Hi all

I'm having some issues with a GRE Tunnel I have created to link two sites via VPN

For the sake of this post I will call the main site R1 and the secondary site R2

I have a GRE interface created at both ends

GRE Interface R1 - 172.28.22.1/30
GRE Interface R2 - 172.28.22.2/30

LAN

R1 - 172.28.0.0/16 (Servers are using 172.28.8.x and workstations 172.28.6.x)
R2 - 172.28.10.0/24

I have established a connection via the GRE Tunnel just fine. The problem lies with seeing the LAN side of each network.

I have static routes on both sides

R1 -
Dst Add - 172.28.10/0/24
Gateway - 172.28.22.2

R2 -
Dst Add - 172.28.0.0/16
Gateway - 172.28.22.1

I can ping everything on the LAN side of R1 from R2 terminal and also from a workstation on the LAN side of R2. So I can ping a server at 172.28.8.5 for example or a workstation at 172.28.6.3

However from R1 is where I am having the issue. From R1 terminal I can ping anything on the LAN side of R2 just fine. If I go to a workstation or a server on the LAN side of R1 and try to ping lets say 172.28.10.5 I get no reply back. I have checked firewall rules and nothing is being dropped, the firewall is also switched off on the workstation and AV disabled. I spent hours trying to work this out yesterday and cant figure out what the problem is.

I have attached a visual of the network if that helps. Naturally, I have substituted my own WAN addresses with randoms. Apologies that the image is upside down - I have tried rotating it but the forum still seems to be uploading it the wrong way around!

Can anyone help?

Thanks
Ross

Your IP Design is incorrect, when you ping 172.28.10.5 from R1 LAN, it is in the same IP Subnet as your LAN 172.28.0.0/16 and never gets forwarded to gateway

Hi CZFan

Thank you for the reply - so how would I go about altering this?

Can I not use 172.28.10.x on the R2 LAN and have to go with another range? I.e 192.168.1.x?

I need to have the /16 mask on the R1 side due to seperating Workstations / Servers into different subnets. I was hoping to still be able to use 172.28.0.0 on the R2 side....

Will /21 work for you at R1?

/21 would only give me from 172.28.0.1 to 172.28.7.254.

My servers are already assigned static addresses in the 172.28.8.0 range and I dont want to go and have to re assign them. Workstations use 172.28.6.x and needs to be able to talk to the server range

If I used /20 at R1 that would give me a range of 172.28.0.1 - 172.28.15.254

I could then re assign the DHCP scope at R2 to give out workstations 172.28.16.0/24

Would that work?

Yup, that will work. But sit and plan a bit for the future to make sure if you change now, it will not be issue in future again

Thank you!

That solved my issue!