Subnet Masks / VPNs and Static Routes

fetster · 6 Apr 2013 at 14:51

I'm not that clued up regarding subnet masks and wondered if anybody could please help ...

I have set up 3 VPNs between home and 2 office sites (each have 5 static IPs on BT infinity connections and Draytek 2820 Routers ).

FIRST NETWORK
The first network has local IPs 192.168.8.X and subnet 255.255.255.255. I don't want to change these if I can help it as there are tills and IP phone systems set up.
I have set up a static route with one of the Static IPs to direct to 192.168.8.60, it is setting the subnet mask to 255.255.255.255 and when I change it is changes back to this. When I try the static IP to pick the routing up nothing happens.

SECOND NETWORK
The second network has local IPs 192.168.10.X and the same subnet mask (255.255.255.255).
I do not need to set up a static route on this network.

THIRD NETWORK
The third network has local IPs 192.168.5.X and subnet 255.255.255.0.
I have set up a static route with one of the Static IPs to direct to 192.168.5.66, it is setting the subnet mask to 255.255.255.255 and when I change it is changes back to this. When I try the static IP to pick the routing up nothing happens again.

Between the sites I have LAN - LAN VPNs and can connect to each router through its relevant local IP. They all have the same subnet mask settings set up.

Am I doing something wrong with the subnet settings for each network? Also, how can I get the static routes to work?

Many thanks

Fetster

bremen1874 · 6 Apr 2013 at 15:19

Those 255.255.255.255 masks for the network ranges look odd. They'd give you a single usable IP.

Why the static routes? And why static routes linked to the static WAN IPs?

Once the VPNs are up the traffic should route correctly without having to add static routes. The only time I've needed to use static routes in this way was when the target network was running multiple subnets.

DJMK4 · 6 Apr 2013 at 21:37

As above you shouldn't need to use static routes if you are using standard IPSEC VPN tunnels including your source and destination subnets.

fetster · 6 Apr 2013 at 22:34

Sorry, I didn't mention- static routes are for CCTV so we can view on smartphones when out and about (not through VPN).

Sorry about that.

What should subnetwork be? I'm clueless when it comes to subnets

tribz · 7 Apr 2013 at 07:42

Seems a bit of an odd way to have it set up. I'd have used 255.255.255.0 internally and port forwarding the the CCTV.

DJMK4 · 8 Apr 2013 at 16:20

Yep, if you using a router, just port forward the ports, use a specified port for your camera system, then forward to that, make sure you camera system is using HTTPS and secure authentication front end and lock it down to a Source WAN IP if you can, or a group of Source WAN IP's

Of if you are using a UTM or other firewall, set-up a firewall rule and NAT policy ensuring you are locking down to source WAN IP's if you can, NAT'ing to the internal IP address of the camera system over those ports.

No need to create static routes.

bremen1874 · 8 Apr 2013 at 16:34

With those routers there's also the option of having a VPN connection from the phones.