Re: Router to router VPN remote site login to Office domain?
From: Bill Grant (not.available_at_online)
Date: 08/01/04
- Previous message: Bill Grant: "Re: VPN to win2000 server"
- In reply to: Horem: "Router to router VPN remote site login to Office domain?"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 1 Aug 2004 10:44:36 +1000
The basic problem is that your routers are set up to route between the
two private subnets. It would work fine if all your OFFICE machines were in
the 192.168.0.0 subnet! As it is you can only see the server through its
192.168.0 IP address.
The obvious solution is to get rid of the 192.168.0 addresses
altogether and set your OFFICE router to route 200.2.2.0 through the tunnel
instead of 192.168.0.0 . That is, you pretend that 200.2.2.0 is a private
subnet for your purposes. Give the Dlink at the office site a 200.2.2 IP
address and make it the default gateway of the LAN. This won't affect the
proxy server as a proxy service doesn't need default routing (which is why
your workstations don't have one set at present). They have the IP of the
proxy server configured, so they can contact it directly.
"Horem" <horem21@rogers.com> wrote in message
news:TVHOc.8410$%ir.5603@news04.bloor.is.net.cable.rogers.com...
> We think we are really close to having the new remote location (REMOTE)
> establish a VPN with the Office (OFFICE). We have a tunnel created and
all
> the workstations at the remote site are configured. I can even browse the
> LAN in Network Neighbourhood from there. Can't connect to any LAN PC's
> though. Some won't resolve to names on a ping. The ping always times
out.
>
> Seems the problem is getting a route from the REMOTE to the OFFICE
subnets?
>
> We have 2 DLink 808HV VPN routers in place with a secure VPN established.
> This is verifed by pinging a remote machine by IP.
>
> I added a new Win2K3 server to the OFFICE router with 2 nics. One to the
> Dlink VPN router and one to the LAN. This is what I was hoping would be
the
> 'bridge' to the LAN from the VPN.
>
> The setup looks like this;
> (The LAN is using Public Addresses internally - I don't know why, it was
> like that. No internet access from LAN workstations except through a
proxy
> which is on the Office DLink.)
>
> Office LAN - 200.2.2.x 255.255.255.0 No default gateway Active Directory
> domain
> |
> <Win2K3> - 2 nics - 192.168.0.106 - default gtwy 192.168.0.1 & 200.2.2.25
> w/o default gateway
> |
> <Dlink VPN Router - Office> 192.168.0.1
> |
> VPN
> |
> <Dlink VPN Router - Remote> 192.168.1.1
> |
> <workstations> 192.168.1.x 255.255.255.0 192.168.1.1
>
> The Win2K3 machine is also a WINS server.
> I can communicate to/from any 192.x.x.x addresses but not from a LAN
> workstation that only has 1 nic in the 200.2.2.x subnet.
> The remote XP workstations are statically configured with 200.2.2.216 as
DNS
> and 192.168.1.1 as Default gateway They have 192.168.1.x IP addresses.
>
> The DLink routers allow for manually entering routing info and no routes
are
> entered there.
> The VPN passthrough setting is enabled on both routers.
>
> I am looking to have the remote location act as part of the office domain.
> The remote workstations are members of the domain (done at the office
> beforehand). They will need to authenticate on a DC at the office via the
> VPN. They will access the internet via the proxy at the office.
>
> I have been trying to set up the RRAS on the Win2k3 machine t help get
this
> done, but I cannot seem to get the routing.
> Maybe there is an interface problem.
>
> What do I have to do to get the REMOTE part of the OFFICE domain?
>
> Please let me know if I am lacking in some details.
>
> Thank you very much. Getting desparate!
>
> Steve
>
>
>
> --
>
> (to reply remove the two)
>
>
- Previous message: Bill Grant: "Re: VPN to win2000 server"
- In reply to: Horem: "Router to router VPN remote site login to Office domain?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
