Re: Please Help Site-To-Site without ISA

Why would you add a second NIC or install NAT? That makes things worse,
not better. Your Linksys is already doing all of that.

Get rid of both of those then read my post again.

"msnews.microsoft.com" <randychow2000@xxxxxxxxxxx> wrote in message
news:OUJYDxFEHHA.992@xxxxxxxxxxxxxxxxxxxxxxx
Thank you very much for your response. I still am not able to get it to
work. I even made a couple changes to see if it will work. I added a
second NIC to the server. Then I configured NAT and VPN on the server. I
still am using the Linksys router as it is connected to the public side of
the NAT. Right now I don't care if the remote end can communicate to my
end. I created the demand dial interface on my server. Here is the
following diagram;

192.168.0.x dg 192.168.0.7
|
RRAS 192.168.0.7 Private Interface dg 192.168.0.7
Has a static route added by default by the New Demand Dial wizard
10.10.0.0 mask 255.255.255.0 using the Demand Dial Interface
|
10.100.0.2 Public Interface dg 10.100.0.1
|
10.100.0.1 Linksys Firewall
|
Internet
|
10.10.0.1 Firewall Linksys
|
RRAS 10.10.0.2 dg 10.10.0.1
|
10.10.0.x dg 10.10.0.1

The VPN connects successfully and only the server can ping all IP's on
remote end. The only IP the client can ping is the address that is
assigned to the server by the remote VPN server. Any ideas would be
greatly appreciated. Thank you very much.

"Bill Grant" <not.available@online> wrote in message
news:uAUbet1DHHA.4404@xxxxxxxxxxxxxxxxxxxxxxx
For a site to site VPN you need to have RRAS servers at both ends of
the link. Each RRAS server has a demand-dial interface configured and
there is a subnet route for the "other" site associated with each
demand-dial interface. The "calling" router must use the name of the
demand-dial interface on the "answering" router as its username when
connecting. This binds the connection to the dd interface and activates
the subnet route.

When the VPN connects correctly, each RRAS router has a subnet route
to the "other" site through the VPN. If each RRAS router is the default
gateway for its local LAN, the site to site link now works. If the
default gateway is the Linksys, you still have work to do. You need to
get the private traffic to the RRAS router before it tries to cross the
Internet. If you don't it has not been encrypted and encapsulated. It
still has a private IP and is discarded.

The way to fix that is to add a static route to the Linksys to bounce
the private subnet of the "other" site to the RRAS router. The RRAS
router will then encrypt and encapsulate the traffic before sending it
back to the gateway router. It now has a public IP header and can be sent
across the Internet to the other site.

Site A

192.168.16.x dg 192.168.16.1
|
RRAS
192.168.16.n dg 192.168.16.1
|
192.168.16.1
Linksys (static route 192.168.33.0 255.255.255.0 192.168.16.n)
Public IP
|
Internet
|
Public IP
Linksys (static route 192.168.16.0 255.255.255.0 192.168.33.n)
192.168.33.1
|
RRAS
192.168.33.n dg 192.168.33.1
|
192.168.33.x dg 192.168.33.1

Site B


"msnews.microsoft.com" <randychow2000@xxxxxxxxxxx> wrote in message
news:%23Lm1ebrDHHA.4396@xxxxxxxxxxxxxxxxxxxxxxx
Hello, I was wondering if someone could help. I am trying to configure
a demand dial interface using RRAS and not using ISA. I have a standard
linksys on remote and local networks. The servers then sit behind the
router as a standard client like all other computers. I then want to
initiate a demand dial VPN to remote network (persistent) and allow the
client to beable to use the RRAS demand dial connection as a router. I
do not want the clients to be behind the server in a NAT environment as
I think it just complicates things. I created the demand dial interface
VPN and connects perfectly fine. The server locally can ping internally
and externally on both networks. I then add a route add that tells the
clients to use the server NIC when exiting to the remote network. I can
ping the local server's IP assigned by the remote server, but my clients
cannot ping beyond this point. Any help would be greatly appreciated.
Thanks.







.

Relevant Pages

  • Re: Need help with DHCP Client & Name servers
    ... Choose a private IP subnet for your LAN. ... The Linksys router defaults to 192.168.1.1 (IIRC, ... DNS server definitely does. ...
    (comp.os.vms)
  • Re: Please Help Site-To-Site without ISA
    ... or am I stuck with the NIC that is the VPN server? ... I still am using the Linksys router as it is connected to the public side ... I created the demand dial interface on my server. ... RRAS 192.168.0.7 Private Interface dg 192.168.0.7 ...
    (microsoft.public.windows.server.networking)
  • Re: VPN with RRAS behind a cisco 1760 router
    ... You don't need two NICs if you are behind a router. ... All you need to do in RRAS is enable remote access. ... Test it by connecting to the server from another LAN machine using the ... > everything works without the RRAS etc., but when I go to install the ...
    (microsoft.public.win2000.ras_routing)
  • Re: VPN server behind router... How to configure?
    ... It really depends on the router. ... At home, for example, I have a Linksys ... UPD, which is great for a web or mail server, but not so much for a PPTP ... However how will I connect a remote client ...
    (microsoft.public.windows.server.general)
  • Re: VPN server behind router... How to configure?
    ... It really depends on the router. ... At home, for example, I have a Linksys ... UPD, which is great for a web or mail server, but not so much for a PPTP ... However how will I connect a remote client ...
    (microsoft.public.windows.server.networking)