Re: VPN routing from NAT to NAT

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Bob (spam_at_spam.com)
Date: 05/03/04

• Next message: Sooner Al: "Re: Can't Connect"
• Previous message: Peter Harrington: "Help: Power Meter: Explorer Application Error endless loop!"
• In reply to: Jeffrey Randow (MVP): "Re: VPN routing from NAT to NAT"
• Next in thread: Jeffrey Randow (MVP): "Re: VPN routing from NAT to NAT"
• Reply: Jeffrey Randow (MVP): "Re: VPN routing from NAT to NAT"
• Messages sorted by: [ date ] [ thread ]

---

Date: Mon, 03 May 2004 06:20:13 GMT

On Sun, 02 May 2004 21:23:02 -0500, "Jeffrey Randow (MVP)"
<jeffreyr-support@remotenetworktechnology.com> wrote:

>Post your routing table...

+++++
Interface List
0x1... MS TCP Loopback interface
0x2...00 50 04 d9 4f 6a...3Com EtherLink PCI
0x4000004...00 53 45 00 00 00...WAN (PPP/SLIP) Interface
Active Routes:
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.10 1
x.x.x.x 255.255.255.255 192.168.1.1 192.168.1.10 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.10 192.168.1.10 1
192.168.1.0 255.255.255.0 192.168.1.125 192.168.1.125 1
192.168.1.10 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.125 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 192.168.1.10 192.168.1.10 1
192.168.1.255 255.255.255.255 192.168.1.125 192.168.1.125 1
224.0.0.0 224.0.0.0 192.168.1.10 192.168.1.10 1
224.0.0.0 224.0.0.0 192.168.1.125 192.168.1.125 1
255.255.255.255 255.255.255.255 192.168.1.10 192.168.1.10 1
Default Gateway: 192.168.1.1
Persistent Routes: None
+++++

I had to remove the spaces so it would not wrap.

>If you are accessing machines using the
>VPN gateway, which is what you are saying is happening, you will not
>be able to access local machines (on the same subnet) without at least
>a timeout...

There is no timeout. I can access the VPN machine and the LAN machine
right away. I go to Start Run, which already has the two addresses
from previous use. I click on one and a window opens immediately. I
click on the other and a window opens immediately. No timeout, at
least none apparent to me. Admittedly, there is a small hesitation
when I access the VPN machine, but I attribute that to the fact that
it is a remote machine and not on my 100BaseTX LAN.

>The point is that this is a convoluted solution and the best option is
>to not operate on the same subnet if at all possible.

I am really trying to discover why you are saying that, but I am
unable because every time you make a claim, it isn't that way - at
least not as I see it. You claim I can't access the LAM machine, yet I
am able to, You claim there will be a timeout, yet there isn't any.

>Trying your scenario on a Virtual PC setup does not work in my case
>when I have the Use the default gateway option set - I have
>connectivity to the VPN environment, but not to my local LAN... With
>the default gateway disabled, I have access to the LAN, but no VPN
>access.

I have no earthly idea what you just said.

You did not answer my earlier question:

What if I set up the VPN server and the VPN client so that the allowed
range of addresses is 192.168.2.100 - 192.168.2.200 and the particular
client address is 192.168.2.125, but I do not change anything else. I
do not change the router, I do not change the LAN parameters - I just
change the VPN parameters.

What would happen then?

Presumably I would get a conflict because when I connect the
\\vpnclient machine to the \\vpnserver's LAN thru the VPN tunnel, it
becomes a member of the \\vpnserver's LAN. Therefore it would seem
that it needs the same subnet. Nevertheless I will experiment with
that when I get time.

-- 
Map Of The Vast Right Wing Conspiracy:
http://www.freewebs.com/vrwc/
"You can all go to hell, and I will go to Texas."
--David Crockett

---

• Next message: Sooner Al: "Re: Can't Connect"
• Previous message: Peter Harrington: "Help: Power Meter: Explorer Application Error endless loop!"
• In reply to: Jeffrey Randow (MVP): "Re: VPN routing from NAT to NAT"
• Next in thread: Jeffrey Randow (MVP): "Re: VPN routing from NAT to NAT"
• Reply: Jeffrey Randow (MVP): "Re: VPN routing from NAT to NAT"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: VPN and LAN gateway casuing problem to get to internet ... assign the gateway on the WAN NIC2 card and remove the LAN Gateway. ... Wan, the local PCs can access the internet, but the VPN connection will not ... Name resulotion on VPN Connection issues on DC, ISA, DNS and WINS server as VPN server How to assign DNS and WINS on VPN client manually Name resolution Issue in a VPN client ... ... (microsoft.public.windows.server.networking) Re: Supply route to VPN clients ... > use your LAN's Router as their Default Gateway. ... Then Your LAN Router's Default Gateway is typically the ... > If you don't have a LAN Router then the VPN Box would be the Client's ... (microsoft.public.win2000.ras_routing) Re: Supply route to VPN clients ... > use your LAN's Router as their Default Gateway. ... Then Your LAN Router's Default Gateway is typically the ... > If you don't have a LAN Router then the VPN Box would be the Client's ... (microsoft.public.windows.server.networking) Re: VPN routing from NAT to NAT ... You have two routes to the 192.168.1.0 network using different ... think you are connecting to the 192.168.1.125 gateway is that it is ... VPN connections are finicky depending on your exact network ... >it is a remote machine and not on my 100BaseTX LAN. ... (microsoft.public.windowsxp.work_remotely) Re: VPN routing from NAT to NAT ... if you are willing to lose all LAN connectivity while on ... the VPN, you can perhaps coexist on the same subnet.. ... If you are both using the same private network for your LANs, ... >VPN adapter, because that address is now bound to the VPN adapter and ... (microsoft.public.windowsxp.work_remotely)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > WinXP  > microsoft.public.windowsxp.work_remotely  > 2004-05