Can packets be routed sequentially through two different VPNs?

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
I use the ShrewSoft VPN Client to temporarily set up a remote IPSEC VPN fro
m my laptop at home to the office RV120 VPN Firewall.  Another permanent si
te-to-site IPSEC VPN is set up between the RV120 and a customer's site.  I  
can RDP from my laptop at home to my office computer, then from there I can
 RDP to the customer's server.  However, I cannot RDP from home to the cust
omer's server.

I did a "fw monitor" trace on the customers Checkpoint firewall.  This show
ed the progression of packets from the outside interface to the kernel and  
from the kernel to the inside interface when pinging from the office.  No p
ackets were received when I did the ping from my home.  I tried adding a ro
ute statement to the customer's private network in my laptop with the next  
hop set to the LAN address of the RV120 but this did not help.

In general, is it possible to route packets through two VPNs in series?  If
 not, why not?  If so, what additional configuration is needed to make this
 work for me?
Bob

Re: Can packets be routed sequentially through two different VPNs?
Quoted text here. Click to load it

I remember that I had that issue (on a generic Cisco router with IOS)
some years ago, but I cannot remember how I fixed it...   it can have
been a firmware upgrade, or maybe some config command.  But looking in
the config now, I don't see a command that rings a bell.

(this comes with getting older, I guess)

Re: Can packets be routed sequentially through two different VPNs?
On Sunday, October 4, 2015 at 12:32:24 PM UTC-5, Rob wrote:
Quoted text here. Click to load it
 from my laptop at home to the office RV120 VPN Firewall.  Another permanen
t site-to-site IPSEC VPN is set up between the RV120 and a customer's site.
  I can RDP from my laptop at home to my office computer, then from there I
 can RDP to the customer's server.  However, I cannot RDP from home to the  
customer's server.
Quoted text here. Click to load it
showed the progression of packets from the outside interface to the kernel  
and from the kernel to the inside interface when pinging from the office.  
No packets were received when I did the ping from my home.  I tried adding  
a route statement to the customer's private network in my laptop with the n
ext hop set to the LAN address of the RV120 but this did not help.
Quoted text here. Click to load it
  If not, why not?  If so, what additional configuration is needed to make  
this work for me?
Quoted text here. Click to load it

Please let me know if you find what you did.  I suspect I am missing the ri
ght kind of route statement but, of course, I won't know what the real issu
e is until it's working.

Site Timeline