Can packets be routed sequentially through two different VPNs?

I use the ShrewSoft VPN Client to temporarily set up a remote IPSEC VPN fro m my laptop at home to the office RV120 VPN Firewall. Another permanent si te-to-site IPSEC VPN is set up between the RV120 and a customer's site. I can RDP from my laptop at home to my office computer, then from there I can RDP to the customer's server. However, I cannot RDP from home to the cust omer's server.

I did a "fw monitor" trace on the customers Checkpoint firewall. This show ed the progression of packets from the outside interface to the kernel and from the kernel to the inside interface when pinging from the office. No p ackets were received when I did the ping from my home. I tried adding a ro ute statement to the customer's private network in my laptop with the next hop set to the LAN address of the RV120 but this did not help.

In general, is it possible to route packets through two VPNs in series? If not, why not? If so, what additional configuration is needed to make this work for me? Bob

Reply to
bobneworleans
Loading thread data ...

I remember that I had that issue (on a generic Cisco router with IOS) some years ago, but I cannot remember how I fixed it... it can have been a firmware upgrade, or maybe some config command. But looking in the config now, I don't see a command that rings a bell.

(this comes with getting older, I guess)

Reply to
Rob

from my laptop at home to the office RV120 VPN Firewall. Another permanen t site-to-site IPSEC VPN is set up between the RV120 and a customer's site. I can RDP from my laptop at home to my office computer, then from there I can RDP to the customer's server. However, I cannot RDP from home to the customer's server.

showed the progression of packets from the outside interface to the kernel and from the kernel to the inside interface when pinging from the office. No packets were received when I did the ping from my home. I tried adding a route statement to the customer's private network in my laptop with the n ext hop set to the LAN address of the RV120 but this did not help.

If not, why not? If so, what additional configuration is needed to make this work for me?

Please let me know if you find what you did. I suspect I am missing the ri ght kind of route statement but, of course, I won't know what the real issu e is until it's working.

Reply to
Bob Simon

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.