DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Issue with VPNs across different subnets on remote Router - possible bug

neil201
Topic Author
Offline
Junior Member

01 Jun 2026 10:42 #106409 by neil201

Issue with VPNs across different subnets on remote Router - possible bug was created by neil201

I've a 2962 with a whole host of remote L2L IKEV2 VPN connections, these for reference land on to a subnet 10.100.135.0/28. All the remote Routers are a mix of 2862's and 2927's. I've a 2927 which sits remotely of this and has an in-bound IKEV2 VPN to the 2962 - the subnet I have for remote management and monitoring of the VPNs landing on the 10.100.235.0/28 network (of the 2962) is 10.101.135.0/29 on the 2927. The base subnet of the 2962 and and 2927 is 10.100.230.0/27 and 10.101.130.0/26 respectively, this is the subnet of which the 2962 and 2927 L2L VPN sits on. The 10.101.135.0/28 subnet has been added to all VPN profiles as an additional subnet going in to the 2962.

What I've done, or trying to achieve, is to replicate the management network on the remote 2927 to that of the 2962 so when at the location where the 2927 resides all VPNs in-bound to the 2962 are visible. I set up a load balance/static route policy on the 2927 to state any IP (10.101.235.1-5) on the 10.101.235.0/29 subnet to route traffic via respective 2927<>2962 L2L VPN and specifically the 10.100.230.29 GW on the 2962. RIP is also activated on this same VPN and it's pulling down the Routing table correctly and can see all the remote subnets on the L2L connected Routers on the 2927. Effectively the Routing table is replicated on the 2927 of the 2962 and it's proxying traffic via 10.187.230.0/28 GW.

This all initially works perfectly for a period of about 1-2 minutes but then ICMP pings fail. They also fail to the 10.100.235.0/28 GW too. If I make any change to the 2927 > 2962 VPN profile at the 2927 end and commit ‘save’ the pings restore again for a 1-2 minute period. I've tried adding an additional subnet with one of the L2L VPN subnets (landing on the 2962) on the 2962 <> 2927 L2L profile at the 2927 end and again, it works for a few minutes and then stops. In the Routing table, as it should, the status changes from ‘R’ to ‘S’.

Has anybody got experience with this sort of setup or anything glaring I've omitted? I've added firewall exceptions on the 2927 and 2962 end to allow packets from the respective subnets across each network it's made no difference.

Please Log in or Create an account to join the conversation.

Moderators: Admin3, Christopher