VPN setup

[Tom]

I have the following scenario: Windows 2003 Server with
dual NIC's. LAN side is 10.5.1.0 network, WAN side is
192.168.1.2 connected to a Linksys VPN router that is
192.168.1.1.

Branch office has indentical Linksys VPN router with
address 192.168.2.1. I have successfully configured a VPN
connection between the two Linksys units. I can ping from
the 192.168.2 network to the WAN NIC (192.168.1.2) on the
server.

The problem is I can't get to the 10.5.1.0 network in
order to log on, etc. I feel it is a routing problem but I
am not sure what routes need to be setup, etc.

Any assistance would be appreciated.

TIA

Tom

 

[Robert L [MS-MVP]]

this may help. quoted from http://www.ChicagoTech.net

Can ping VPN server only but not other resources

Symptom: after establishing VPN, you can ping and access the VPN server, but
not other servers and the network resources.

Cause: 1. incorrect NAT/Firewall settings.
2. ISA/Proxy blocking.
3. Disable IP routing/forwarding.
--
For more and other information, go to http://www.ChicagoTech.net


Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.

 

[Bill Grant]

Default routing fails when you have multiple routers. Your routers need
to know how to forward traffic to the next hop router.

Your VPN routers need to know what other subnets are across the link,
and have routes to send that traffic through. If the VPN routers are the
default gateways for their LANs, it will all work if these routes exist.

So the router 192.168.1.1 has to have a route to send 10.5.1.0 traffic
through the VPN link. And the router at the 10.5.1 site needs a route to
send traffic for 192.168.1.0 through the VPN.

 

[Guest]

I currently have a customer that is behind two Linksys Routers. You have to
setup both routers to forward the VPN packets to the correct IP address.
First Router forwards to the IP on the Second Router, second Router forwards
to the IP on the Server. I hope this is the right way because this is how I
have it set-up and it seems to be working for now.

Here is a link on how to set the Routers up.

http://linksys.custhelp.com/cgi-bin...nBfc2VhcmNoX3RleHQ9UFBUUA**&p_li=&p_topview=1

Customized Application Service Port Range Protocol IP Address
VPN 47 ~ 47 BOTH 192.168.1.3
VPN 1723 ~ 1723 BOTH 192.168.1.3

 

[Bill Grant]

Yes, if it is going through two routers, they will both need to forward
tcp port 1723 . Port 1723 is PPTP, and the end of the PPTP tunnel has to be
at the server.

The port 47 entry is not really needed, because port 47 (TCP or UDP)
doesn't have anything to do with VPN. It is actually used for FTP. This is
caused by people misreading the specifications. (I know they are supposed to
be router experts, but it is just plain wrong. If you don't forward port 47
it will still work). That said, I wouldn't bother changing anything.

Here is the entry from the official list at www.iana.org

ni-ftp 47/tcp NI FTP
ni-ftp 47/udp NI FTP


What is essential is that both the routers do not block IP protocol 47,
which is GRE. Blocking GRE blocks the encypted VPN data. That is where the
confusion about port 47 comes from.

If your VPN is working, then GRE must be getting through OK. Otherwise
you would be getting 721 errors.