Re: RRAS, NAT & External VPN Problem
From: Bill Grant (not.available_at_online)
Date: 09/04/04
- Next message: Harold: "Cannot start IAS and RRAS"
- Previous message: Bill Grant: "Re: Network Problem when using RAS"
- In reply to: Bill: "RRAS, NAT & External VPN Problem"
- Next in thread: Bill: "Re: RRAS, NAT & External VPN Problem"
- Reply: Bill: "Re: RRAS, NAT & External VPN Problem"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 4 Sep 2004 12:29:49 +1000
You were on the right track, but you can't route directly from the
firewall in LAN2 to the RRAS router in LAN1. Is the VPN actually configured
between the two firewalls? (ie are the firewalls the endpoint of the VPN
link?) If so, you can do it in two hops.
So your original plan will work. But the target should be the VPN router
(ie the firewall in LAN 1), not the RRAS router. On the firewall in LAN2,
there should be a route to 10.0.0.0 255.255.255.0 using the tunnel
endpoint in LAN2 as the interface. The traffic will go through the tunnel to
the firewall in LAN1. This firewall should then have a static route to
forward the traffic to the RRAS router. eg
10.0.0.0 255.255.255.0 192.168.10.12
"Bill" <ijwalla@hotmail.com> wrote in message
news:cbca622d.0409031039.79d32bd0@posting.google.com...
> Hello, our company is the process of connecting two sites via a VPN,
> however we have come to a stump as to how to address the following
> problem, any assistance would be greatly appreciated.
>
> Here's the network (sorry about the diagram, it's the best I could
> do):
>
> LAN 2
>
> (sUBNET 10.0.3.0)
>
> w/s1 w/s2 w/s3
> ! ! !
> ----------------------------------------
> !
> !
> !
> !(10.0.3.10 LAN)
> zYWALL2 VPN
> !(192.168.2.2 WAN)
> !
> !
> !(192.168.2.1 LAN)
> ADSL
> !(212.34.23.123 WAN)
> !
> !
> !
> !
> $VPN VPN VPN VPN$
> !
> !
> !
> !(212.34.23.124 WAN)
> ADSL
> !(192.168.3.1 LAN)
> !
> !
> !(192.168.3.2 WAN)
> zYWALL1 VPN
> !(192.168.10.9 LAN)
> !
> !
> !
> !
> !(192.168.10.12 NIC2)
> W2K RRAS--------------------------- CABLE MODEM (192.168.10.10)
> !(10.0.0.5 NIC1)
> !
> !
> !
> ----------------------------------------
> ! ! !
> w/s1 w/s2 w/s3
> (sUBNET 10.0.0.0)
>
> LAN 1
>
>
>
> LAN 1 clients have their default gateway set to 10.0.0.5, the ip of
> our RRAS NAT box. Within RRAS a static route has been setup to forward
> all request for 10.0.3.0 to gateway 192.168.10.9 (out Zywall router),
> which inturn sends it via the VPN link. All other requests to the RRAS
> NAT server are routed to our cable modem for internet access.
>
> This works perfectly, however from LAN 2 no inbound request can get
> through.
> A static route has been setup on Zywall 1 to route anything for
> 10.0.0.0 to our RRAS NAT server on 192.168.10.12 NIC2, however this
> still does not work, and to be honest I am guessing it is not able to
> do that either.
>
> So I then added another Network Card ((NIC3)ip 192.168.10.13) to our
> RRAS NAT server and configured our Zywall to route anything to
> 10.0.0.0 to that interfaces' IP. I added another static route to the
> RRAS NAT server so that all incoming packets on NIC3 would be routed
> through NIC1 to our LAN clients.
>
> I am not sure if this is the appropriate way to do this.
> I should also point out that LAN 1 clients must use the cable line for
> their internet and not the ADSL line as LAN 2 clients do.
>
> I am sure this would not be a problem if we didn't have two gateways.
> Tho I'm not sure, can this be a NAT related issue?
>
> Your help is much appreciated.
>
> Bill
- Next message: Harold: "Cannot start IAS and RRAS"
- Previous message: Bill Grant: "Re: Network Problem when using RAS"
- In reply to: Bill: "RRAS, NAT & External VPN Problem"
- Next in thread: Bill: "Re: RRAS, NAT & External VPN Problem"
- Reply: Bill: "Re: RRAS, NAT & External VPN Problem"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
