VPN routing

W

Will

I'm trying to setup a Win2k as a VPN server with DOD vpn circuits.
Sofar I'm able to:
- defining a DOD vpn circuit
- verify that any destination for the subnet behind the VPN is triggering
the VPN
- connectivity from the Wink2 server (where the VPN resides) to devices on
the other end is possible
- enable routing on all VPN interfaces
- add static route for the subnet behind the VPN

What doesn't work is that the workstations connected to the LAN where the
VPN server resides are unable to communicate with the devices on the other
end. While the VPN circuit is up-and-running.
I tried to:
- put in a persistand route on the workstation for every subnet behind the
VPN
- add RIP as an additional routing protocol (besides ICMP)
- make some changes to the ICMP (changed it from LAN-proxy to routing and
back)

Anyone there that can help me out?
 
B

Bill Grant

To have the two LANs communicate, you need to use a router-to-router
connection. That is, the connection needs to be made to a demand-dial
interface on the answering router. And that demand-dial interface needs an
associated route back to the subnet of your "calling" subnet. See the entry
in Help on router-to-router VPN.
 
B

Bill Grant

If you don't have control of the "other" end, you will probably have to
rely on RIP. Both routers would need RIP enabled to exchange routing info.
 
W

Will

Come to think of it:
How do you explain that connectivity is available on all stations at the
other end if I try this on the VPN server itself ?
And if I do this on a workstation in the same subnet as the VPN server, this
doesn't work.


Grtx,
Will
 
B

Bill Grant

That's how IP routing works. Getting a connection from a router doesn't
imply you can connect from a workstation behind the router. For this, there
must be a route at the "other" end which will forward traffic for the subnet
behind the router to the router. The router can then deliver the traffic
directly on the local subnet.
 
W

Will

I tried things with RIP enabled on bot ends. Everythings is working.

Thanks for your help!
 
B

Bill Grant

Fine - glad to hear it works.

Will said:
I tried things with RIP enabled on bot ends. Everythings is working.

Thanks for your help!

--


Met vriendelijke groet, / With kind regards,
Will Moonen
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top