Connecting 2 subnets

[zeta_immersion]

I am trying to connect 2 subnets but have some issues

 

subnet 1 router

 

Wan IP 192.168.1.10

LAN IP 10.10.2.10

Sub. mask 255.255.255.0

 

routing table

destination 192.168.1.2

sub mask 255.255.255.0

gateway 10.10.2.10

 

with this I can access the internet and ping my 192.168.1.XXX computer - no issues what so ever

 

my problem is subnet 2

 

subnet 2 router

Wan IP 24.192.222.3             (provided by ISP)

LAN IP 192.168.1.2                

Sub. mask 255.255.255.0

 

routing table

destination 10.10.2.10          (the router for the 10.x.x.x.x subnet)

sub mask 255.255.255.0

gateway 192.168.1.10         (192 address for WAN of the subnet 1 router)

 

in Subnet 2 i can ping all 192 addresses except for 192.168.1.10. That being said I cannot ping any of the 10.x.x.x IPs. 

 

What am I doing wrong?

[+BudMan MVC]

so your 2nd router is behind router 1?

 

You have 1 router with a public ip on its wan and then 2nd router has private on its wan.  Can you draw how these are connected?

[+John Teacake MVC]

Wan IP 192.168.1.10

 

That cant happen can it? .... It must be NAT'd 

 

routing table

destination 192.168.1.2

sub mask 255.255.255.0

gateway 10.10.2.10 <----I am surprised it didnt tell you the gateway is not in the same subnet. 

 

I'm confused.....I need more sleep ha

[sc302 Veteran]

First off the WAN ip of the router 1 is not a WAN ip.  it is an internal network.  anything in the 10.x range is internal so that could be part of your problem.  Is this a site to site vpn?  Also routing tables don't work like that.  it would be something like 192.168.1.0 255.255.255.0 to the router that knows that network. 
 

There is a whole lot of information missing.  We can't deduce what to do for you without knowing more.  I would have replied last night but thought that I wasn't reading it right, but after I started to write it out there is quite a bit of information missing.  It could very well be a vpn thing vs a route thing, need more info.  Also you should never have 2 networks the same on opposite sides of the vpn.  One should be 192.168.1.x the other should be 192.168.2.x.  You could be running into an issue with that. 

 

Router 1 should look like this

 

192.168.1.x - internal

10.1.1.12 - external

 

Router 2 would look like

10.1.1.13 - external

192.168.2.x - internal

 

routing table for router 1 would look like:

192.168.2.0 255.255.255.0 10.1.1.13

 

routing table for router 2 would look like:

192.168.1.0 255.255.255.0 10.1.1.12

 

The routers would have to be on the same network to be able to pass traffic to each other.  If they aren't on the same network then they must communicate via vpn and there must be a rule or ACL that tells the internal network to traverse the vpn to get to the other side.   If you are using the same internal network 192.168.1.x on both legs you will run into issues as you will not be able to leave the site.  If you are pinging anything you are pinging something on the internal network, not the remote side if you have the internal networks on the same subnet.  You can split up the 192.168.1.x subnet by doing a /25 or a mask of 255.255.255.128, this would allow you to have two 192.168.1 networks, one will have a range of 192.168.1.1-192.168.1.126 the other will have a range of 192.168.1.129-254.

[zeta_immersion]

http://s10.postimg.org/d3oqeezu1/table.jpg attached a pic with the setup. hope is clear enough.

 

The idea is to have 2 segregated networks. Unfortunately for the 10.10.x.x subnet i can ping out, but not from the 192. Would it have to do with nat?

[sc302 Veteran]

absolutely, you have created a double nat.  the wan interface is known as an unsecure interface on the router.  So it will only allow traffic out, it will not allow traffic in.  This is the wrong equipment to do what you want to do.   So in simple terms, of course the 10.x network can ping out, you are going from a trusted network to an untrusted, but when you try to go from an untrusted/unsecure network (192.168.x.x) to the trusted/secure network it will get denied.  Get the right equipment in there and you won't have this issue.

[+BudMan MVC]

yeah that is a mess.. What is your devices?

 

What is the hardware they are on - can they run 3rd party firmware.. Do you have any sort of budget to put in some hardware that runs vlans?  Why can you not just run 1 network?

 

Why can router 2 not be replaced with a $20 dumb switch to provide you the ports you need and if its wireless use it as an AP..  And just run everything on your 192.168.1.0/24