Wireless Access

I´m currently trying to connect with VIA-VPN. I´m able to connect to the controller but not to access the internal network.

I created an internal vlan (operstate up) with an ip inside the vpn-ip-pool. And i activated Inter-VLAN routing in the vpn and the internal network.

What configuration step is missing?

show datapath session: shows me that when trying to ping from the internal network to the vpn the destination is the default gateway and not the tunnel? how can this get fixed?

Kind regards

Did you confiure the via tunneled networks? those are the networks that you will be able to reach from via in theinternal network... for example i got a few networks in there that i got in there configured  which are the ones that i want to access internally

If thats not the issue illl need to see the config... to help you.... it could be a running config, it could be screenshot, or you can step by step tell me what you configured....

thanks for your help.

yes i also configured my tunneled networks

meanwhile i solved it with NAT and it works fine.

Nice

But it should work also with intervlan and with no nat... i got it set that way and it works perfectly

Did you onyour switch core declare the route poiting to the wireless controller?

did you put intervlan routing on the interface that is connecting to the core router?Not the interface that you are declaring for the vpn i mean the one that got the default gateway that points to the core switch

Cheers

Carlos

thank you, NightShade1.

I couldn't find out why my VIA-connection wasn't able to ping the internal network. I then enabled inter-vlan-routing on both the internal-vlan and the vlan with the default gateway for the controller and now it works.

I just don't understand why it's neccessary, because my setup is this:

internal network 10.0.1.0 (255.255.255.0).

controller ip: 10.0.1.6

via pool 10.0.1.10-10.0.1-19

network with default gateway (internet) for the controller 192.168.1.0 (255.255.255.0).

controller ip 192.168.1.250

So the VIA-client, the internal network and the controller are in 10.0.1.0.

Via-client 10.0.1.10, Internal test-machine 10.0.1.98, controller 10.0.1.6.

So why do I need to enable inter-vlan-routing? I was hoping to keep this disabled, because it might be more secure.

If it's more appropriate to start my own thread instead of reply'ing to this one, please let me know.

So im supposing you having something like this, correct me if im wrong please

On the controller

10.0.1.6

Switch should have a route that points to that network 10.0.1.0... so anyone from the outsite can find it.

Now you need enable intervlan routing so that packet that come from the via client goes to the interface 10.0.1.6 then he redirect that traffic to the controller ip address in your case 192.168.1.250 then he redirect that packet to his default gateway and goes to the switchcore.

Thats why you need to enable it... remenber you are not natting...

You can nat or route it.

Hope this helps you

Cheers

Carlos