023 09:55 #102952
by daveb-wist
Allowing traffic between two remote sites via a central location was created by daveb-wist
Hi guys,
If I have a Draytek (3900) at our head office and I have 2 site 2 site VPN's from our two remote offices direct to our head office as below:
Currently, by default, it seems the 192.168.100x network can not see the 192.168.200.x next work and vice-versa?
Is there some routing (static routing) that needs to be in place on the 3900 for these 2 remote sites to see each other via the 3900?
Image link:
https://ibb.co/qkVVL95
Thanks
DB
If I have a Draytek (3900) at our head office and I have 2 site 2 site VPN's from our two remote offices direct to our head office as below:
Currently, by default, it seems the 192.168.100x network can not see the 192.168.200.x next work and vice-versa?
Is there some routing (static routing) that needs to be in place on the 3900 for these 2 remote sites to see each other via the 3900?
Image link:
Thanks
DB
Please Log in or Create an account to join the conversation.
- HodgesanDY
- Offline
- Member
Less
More
- Posts: 208
- Thank you received: 16
02 Nov 2023 23:01 #102956
by HodgesanDY
Replied by HodgesanDY on topic Re: Allowing traffic between two remote sites via a central location
Hi DaveB-WIST,
Yes, routing but, via the LAN-to-LAN VPN profile configuration.
In the VPN profile, at each remote end (100 & 200), add the opposing subnet to the “More Remote Subnet:” box - if using a 3900 at these remote-ends too?
This only needs to be done at the remote-ends, the ends that are connecting inwardly to the central 3900, as the central 3900 already knows about all of its connected subnets so can route/forward the traffic on; whereas before doing the above, the remote ends (the remote LANs) would not know how to reach the subnet on the other side of the central 3900, but, because you have now added it to the VPN profile, the remote ends will be aware of how to reach the other subnet and will route the traffic through the VPN connection.
You should also observe a new entry in the ‘Routing Table’, which will be the new subnet you’ve just added to the VPN Profile config.
If you also have additional LANs at one of the remote sites, or both, they too will need adding to the relevant “More Remote Subnet:” box, so their subnet can also communicate across the central 3900 connection.
One further note, if you do have additional LANs(Subnets) at the remote sites, and want to add them as well, these additional subnets will need adding to the LAN-to-LAN Profile config on the central 3900 too - in that scenario, as the default ‘Local LAN’ in the remote VPN Profile is the only subnet the central 3900 will be aware of at the remote site, hence why you need to add additional subnets that need to be reachable, into the VPN profile config.
Yes, routing but, via the LAN-to-LAN VPN profile configuration.
In the VPN profile, at each remote end (100 & 200), add the opposing subnet to the “More Remote Subnet:” box - if using a 3900 at these remote-ends too?
This only needs to be done at the remote-ends, the ends that are connecting inwardly to the central 3900, as the central 3900 already knows about all of its connected subnets so can route/forward the traffic on; whereas before doing the above, the remote ends (the remote LANs) would not know how to reach the subnet on the other side of the central 3900, but, because you have now added it to the VPN profile, the remote ends will be aware of how to reach the other subnet and will route the traffic through the VPN connection.
You should also observe a new entry in the ‘Routing Table’, which will be the new subnet you’ve just added to the VPN Profile config.
If you also have additional LANs at one of the remote sites, or both, they too will need adding to the relevant “More Remote Subnet:” box, so their subnet can also communicate across the central 3900 connection.
One further note, if you do have additional LANs(Subnets) at the remote sites, and want to add them as well, these additional subnets will need adding to the LAN-to-LAN Profile config on the central 3900 too - in that scenario, as the default ‘Local LAN’ in the remote VPN Profile is the only subnet the central 3900 will be aware of at the remote site, hence why you need to add additional subnets that need to be reachable, into the VPN profile config.
Please Log in or Create an account to join the conversation.
- daveb-wist
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 12
- Thank you received: 0
04 Nov 2023 21:03 #102962
by daveb-wist
Replied by daveb-wist on topic Re: Allowing traffic between two remote sites via a central location
Many thanks for your excellent help!
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek