Re: VPN Gateway
- From: Tiago <Tiago@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 24 May 2007 03:56:00 -0700
Ok Bill, so i put a second subnet to the vpn clients
at the moment i put Ras giving another subnet ip's to the remote clients,
and looks like this:
ip: 192.168.21.2 (192.168.21.1 to 192.168.21.20)
subnetmask: 255.255.255.255
gateway: 192.168.21.2
dns: 192.168.0.11 (is my lan dhcp)
i can't ping the lan ip's and i think is because the static routes.
what i have to configure in there?
"Bill Grant" wrote:
NO, that won't help. As I outlined earlier, you are using on-subnet.
addresses. No "real" IP addressing is taking place because all the IP
addresses are in the same IP subnet. IP routing only works between subnets.
Your setup can only work by using the VPN server as a proxy for the remote.
If that doesn't work, you will need to use off-subnet addressing.
"Tiago" <Tiago@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E803E52A-A4CB-4780-80F1-53B0809874C2@xxxxxxxxxxxxxxxx
So, my RRASS is using DHCP wich is provided by DC of my lan(i configure as
a
CHCP Relay Agent) and gives the correct address to my remote clients, and
i
configure thit static route:
Interface: 192.168.0.27 (is the public interface)
Destination: 192.168.0.0
Network Mask: 255.255.255.255
Gateway: 192.168.0.1 (is my lan gateway)
Metric: 1
With this configuration i can't ping any of my Lan ip's. But it's seems
that
i have the correct ip:
the ip for my remote client:
ip: 192.168.0.164
subnetmask: 255.255.255.255
gateway: 192.168.0.164
dns: 192.168.0.11 (is my lan dhcp)
wins: 192.168.0.11 (is my lan wins)
what i'm doing wrong?
PS: enable ip routing is checked
"Bill Grant" wrote:
If you set the RRAS server to use DHCP, the RRAS server leases a
batch
of addresses from DHCP to use as its address pool. The clients do not get
their network config directly from DHCP, but from the RRAS server as part
of
the PPP setup. Since these addresses come from your DHCP server they are
in
the same IP subnet as your LAN machines.
To put the remotes in their own subnet you use the static address
pool
instead. Set up a pool of addresses in another IP subnet (say
192.168.21.1
to 192.168.21.20). The inernal interface in RRAS and the client(s) will
now
get IP addresses in this subnet.
To route between the remotes and the LAN you need to enable IP
routing
on the RRAS server. You might also need extra routing on the LAN if the
RRAS
server is not the default gateway of your LAN.
"Tiago" <Tiago@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B23E79F1-E85E-4296-9B21-365475435297@xxxxxxxxxxxxxxxx
Thanks for your answer bill....
so my question is, how can i put the remote users in their own
IP subnet and route this subnet through the VPN server ??
My network ip is 192.168.0.X and my VPN Server have 2 ip's on for
external
and one for internal...
can you help-me? thanks again
"Bill Grant" wrote:
A remote access connection (dialup or VPN) just gives you an IP
connection between the client and the server. If you can ping the
server,
your VPN connection is working.
You have given your remote client an IP address in the same IP
subnet
as
the LAN machines. This is called on-subnet addressing. Networking to
machines on the LAN depends on the VPN server doing proxy ARP on the
LAN.
The VPN server acts as a proxy for the remote machine, sending the
packets
across the point-to-point link. Some switches do not handle this very
well.
If this is your problem you will need to put the remote users in their
own
IP subnet and route this subnet through the VPN server (ie off-subnet
addressing).
"Tiago" <Tiago@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1A19E527-D753-4E55-B0AE-20C66B3225AB@xxxxxxxxxxxxxxxx
But Why i can't ping other computers in my network? even the dns
servers i
can't ping?
what i should do?
Thanks
"Bill Grant" wrote:
No it should not! The gateway you see is correct. The gateway
address
should be the received IP address. This indicates that the gateway
address
of the VPN client is the PPP interface, which is what you want it
to
be.
Traffic which is not local will go across the PPP link. Whatever
your
problem is (and you didn't say what it was), the gateway address is
not
the
cause.
"Tiago" <Tiago@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C172E77D-F132-4CF9-8108-7B08DA6B8B82@xxxxxxxxxxxxxxxx
Goo Day to All,
I create a vpn and all configuration are ok, except the gateway
so my ipconfig /all are:
PPP adapter GMMP:
Connection-specific DNS Suffix . : tiago.loc
Description . . . . . . . . . . . : WAN (PPP/SLIP)
Interface
Physical Address. . . . . . . . . : 00-35-51-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.176
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.0.176
DNS Servers . . . . . . . . . . . : 192.168.0.11
192.168.0.11
Primary WINS Server . . . . . . . : 192.168.0.11
What is wrong is that gateway should be 192.168.0.1 and not my
own
ip
address, how can i change that gateway configuration?
Thanks
- Follow-Ups:
- Re: VPN Gateway
- From: Bill Grant
- Re: VPN Gateway
- References:
- Re: VPN Gateway
- From: Bill Grant
- Re: VPN Gateway
- From: Bill Grant
- Re: VPN Gateway
- From: Tiago
- Re: VPN Gateway
- From: Bill Grant
- Re: VPN Gateway
- From: Tiago
- Re: VPN Gateway
- From: Bill Grant
- Re: VPN Gateway
- Prev by Date: Re: Windows Vista L2TP computer certificate request...
- Next by Date: Help with OSPF in RAS to a Cisco Router
- Previous by thread: Re: VPN Gateway
- Next by thread: Re: VPN Gateway
- Index(es):
Relevant Pages
|
