Hey Guys,
I hope everyone's Wednesday is going good. I am hoping someone can help shed some light on an issue I can't seem to figure out. I've been at this for two days and I just can't seem to figure out what is going out. So to give you a break down, I have TWO sites. That are connected via a site to site VPN using Cisco RV345 SMB Routers (yes I know they suck)
-------------------------------------------------------------------------------------------------------
So we have Site A: Site A is where we have our Domain Controller, as well as our Unifi AP Controller, NPS, Printer server, etc, etc. It's our main site/HQ.
Base network = VLAN1 - 192.168.16.0/24
Device Network = VLAN11 - 192.168.11.0/24
Guest WiFi Network = VLAN14 - 192.168.14.0/24
Main WIFi Network (NPS/802.1x) = VLAN15 - 192.168.15.0/24
--------------------------------------------------------------------------------------------------
On Site B (Which is about 1 block away): So site B is a warehouse that also has a few offices.
Base Network = VLAN1 - 192.168.17.0/24
Device Network = VLAN11 - 192.168.11.0/24
Guest WiFi Network = VLAN14 - 192.168.14.0/24
Main WiFi Network = VLAN15 - 192.168.15.0/24
So to give you a quick breakdown Site B has A handful of Unifi APs that are being controlled by the controller at Site A. Those APs have IPs from site B. Each Wireless network is on it's on VLAN back on site A so we wanted to mimic the same setup here at site B. The issue I ran into was that site B is not able to get an IP address from the DHCP server on site A so we created local DHCP servers on the router for each VLAN. We also broke each site down with its own range so as to not have duplicates. So site A has 10-100 and site B has 101-200 hope that makes sense.
Anyway the main issue I am having right now is that VLAN on site B is the only VLAN that is able to communicate back to Site A. If I just on any of the other VLANs I cannot ping, the server or do a complete traceroute. But if I am on VLAN1 everything works correctly. I can ping the server and I see the traceroute complete. So it seems like the other VLANs can't make sure of the VPN tunnel. I do see a static route for 192.168.16.0 on the router. But the VPN is setup using GRE interfaces, I've always uses site to sites where you list the networks that are available. I also checked the access rules and created rules that mimic any VLAN1 rule that I found. As well as the GRE rules for the VPN.
Anyway I hope I explained this right and didn't confuse you to much. So bottom line is if I am on any of the other VLANs on site B I can't communicate with the server back at the office on Site A. But if I am on VLAN1 it works correctly. So Anyhelp you can provide or if yall can point me in the right direction it would be greatly appreciated.
No comments:
Post a Comment