Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

static route on WM6 (routing clash between VPN + 3G provider)

Status
Not open for further replies.

gurner

Technical User
Feb 13, 2002
522
US
I have visio’d this as it is a bit difficult to type

The Mobile device has a Vodafone 3G address of 10.57.x.x/8 etc on a Class A

You run a VPN connection to the client Firebox at 62.yyy.yyy.yyy, and get connected with an internal Class B address of 10.148.129.x/16

They have a Core switch with 2 LANs on 10.148.x.x/16 and 100.148.x.x/16

Everyone LAN or remote PC based on 10.148.x.x can access 100.148.x.x and visa versa

If you ping or tracert their 100.148.x.x range from a windows mobile client you hop across their 10.148.0.0 LAN seemingly bypassing the Vodafone 10.0.0.0/8 over the core switch on 10.148.0.253 to the 100.148.0.0 LAN and get a reply, but I suspect because Vodafone wouldn’t know 100.148.0.0

If you ping or tracert their 10.148.x.x range you get no reply, despite the fact that you are on it (seemingly)

We think it is a NAT/Routing issue as Vodafone is on 10.0.0.0/8, which encompasses the clients 10.148.0.0 range, as you’d expect but NOT want, when you try the ping to the 100.148.0.0 it hops via the very switch you would ‘expect’ but when you try the ping to 10.148.0.0 it drops to vodafone

why does the vodafone IPs on 10.252.x.x/8 take preference for a 10.148.0.0/16 ping but 100.148.0.0/16 seems to go via the VPN Gateway

I suspect that as the 100.148.0.0 range is unknown to the Vodafone system the mobile device forwards it to its PPTP Default Gateway (the Firebox) whereas the Vodafone system picks up 10.148.0.0 requests on its default gateway and drops them.

Can anyone think of a way around this? We don’t know how or if you can add static routes to a Windows Mobile device.

I saw years ago a Masquerade NAT/ACL on a cisco switch, whereas a 192.168.50.x range was translated from requests to 172.10.x.x, for example, there were two 192.168.50.x LANs on the same Leased Line WAN network, but one masqueraded as 172.10.x.x ‘in front’ of the router, if some knows if a firebox can do this, we could do, say, 20.148.0.0 translated to 10.148.0.0 for the Mobile users only?

but a 1:1 or dynamic NAT doesn't do it for VPN users on the firebox trusted interface, but does translate for LAN based machines

Or does anyone know if we can add a route to the mobile?

say ROUTE ADD 10.148.0.0 mask 255.255.0.0 10.148.0.253

A Laptop using the mobile as a Modem doesn’t have this issue, despite being on the same Vodafone range, a windows laptop, using the same 3G mobile as a modem with 10.57.x.x on Vodafone, can route across to the clients 10.148.0.0 range ok

any hints or suggestions would be really cool (hopefully the link should be ok)

cheers

Gurner
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top