Re: Connect 2 client vpns through 1 vpn server

---

• From: "Bill Grant" <not.available@online>
• Date: Fri, 2 Feb 2007 10:24:37 +1100

---

Glad to hear you sorted it out. Bundled routes are very useful once you
realise how they operate.

Routing is basically a two-way process. Both the originating machine and
the target need to know how they can reach the other, or routing fails.
Because of this, you can't really use routing to make it a one-way process.

"Puni" <Puni@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B844B5E7-1E1B-413F-94DB-AA9849770A62@xxxxxxxxxxxxxxxx

Great!
Changed mask for VPN connections to 255.255.0.0 and now all the branches
connect between themselves perfectly.

Just 2 things, Bill:

1-Would it be any way to make MY branch connect all the others, but avoid
all the others be connected between themselves in an easy way?
2-Do you have Payal or something? I owe you one ;0)



"Bill Grant" wrote:

Glad you found that article. It is talking about the same thing that
I
mentioned.

The 192.168.0.0/16 is a bundled route. Because it only has a 16-bit
netmask, it covers every IP address which begins with 192.168 . That
means
that every 192.168 address will be sent through the VPN tunnel. That is
what you want to happen at the branch routers. Everything goes to the
central site. If the traffic belongs to another branch, the central site
will send it back through the correct VPN link. The central site has a
24-bit address route to each branch site.

"Puni" <Puni@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:561095D8-B6B2-4048-A4A3-666482D7C2FC@xxxxxxxxxxxxxxxx

Cool, I´ve just found my exact case in a Draytek document:

http://www.draytek.com/support/support_note/router/application/vigor3300_series/chapter13.pdf

The only difference between that and my setup (and the only thing I
cannot
understand) is the last phrase in the first paragraph of the
introduction:

"The subnet of the VPN's configuration of Vigor 3300V
must fall into 192.168.0.0/16." ????

What does "subnet of the VPN´s configuration" mean? Where does
192.168.0.0/16 fit in this case???

My cetral network is 192.168.0.0/24, by the way.
Hope to find a solution, and thanks a lot for the help Bill, it´s very
appreciated.

"Bill Grant" wrote:

You need to know how your routers work before you can alter their
behavior.

On a branch router there will be a route which sends traffic for
the
central site through the VPN tunnel. You need to find this route and
see
what interface this traffic is directed to.

When you know how traffic is routed to the central site you can
add a
similar route to send traffic for another site through the same tunnel
by
using the same interface address. (You can think of this address as
the
VPN
endpoint.) Or you can alter the route so that includes traffic for the
other
branches as well as the central site.

This is a standard method for routing between sites. It is known
as
"hub
and spoke". Think of your branch connections as spokes linking the
branches
to the central site (or hub). It is like the hub and spokes of a wheel
with
no rim. The branches have no connection to each other except through
the
hub.

Each branch will send traffic for the central site and any other
branch
to the hub. The hub will send traffic directed to another branch back
up
the
correct spoke.

"Puni" <Puni@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C50FF8D3-3329-4A06-985F-1BAAACB14530@xxxxxxxxxxxxxxxx

If you can add a static route to each router to also send
traffic
for
the "other" site through the VPN, it should work. I presume that
they
all
use 24-bit netmasks.

How can I do that?

This is what I tried:

-Central Router VPN receiver=192.168.0.3->this is where all the vpns
connect.

-Branch#1 (where I am) router= 192.168.7.1

-Branch#2 (other branch) router= 192.168.4.1

In 192.168.7.1 I added a static route:
Destination address: 192.168.4.0/24 gateway IP address: 192.168.0.3

If I traceroute to 192.168.4.1 I can only reach 192.168.7.1 at first
step.
Nothing else.
I can ping 192.168.0.3 without problems from here.

What I need is connect from my branch to the other ones. It doesn´t
matter
if the other ones are connected between themselves.
Thanks again!

.

---

• References:
  • Re: Connect 2 client vpns through 1 vpn server
    • From: Bill Grant
  • Re: Connect 2 client vpns through 1 vpn server
    • From: Puni

• Prev by Date: Re: LAN with WLAN . . .
• Next by Date: Re: Windows 2003 Improper Handling of 10.0.0.0 Subnets?
• Previous by thread: Re: Connect 2 client vpns through 1 vpn server
• Next by thread: Re: Windows Server 2003 R2 - Manual IP Address
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Connect 2 client vpns through 1 vpn server ... On a branch router there will be a route which sends traffic for the ... central site through the VPN tunnel. ... to the central site (or hub). ... (microsoft.public.windows.server.networking) Re: Connect 2 client vpns through 1 vpn server ... The 192.168.0.0/16 is a bundled route. ... that every 192.168 address will be sent through the VPN tunnel. ... If the traffic belongs to another branch, the central site ... to the central site (or hub). ... (microsoft.public.windows.server.networking) Re: Connect 2 client vpns through 1 vpn server ... On a branch router there will be a route which sends traffic for the ... central site through the VPN tunnel. ... to the central site (or hub). ... correct spoke. ... (microsoft.public.windows.server.networking) Re: Connect 2 client vpns through 1 vpn server ... Changed mask for VPN connections to 255.255.0.0 and now all the branches ... The 192.168.0.0/16 is a bundled route. ... If the traffic belongs to another branch, the central site ... (microsoft.public.windows.server.networking) Re: Valid Routing Query ... The route you describe for a journey from Woking to Slough route ... Exeter, Bristol or Swindon would be much higher than the cost of your ... however based on the online routing ... other maps to allow a complete tracing. ... (uk.railway)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)