Re: vpn probl
- From: "JMS" <jms_pt@xxxxxxxxxxx>
- Date: Thu, 30 Jun 2005 23:05:56 +0100
Ok i think that i discovered the problem...
i've the gateway on workstations in remote site pointing to adsl router and
not to vpn server, so when workstations needed to reply to the ping requests
they were trying to respond though their gateway that was the adsl router
and not the vpn rras server so to solve this problem I a add in my vpn
server two static routes 0.0.0.0 with gateway pointing to adsl router and a
static route 172.16.x..x pointing to vpn remote router in rras, and now the
gateway in my remote workstations is now my vpn server so My vpn server is
now handeling the static routes so, when remote workstations need to ping
172.16.x.x they go though Vpn remote router, and when they need to go to
internet they go to adsl router. I think this is the right way to proceed??
Is it???. do i need to enable RIP on my vpn server? i need to join more two
remote sites to this two....
Site 1 :
Vpn server(Windows2003 With ISA server)
Nic1: Tcp/Ip: 172.16.0.254
Mask: 255.255.248.0
Dns: 172.16.0.254
Nic 2:
Tcp/Ip: 192.168.200.2
Mask: 255.255.252.0
Gateway: 192.168.200.1
Dns: 172.16.0.254
Vpn Static Routes:
Static routes: 0.0.0.0 Mask 0.0.0.0 Gateway:
192.168.200.1
192.168.2 Mask 255.255.255.0 Gateway:
RemoteRouterSite1 (With userAccount assign)
Router On site 1
Tcp/Ip: 192.168.200.1
Workstations on site 1:
>From 172.16.2.x (Gateway and dns pointing to 172.16.0.254)
------------------------------------------------------------------------
Site 2
Vpn server (Windows2003 no isa server installed)
Only one nic Tcp/Ip: 192.168.2.254
Mask: 255.255.255.0
Gateway: 192.168.2.2
Dns: 192.168.2.254
Vpn Static routes:
Static routes: 0.0.0.0 Mask: 0.0.0.0 Gateway:
192.168.2.2
10.10.0.0 Mask: 10.10.0.0 Gateway:
192.168.2.1 (Cisco router with dedicated line connected to another site it's
working with no problems)
172.16.x.x Mask:255.255.0.0 Gateway:
RemoteRouterSite2(With userAccount assign)
Router1 with Firewall On site 2 (dedicated line)
Tcp/Ip: 192.168.2.1
Router2 (with Firewall On site 2)
Tcp/Ip: 192.168.2.2
Workstations on site 2:
>From 192.168.2.x (Gateway and dns pointing to 192.168.2.254)
------------------------------------------------------------------------
Onother thing
I just don't understand why i only can initiate my remote router vpn
connection only from my 1 site???
i configured a remote router (assigned to a user account) on the 1 and 2
site, so when one is connected the other connects automaticaly and it works
fine the problem is that i need to initiate connections from both sites when
needed.. so if i ping some workstation on 2 site that is on 192.168.2.x the
remote router connects with no problems and the router on 2 site
automaticaly connects too. But if i try to connect from 2 site to the 1
gives me error telling me that the remote router on site 1 can't accept more
connections because it reach the limit??? and i go to see if that router is
already connect and its not??
Thanks again for your time...
"Phillip Windell" <@.> wrote in message
news:eJj3uWbfFHA.3656@xxxxxxxxxxxxxxxxxxxxxxx
> "JMS" <jms_pt@xxxxxxxxxxx> wrote in message
> news:%23Hc1GBbfFHA.3280@xxxxxxxxxxxxxxxxxxxxxxx
>> Hello everyone
>> I've Site to site Vpn configuration and both rras servers can ping
> eachother
>> and they also can ping both sites workstations, the problem is that the
>> workstations on each site can't ping the server on the remote site or the
>> workstations on remote site. I've setup a static route in both sites for
>> each Remote router vpn connection,
>
> I don't think you need any other "route". The routing is working if those
> RRAS boxes can ping workstations on the opposite side. Ping requires two
> way
> functionality (the reply has to know how to get back to the sender), so
> that
> implies a valid path is established.
>
> But at this point I don't know what to tell you. Your setup is still just
> a
> little bit too "fuzzy" for me. What is the topology like at each Site?
> Single subnet or multple? If multiple, is a LAN Router being used or are
> you
> trying to "double" a Firewall or Proxy as some kind of LAN Router? Is the
> RRAS VPN Server also acting as the LAN's "Firewall" by using the NAT
> ability
> of RRAS?
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/ISA2004_AccessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
> http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
> -----------------------------------------------------
>
>
>
.
- Follow-Ups:
- Re: vpn probl
- From: Bill Grant
- Re: vpn probl
- Prev by Date: Re: Can't See the server in my network places
- Next by Date: Re: MAC to IP
- Previous by thread: Re: Can't See the server in my network places
- Next by thread: Re: vpn probl
- Index(es):
Relevant Pages
|
|
