Re: Router to Router

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Yay Deutschland! (kein_at_keinespam.de)
Date: 01/24/05 

Date: Mon, 24 Jan 2005 02:11:07 GMT

Ok on I tried what you suggested:
RRAS on LAN1 domain1.com

Interface Name: ddlan2
Username: ddlan2@domain2.com

RRAS on LAN2 on domain2.com
Interface Name: ddlan1
Username: ddlan1@domain1.com

And I still get the same problem. Can it be just the fact that the gateway
settings on clients on LAN2 is bound to 192.168.123.254 (US Robotics Router)
and ===!!==>>NOT the RRAS router<<===!!===, which is having its VPN port
forwarded by the US Robotics Router?

Thanks again for your time =)

"Bill Grant" <not.available@online> schrieb im Newsbeitrag
news:OBy3%23eaAFHA.2552@TK2MSFTNGP09.phx.gbl...
> Yes, you do need a static route at each end for routing to work
> properly. To get full "site to site" routing (ie a client at one site can
> ping a client at the other), the RRAS routers must both have a static
> route to the "other" site through the VPN link.
>
> Your problem is probably caused by the fact that you have ISA at one
> end and RRAS at the other. In ISA, this is configured from an ISA wizard,
> and this takes care of the return route. When you set up one end, the
> wizard creates a file to configure the "other" router.
>
> With RRAS, you need to configure it manually. This involves setting up
> a demand dial interface on the answering router, and adding a static route
> back to the calling router's local subnet linked to the demand dial
> interface.
>
> To make this work, the calling router uses the name of the dd interface
> as the username for the connection. When the answering router receives to
> call, it sees that it is to a dd interface, and makes the right
> connection. This activates the return route.
>
> If the dd interface doesn't exist, or if the username doesn't match a
> dd interface name, the server assumes that the caller is just a remote
> client (not a router) and connects to the default internal interface. In
> this case, only a host route back to the calling machine is set up. I
> assume that is the situation you are seeing.
>
> When it is set up properly (ie with routes at both ends), the VPN link
> works like a simple (slow) IP router, and site to site routing works.
>
> "Yay Deutschland!" <kein@keinespam.de> wrote in message
> news:e6TId.151994$Xk.74324@pd7tw3no...
>> Ok I think I solved my own problem, I needed to create a Remote access
>> server on my side and create another demand dial vpn connection from the
>> other side to my side. Right now all the systems in LAN1 can communicate
>> ONLY with the RRAS server on the other side the internet gateway and not
>> the clients ie. all systems on LAN1 can talk to 192.168.123.254 and
>> 192.168.123.253 (see below). Only the RRAS server on LAN1 can access an
>> IP address like 192.168.123.4, if you try to access that from a client on
>> LAN 1 it will time out.
>>
>> The setup on the other side is like so:
>>
>> Internet<<==>>USR Router with Port 1723 forwarded to RRAS<<==>>RRAS
>> Server, Clients
>> USR Router's Internal IP: 192.168.123.254
>> Subnet: 255.255.255.0
>> Gateway: none
>>
>> RRAS Server's IP: 192.168.123.253
>> Subnet: 255.255.255.0
>> Gateway: 192.168.123.254
>>
>> All Client Machines + Print Servers etc...: On the 192.168.123.0/24 and
>> Gateway Bound to: 192.168.123.254
>> Print Server: 192.168.123.4
>>
>> ==================
>> My Question:
>> ==================
>> Tell me if my theorie is correct: The RRAS Server on LAN1 can ping
>> 192.168.123.4 because it has an IP-Address on the D-D interface as
>> 192.168.123.12 so the Client with IP of 192.168.123.4 (which thinks
>> 192.168.123.12 is on its own local network) is sending the return
>> packets to 192.168.123.12.
>>
>> -HOWEVER-
>>
>> A Client on LAN1 with an IP Address of 10.33.33.17 can NOT ping
>> 192.168.123.4, (although the packet does get there), because the system
>> 192.168.123.4 can not find a return route to 10.33.33.17 because it's
>> gateway is bound to 192.168.123.254 and the return packets to 10.33.33.17
>> when it tries to respond is lost through the internet, or gets dropped.
>> ==================
>>
>> Please give me a reply, as I am trying to learn about routers and
>> networking.
>> Thanks
>>
>>
>> "Yay Deutschland!" <kein@keinespam.de> schrieb im Newsbeitrag
>> news:hVFId.144709$8l.13054@pd7tw1no...
>>> Hello
>>>
>>> I have two LANs I want to connect together using RRAS on Windows 2003
>>> Server. Both of the LANs are connected to the internet using cable
>>> modem. LAN1 is running Windows 2003 Server with ISA Server 2000 running
>>> on the same machine. LAN2 is a Windows 2000 machine no ISA running RRAS.
>>> Right now I have created a Demand Dial VPN to LAN2 from LAN1. On the
>>> server console, I can ping all the resources on LAN2, but I cannot ping
>>> anything on LAN2 from a Client workstation on LAN1.
>>>
>>> From reading previous posts, I relized that it is MOST likely to be a
>>> Static Routing problem. Can you please tell me exactly what to type into
>>> the Static Routes, based on the information that I have provided here?
>>> This is my first time setting this up, and I am totally new to this.
>>>
>>> LAN1 (RRAS Server with ISA)
>>> Nic1: <Internet>
>>>
>>> Nic2: 10.33.39.254
>>> Subnet: 255.255.240.0
>>>
>>> PPP adapter RAS Server (Dial In) Interface:
>>> IP: 10.33.32.15
>>> Subnet: 255.255.255.255
>>>
>>> PPP adapter DEMAND_DIAL:
>>>
>>> Connection-specific DNS Suffix . :
>>> IP Address. . . . . . . . . . . . : 192.168.123.7
>>> Subnet Mask . . . . . . . . . . . : 255.255.255.255
>>> Default Gateway . . . . . . . . . :
>>>
>>> As for the static routes that I put in:
>>> Dst: 192.168.123.0 Mask: 255.255.255.0 Metric 1 on Interface DEMAND_DIAL
>>> Dst: 192.168.123.0 Mask: 255.255.255.0 Gateway: 10.33.32.15 Metric 1 on
>>> Interface NIC2
>>>
>>> LAN2 (Win2000 with RRAS):
>>> Nic1: <Internet>
>>> Nic 2: 192.168.123.253
>>> Subnet: 255.255.255.0
>>>
>>> Danke Schön!!! :D
>>>
>>
>>
>
>

Relevant Pages

  • Re: Routing for Verizon FIOS -- Reward for answer
    ... The problem we have is this:  Verizon's gateway is 70.x.x.1. ... address for our router ...  What do we use as an address for the outside interface ... route outbound through the gateway. ...
    (comp.dcom.sys.cisco)
  • Re: IP Route Tables - Point to Point Connection - Only Routing 1 way
    ... through the router Interfaces and so know the link is up and running. ... interface FastEthernet0/0 ... ip route 0.0.0.0 0.0.0.0 Serial0/0/0 ...
    (comp.dcom.sys.cisco)
  • Re: Routing for Verizon FIOS -- Reward for answer
    ... for our Business FIOS network. ... address for our router ... What do we use as an address for the outside interface ... route outbound through the gateway. ...
    (comp.dcom.sys.cisco)
  • Re: Q: multi-homed server with multiple default routers
    ... Instead only the destination address and routing table are used ... to determine the interface and hardware destination. ... A "default" router is one used when no other router matches.. ... Install IP filter and have it route based on packet content. ...
    (comp.unix.solaris)
  • Routing for Verizon FIOS -- Reward for answer
    ... This is your opportunity to be a Cisco hero I suspect that the right person can solve this problem in a snap, but the solution has been eluding us for over a month. ... Unlike our other ISPs, they have NOT assigned us a separate 30-bit subnet with an address for our router. ... I think Verizon just expected us to NAT everything immediately after their interface, the way that residential customers do with their Actiontec router/firewall units. ... What do we use as an address for the outside interface of our router, which will allow it to route traffic to the gateway, OR, how do we otherwise deal with this problem? ...
    (comp.dcom.sys.cisco)