I have got an issue where it seems that traffic is not routing across the VPN.

I have a VPN tunnel setup between a remote site and Head Office.

The VPN has 2 remote networks listed.

The 10.0.0.0/24 network routes no problem and traffic is sent in both directions.

The 172.16.25.0/24 network doesnt want to route traffice across it and i dont seem to be getting any traffic at the Head Office site on the logs.

On the VPN connection management it only shows the virtual network as 10.0.0.0/24 is this right? I have checked the rotuing table and the rule is in there for the 172 network.

Any ideas?

I have the same issue as this on the 2710. I have an IPSec VPN with 10.11.0.0/16 listed as the remote network, with 10.61.0.0/16 specified as an additional remote network (using the More button on the VPN config page). The 10.11 network passes traffic just fine, but nothing goes to 10.61. If I change the config so that 10.61 is specifed on the main VPN setup page but 10.11 is set on the "more" page then 10.61 can transmit traffic but 10.11 cannot. So it would appear that the Draytek has a bug and isn't handling two networks correctly.

I have checked the routing table on the Draytek when the tunnel is established and it does add both networks to the routing table, but it appears that despite the routing looking fine that something else is still amiss.

Is this a known bug?

thanks

Mike

After speaking to Draytek tech support they came back with the below answer

Hello Simon,

You can only terminate IPSec VPN on draytek for its private subnet and it only supports one subnet.

Over the period the router behavior for the 2nd subnet has changed as they are different hardwares. Although, as you said it may work in certain scenarios on Vigor 2800 and Vigor 2820 series of router this is not an officially supported function on any of the DrayTek routers other then Vigor 3300V.

Regards,

Adam

Tuesday, May 18, 2010, 11:32:35 AM, you wrote:

Is this only for the 2600 models?

We have some 2820 and 2800 models and they have got 2 lan to lan
profiles setup one for each subnet and they work without any problems connecting up.

To get it working in our scenario we created 2 tunnels one with each subnet on the Draytek and on our Watchguard Box

Thanks, that's really interesting that they're saying that it only supports one subnet, since it would make the option to choose multiple subnets in the VPN config completely pointless! I'll log a call with them and see what response I get.

cheers

I think what they're saying is that the More function isn't for second subnet / additional LAN subnets, it's for additional subnets that can be reached through that VPN using another VPN, more like a static route setting that's configured to go through the VPN.
That said, I suspect that additional LAN subnets would work if you've got static routes set up on the router that that 2710 is connecting to, but not if you're using the second subnet feature (though I do recall seeing a telnet command for that...)

Voodle wrote: I think what they're saying is that the More function isn't for second subnet / additional LAN subnets, it's for additional subnets that can be reached through that VPN using another VPN, more like a static route setting that's configured to go through the VPN.

I hope so, because that's exactly how I'm using it. I have two remote subnets that can be reached through the VPN. The Draytek correctly adds routes to the two subnets through the VPN, but then only seems to actually send data for one of the subnets into the tunnel. I've logged a support call, so I'll see what they come back with.

thanks