static route through vpn tunnel

[sixthsense]

Hi All

i have two netgear fvs318 routers with following configuration

Main Building

Wan ip - 66.23.x.x
lan- 192.168.1.1

Remote office

wan ip 66.x.x.x
lan 10.0.1.0

VPN tunnel is working fine on and i can ping the internal ip addresses from both sides without a problem.

The problem is that i want to route all traffic from the remote office PC's to go through the vpn tunnel and get all the stuff like http requests etc. from the router located in the main building.

So, i want the users in the remote office to access internet through the main building router.

What re my options to do that ? is it achievable through static route ?

Any help would be appreciated


Kapil Aggarwal
Technical Support Engineer
(For NetGear Products)
VCustomer Services Pvt. Ltd.
MCSE,MCSA,CCNA

 

[John Lewis]

Generally speaking, you would need to set the default route on the remote office fvs318 to the address of the router you wish to use on the main office network.

If you have a static ip for the remote office, you may be able to change the default gateway in the static ip setup to that of your main office router. You would then need to add a static route to your isp's router for the ip of the other fvs318 so the VPN connection can go live -- that would also require a static ip on the main office side. I'm not sure that would work as I have never tried and it certainly is not an intended application. Even if it does give the appearance of working, it might let traffic to other hosts on the same network as your main office fvs318 through -- not sure how picky they are about subnetting.

If you have a dynamic ip, this would not be an option as the router will refresh the default gateway each time your lease is renewed.

I think you really need to be asking if it would be a good idea, even if you can get it to work. There can be bandwidth issues involved, primarily on the main office side in this case.

Obviously, and internet traffic to your remote office will be routed through the connection at the main office twice -- once in from the internet and then a second time out to the remote office. Aside from the 'absolute' overhead this creates, if your connection on the main office side is asymmetrical -- you have more downstream bandwidth than upstream bandwidth -- the effect can be multiplied. When you flood your upstream (as could be the case when the main office is routing internet traffic to the remote office), the downstream will suffer significantly.

If you would like further information, provide some more details. What kind of connection and bandwidth do you have on each end? Static or dynamic ip's? What do you want/need to accomplish with this arrangement? Might be a better way to deal with this situation.

 

[sixthsense]

Both the ends have a regular dsl connection.

Main Building has a static ip addres and remote office has a dynamic ip address.

All i want is that all users in my remote office should access the internet from main building router and should be able to shre the network resources with the main building user which is working fine with the vpn tunnel.

If you need any further information i would be glad to provide it to you.

Thanks

 

[John Lewis]

Based upon the information you provided, I don't see any way to accomplish your goal without changing/adding hardware.

'Regular' DSL is usually ADSL -- asymmetric DSL. If that is the case, if you were able to get the traffic routed this way, you would have problems. The main office upstream connection would get flooded and the internet connection there would slow or stop completely for periods of time. Not a maybe, it will happen.

Again, not sure why you would want to do this. If you would explain the why, maybe there is a better way to make it happen.