i'm freakig out with our new CCR1009 Setup. I'm trying to Setup the following for about 8 Hrs. now...
Central Office Site:
IP Spaces: 192.168.xx.0/21, 192.168.xxx.0/20, 10.xx.xx.xx - None of the Networks is Overlapping
Network Gateway: 192.168.xx.251
CCR1009 LAN Address (for Example): 192.168.xx.215 (Same as Gateway)
CCR1009 WAN Address (for example): 1.1.1.2
L2TP Tunnel IP: 172.16.xxx.1
Branch Office Site:
IP Spaces: 192.168.y.0/24, 192.168.yyy.0/24 (not Overlapping with Central Office Subnets)
Network Gateway and CCR1009 LAN Address: 192.168.y.251
CCR1009 WAN Address: dynamic
L2TP Tunnel IP: 172.16.xxx.2
IPSec Rules exists from every local Subnet to the other Site. (e.g. From 192.168.y.0/24 to 192.168.xx.0/21) The Proposal Settings are also right (many times checked).
The Internet Access (for the Branch Office Clients) should be only available through the Central Office Site's Internet Access (So through the Tunnel). The Internet Traffic doesn't need to be Encrypted with IPSec.
Now my Problem: Every Host on the LOCAL Network is reachable from the Branch Office Clients, but there is no way to access the Internet. Any Traceroute ends on the Central Office CCR1009.
My Routing Table on the Central Office Site:
Code: Select all
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=192.168.xx.251 gateway-status=192.168.xx.251 reachable via ether1-LAN distance=1 scope=30 target-scope=10
routing-mark=route-vpn
2 A S dst-address=192.168.y.0/24 gateway=172.16.xxx.2 gateway-status=172.16.xxx.2 reachable via CGN_HES1 distance=1 scope=30 target-scope=10
routing-mark=route-vpn
6 A S dst-address=0.0.0.0/0 gateway=1.1.1.1 gateway-status=1.1.1.1 reachable via ether7-WAN distance=1 scope=30 target-scope=10
7 ADC dst-address=1.1.1.1 pref-src=1.1.1.2 gateway=ether7-WAN gateway-status=ether7-WAN reachable distance=0 scope=10
8 ADC dst-address=172.16.xxx.2/32 pref-src=172.16.xxx.1 gateway=CGN_HES1 gateway-status=CGN_HES1 reachable distance=0 scope=10
If you need more Input please tell - the IP Adresses are Xed Out for Security Reasons (sorry).
Greetings
Sven