From: fmarshallx@remove_the_x.acm.org   
      
   "Mike Drechsler - SPAM PROTECTED EMAIL"   
    wrote in message   
   news:paK9i.248353$oS7.31459@fe04.news.easynews.com...   
   > Fred Marshall wrote:   
   >> I'm using RV042s for VPNs and general routing.  Often there are questions   
   >> but seem to be no place for answers.   
   >>   
   >> For example: if one is using an RV042 for VPN, then what affect does the   
   >> routing table have on the VPN packets?   
   >>   
   >> Is there any place where this sort of thing is reasonably described?  Or,   
   >> is the answer to this one question supposed to be obvious?   
   >>   
   >> Fred   
   >   
   > apparently it's supposed to be obvious.   
   >   
   > It does help to have prior experience with setting up IPSEC VPN tunnels   
   > and a good understanding of how it works.   
   >   
   > Routing tables will have limited use when you are trying to move traffic.   
   > A routing table will not affect the contents or intended contents of an   
   > encrypted packet.   
   >   
   > If you want to give an example of what you are attempting to setup then   
   > perhaps you will find some help.   
      
   Mike,   
      
   thanks for the reply.   
      
   I can envision the VPN "block" running in series or in parallel with the   
   routing table "block".  In the first case, on the incoming / post-decryption   
   end.  In the second case, totally independent.  Not much else makes sense to   
   me but I sure can be enlightened.   
      
   What I've been trying to do is like this:   
      
   Launch a packet destined for a "foreign" private subnet.   
   Route such packets at their source to the LAN address of the RV042 VPN   
   router.   
   From there over the internet.   
   When the packet is received at the other end of the tunnel, it will still be   
   destined for a "foreign" private subnet.   
   i.e. the packet is destined neither for the local nor the remote subnet.   
      
   So, I add a route on the receiving RV042 that points such packets to a   
   gateway on the remote LAN.  If this works then such packets should be   
   directed to that gateway.  But, it doesn't seem to work.   
      
   Here are the addresses involved:   
      
   Source: 192.168.113.130  Destination 192.168.1.4   
           255.255.255.224  Route for destination:  192.168.113.157 the RV042   
   VPN   
      
   (I guess at this point there is no route in the RV042 for this address   
   range.  Can the RV042 routing table route packets into its own VPN?  I don't   
   see how).  So, this could be a problem I guess.  The destination *is not* in   
   the VPN remote LAN range.   
      
   (internet)   
      
   RV042 VPN 192.168.113.198  w/Route: 192.168.1.0 /24  > 192.168.113.254   
             255.255.255.192                              255.255.255.192   
                                                          has port   
   on:192.168.1.0/24   
      
   It appears that the packets don't arrive at the destined router on the   
   remote LAN.   
      
   If the RV042 routing table does not deal with unencrypted packets coming out   
   of the VPN then this method wouldn't be expected to work.  It would really   
   help to know what to expect without running a bunch of experiments.   
      
   Or, maybe the VPN-initiating RV042 doesn't accept packets thus destined - as   
   they are on different subnets?  My confusion here is that there's a remotely   
   managed Cisco router on site that does pretty much the same thing.  It takes   
   the packets and routes them to appropriate ports just fine (and for a lot   
   more $$).   
      
   Fred   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)