Hi all,
I am using VPN connection to get into another LAN which is 12000 miles away. Quite obvious.

Now, that far LAN uses its IP address schemes like 192.168.54.xx, 192.168.55.xx, 192.168.56.xx, 192.168.57.xx, 192.168.58.xx, 192.168.59.xx .
When I start my Cisco VPN client. I am able to ping 192.168.54.xx, 192.168.55.xx, 192.168.56.xx BUT I am not able to ping 192.168.57.xx, 192.168.58.xx, 192.168.59.xx.

So, what I am doing is first of all I log into some machine sa 192.168.54.3 and then from there 192.168.58.1. And I can do it quite successfully.
Now, logically I should be able to do it DIRECTLY as well. Since sometimes if 192.168.54.3 goes down, I am like screwed up.

But, I am not sure how to do this. What I tried is like adding route manually to Routing Table. But It dint help.

Few commands output... It may help understanding prob better.
[root@Viral ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
204.57.xx.xx 192.168.6.1 255.255.255.255 UGH 0 0 0 eth0
192.168.54.0 192.168.7.58 255.255.255.0 UG 0 0 0 cipsec0
192.168.55.0 192.168.7.58 255.255.255.0 UG 0 0 0 cipsec0
192.168.52.0 192.168.7.58 255.255.255.0 UG 0 0 0 cipsec0
192.168.53.0 192.168.7.58 255.255.255.0 UG 0 0 0 cipsec0
192.168.50.0 192.168.7.58 255.255.255.0 UG 0 0 0 cipsec0
192.168.51.0 192.168.7.58 255.255.255.0 UG 0 0 0 cipsec0
192.168.1.0 192.168.7.58 255.255.255.0 UG 0 0 0 cipsec0
192.168.12.0 192.168.7.58 255.255.255.0 UG 0 0 0 cipsec0
192.168.10.0 192.168.7.58 255.255.255.0 UG 0 0 0 cipsec0
192.168.40.0 192.168.7.58 255.255.255.0 UG 0 0 0 cipsec0
192.168.56.0 192.168.7.58 255.255.255.0 UG 0 0 0 cipsec0
192.168.0.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 cipsec0
0.0.0.0 192.168.6.1 0.0.0.0 UG 0 0 0 eth0
[root@Viral ~]# ifconfig
cipsec0 Link encap:Ethernet HWaddr 00:0B:FC:F8:01:8F
inet addr:192.168.7.58 Mask:255.255.0.0
inet6 addr: fe80::20b:fcff:fef8:18f/64 Scope:Link
UP RUNNING NOARP MTU:1356 Metric:1
RX packets:149693 errors:0 dropped:443 overruns:0 frame:0
TX packets:108159 errors:0 dropped:674 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:156329456 (149.0 MiB) TX bytes:8675439 (8.2 MiB)

eth0 Link encap:Ethernet HWaddr 00:11:11:09:CC:FE
inet addr:192.168.14.27 Bcast:192.168.255.255 Mask:255.255.240.0
inet6 addr: fe80::211:11ff:fe09:ccfe/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2004214 errors:0 dropped:0 overruns:0 frame:0
TX packets:326959 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:573667116 (547.0 MiB) TX bytes:81261820 (77.4 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:5952 errors:0 dropped:0 overruns:0 frame:0
TX packets:5952 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5199001 (4.9 MiB) TX bytes:5199001 (4.9 MiB)

[root@Viral ~]#


Please help. . .

As you can see the vpn concentrator is not pushing routes for 192.168.57.xx, 192.168.58.xx, 192.168.59.xx. The best fix would be to get the concentrator to do that.

Can you not aggregate your 10 routes into 5 ? I see you using .50 to .59

$ cidr 192.168.50.0 192.168.59.0
192.168.50.0/23
192.168.52.0/22
192.168.56.0/23
192.168.58.0/24
192.168.59.0/32

Perhaps this will avoid some internal limit.

I do not have access to VPN concentrator. Only I can do is some changes on my VPN client machine.

Not aware of "cidr" command. Tried to see help on my machine but there is not cidr command at all...

Its a perl script I've been using for a while, called cidr_range. Get it here:

http://www.irbs.net/internet/postfix...dr_range.pl.gz

You give a range of IPs

cidr_range 192.168.2.1 192.168.2.50

and it returns the shortest group of aggregates.