Router to router VPN remote site login to Office domain?


H

Horem

We think we are really close to having the new remote location (REMOTE)
establish a VPN with the Office (OFFICE). We have a tunnel created and all
the workstations at the remote site are configured. I can even browse the
LAN in Network Neighbourhood from there. Can't connect to any LAN PC's
though. Some won't resolve to names on a ping. The ping always times out.

Seems the problem is getting a route from the REMOTE to the OFFICE subnets?

We have 2 DLink 808HV VPN routers in place with a secure VPN established.
This is verifed by pinging a remote machine by IP.

I added a new Win2K3 server to the OFFICE router with 2 nics. One to the
Dlink VPN router and one to the LAN. This is what I was hoping would be the
'bridge' to the LAN from the VPN.

The setup looks like this;
(The LAN is using Public Addresses internally - I don't know why, it was
like that. No internet access from LAN workstations except through a proxy
which is on the Office DLink.)

Office LAN - 200.2.2.x 255.255.255.0 No default gateway Active Directory
domain
|
<Win2K3> - 2 nics - 192.168.0.106 - default gtwy 192.168.0.1 & 200.2.2.25
w/o default gateway
|
<Dlink VPN Router - Office> 192.168.0.1
|
VPN
|
<Dlink VPN Router - Remote> 192.168.1.1
|
<workstations> 192.168.1.x 255.255.255.0 192.168.1.1

The Win2K3 machine is also a WINS server.
I can communicate to/from any 192.x.x.x addresses but not from a LAN
workstation that only has 1 nic in the 200.2.2.x subnet.
The remote XP workstations are statically configured with 200.2.2.216 as DNS
and 192.168.1.1 as Default gateway They have 192.168.1.x IP addresses.

The DLink routers allow for manually entering routing info and no routes are
entered there.
The VPN passthrough setting is enabled on both routers.

I am looking to have the remote location act as part of the office domain.
The remote workstations are members of the domain (done at the office
beforehand). They will need to authenticate on a DC at the office via the
VPN. They will access the internet via the proxy at the office.

I have been trying to set up the RRAS on the Win2k3 machine t help get this
done, but I cannot seem to get the routing.
Maybe there is an interface problem.

What do I have to do to get the REMOTE part of the OFFICE domain?

Please let me know if I am lacking in some details.

Thank you very much. Getting desparate!

Steve
 
Ad

Advertisements

B

Bill Grant

The basic problem is that your routers are set up to route between the
two private subnets. It would work fine if all your OFFICE machines were in
the 192.168.0.0 subnet! As it is you can only see the server through its
192.168.0 IP address.

The obvious solution is to get rid of the 192.168.0 addresses
altogether and set your OFFICE router to route 200.2.2.0 through the tunnel
instead of 192.168.0.0 . That is, you pretend that 200.2.2.0 is a private
subnet for your purposes. Give the Dlink at the office site a 200.2.2 IP
address and make it the default gateway of the LAN. This won't affect the
proxy server as a proxy service doesn't need default routing (which is why
your workstations don't have one set at present). They have the IP of the
proxy server configured, so they can contact it directly.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top