Veeam PN 2.1 [Archived]
User Guide
Search
This document is not maintained any longer.

Adding Static Routes on Default Gateways

In this article

    In the VPN, Veeam PN routes traffic through a site-to-site VPN tunnel. To make sure that the traffic goes to a proper destination, you need to let both sides of the VPN tunnel know how to route traffic between each other.

    When you register an on-premises network in the network hub portal and deploy a site gateway in this on-premises network, you 'tell' Veeam PN that this site gateway will be responsible for this on-premises network. As soon as the network hub receives traffic designated for this network, it forwards this traffic through the VPN tunnel established between the network hub and the site gateway.

    However, machines in on-premises networks also need to know where they must send traffic so that it is routed over the VPN tunnel. Since machines in one remote network use default gateways to communicate with machines in other networks, you need to add static routes on default gateways. These static routes will destine the traffic to the Veeam PN appliance — the network hub or site gateway, that, in their turn, will route traffic through the VPN tunnel established between two remote sites.

    For example, you want to add two sites to the VPN. The network hub is deployed in Site A and a site gateway is deployed in Site B.

    • Site A: 10.1.0.0/24

    Network mask: 255.255.255.0/24

    Network hub IP address: 10.1.0.2

    Default gateway IP address: 10.1.0.1

    Client machine IP address: 10.1.0.12

    • Site B: 192.168.0.1/24

    Network mask: 255.255.255.0/24

    Site gateway IP address: 192.168.0.2

    Default gateway IP address: 192.168.0.1

    Client machine IP address: 192.168.0.14

    In such configuration, if a client machine in Site A needs to communicate with a client machine in Site B, the traffic will first be sent to the default gateway 10.1.0.1 in Site A. The default gateway must then route the traffic to the network hub that, in its turn, will route the traffic through the VPN tunnel between remote networks. For this reason, you must add the following route on the default gateway 10.1.0.1: if the traffic is designated for 192.168.0.0, the next hop must be the network hub 10.1.0.2.

    route add 192.168.0.0 mask 255.255.255.0 10.1.0.2

    In a similar manner, you must add a route on the default gateway 192.168.0.1 in Site B. If the traffic is designated for 10.1.0.0, the next hop must be the site gateway 192.168.0.2:

    route add 10.1.0.0 mask 255.255.255.0 192.168.0.2

    Note

    If the network hub is deployed in Microsoft Azure, Veeam PN automatically adds all necessary routes for machines in remote networks to the user-defined routing table.

    View all results across Veeam
    Back to document search