number of hops using tracert over vpn

Question

I work for a small tech company that is signing up a new client that has two locations connected via a site to site VPN. If I run tracert from one pc to another pc at the remote office, there are no intermediate hops. (I tried posting a pic bit my isn't high enough) Here is it typed out. My local ip address is 192.168.1.107

c:>tracert 192.168.2.9

Tracing route to 192.168.2.9 over a maximun numer of 30 hops

1 24 ms 20 ms 23 ms 192.168.2.9

Trace complete.

c:>

How is this possible? They are using Cisco routers (sorry, i don't the model # right now) and I do know it has a command line interface.

Any idea how this is achieved? Is this router specific? Is this possible with Cisco RV180W routers?

Thanks,

Kamal

Answer 1

The VPN is essentially a bridge between the two locations (albeit a secure bridge transiting the public internet). Traffic between the two locations is "tunneled" within the public network between the two locations. As such, the "public" path isn't visible when communicating between hosts on either end of the VPN connection and aren't reflected in your tracert results.

If you ran a tracert to the public/external ip address of either VPN endpoint you would then see the "public" path in your tracert results.

Answer 2

VPN is also Layer 2, whereas tracert is Layer 3 giving your hops and latency between hops (gateways), the VPN (in your case) could be two separate networks, in a site-site configuration, but it could also be a client-server configuration where the clients 'join' the server's network.

Cisco VPN Tunnels also are not always Layer 3 (DMVPN) but Layer 2 (Typically IPSEC) where traffic is blocked from the NAT Policy and allowed via a Crypto-Map.

For instance, DMVPN would give you a hop between the 2 routers as they go via a tunnel interface, similar to how MPLS systems are configured, but with commodity internet providers and encryption.