DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Site To Site Routing problem

  • gegg
  • Topic Author
  • User
  • User
More
22 Feb 2022 14:28 #1 by gegg
Site To Site Routing problem was created by gegg
We have three sites connected with LAN to LAN VPN's

Site A 192.168.100.0 255.255.255.0 (2860)
Site B 192.168.90.0 255.255.255.0 (2862)
Site C 192.168.80.0 255.255.255.0 (2862)

On site A and Site B there are servers with file shares. Users at Site A and Site B can access the file shares located on both sites and everything works as expected. Users at site C which has a LAN to LAN connection with site A can access shares at site A but not at site B. I appreciate that this is a routing issue but I would be grateful for any advice on how to resolve it.

Thanks

John

Please Log in or Create an account to join the conversation.

  • hornbyp
  • User
  • User
More
22 Feb 2022 14:44 #2 by hornbyp
Replied by hornbyp on topic Re: Site To Site Routing problem
If I've understood the topology correctly, it's probably because Site B and Site C do not know that the other one is accessible via the link to Site A. So the traffic is probably heading out of the Default Gateway, en-route to the ISP instead.

There are really only 3 places you can manually add this information :-

  • In the "More" section of the VPN definition.

  • As a "Routing Policy" entry

  • As a Static Route.



(It needs doing at both ends)

Theoretically, this routing information can be discovered by RIP, if enabled.

See: https://www.draytek.com/support/knowledge-base/5765

Please Log in or Create an account to join the conversation.

  • gegg
  • Topic Author
  • User
  • User
More
22 Feb 2022 16:02 #3 by gegg
Replied by gegg on topic Re: Site To Site Routing problem
Thanks for coming back so quickly.

I can see from the route policy diagnostics that you are correct, traffic from site C to site B was being sent out on WAN1. I have created a policy at site C to force traffic to use the VPN when looking for addresses in the site B subnet. The policy diagnostics now shows that traffic is correctly being directed over the VPN but I am still unable to reach anything at site B.

Is there something else I should be doing?

Thanks

Please Log in or Create an account to join the conversation.

  • gegg
  • Topic Author
  • User
  • User
More
23 Feb 2022 09:01 #4 by gegg
Replied by gegg on topic Re: Site To Site Routing problem
I could not get this to work no matter what I did so in the end I just created another LAN to LAN connection from site C to Site B and everything is now working.

Please Log in or Create an account to join the conversation.

  • hornbyp
  • User
  • User
More
23 Feb 2022 11:47 #5 by hornbyp
Replied by hornbyp on topic Re: Site To Site Routing problem
I would have replied sooner - but the forum software didn't notify me of your reply :(

Glad you have it working.

The reason it didn't spring into life with the first Route Policy addition, would have been to do with the Return Path. Traffic from Site C to Site B would have been following the correct Route, but responses from Site B to that traffic would not. (So, for example, if you 'pinged' B from C, it would have gone from C -> A -> B, but when B replied, it would have gone from B -> Default Gateway).

Please Log in or Create an account to join the conversation.

  • gegg
  • Topic Author
  • User
  • User
More
23 Feb 2022 12:19 #6 by gegg
Replied by gegg on topic Re: Site To Site Routing problem
No worries and thanks for coming back to me.

What I have done works but does not feel right.

Could I get this to work by adding additional route policies at site A and at site B to deal with the returns to site C?

Thanks

Please Log in or Create an account to join the conversation.