VPN site-to-site routing

J

JerryCCS

Hi everybody
Following instructions (MS W2K help) and whitepapers, and
a lot of others resources I tryed to connect two offices
using VPN.
The configuration is:
Server1:
2 NIC:
NIC-1 connected to ADSL Router: using DHCP
NIC-2 connected to LAN: IP Address 192.168.0.1, mask
255.255.255.0
RRAS configured as VPN Server (PPTP) and NAT.
Static Routes Added: 10.0.0.0, 255.255.255.0 in a Demand
Dial Interface called DD_Site2 used to connect to Server2.
Server2:
2 NIC:
NIC-1 connected to ADSL Router: using DHCP
NIC-2 connected to LAN: IP Address 10.0.0.1, mask
255.255.255.0
RRAS configured as VPN Server (PPTP) and NAT.
Static Routes Added: 192.168.0.0, 255.255.255.0 in a
Demand Dial Interface called DD_Site1 used to call to
Server1.
I created users to allow VPN connections.
After I connect using VPN I can do this:
From 192.168.0.1 ping and view shared resources
10.0.0.1, 10.0.0.200 (MAC OS X Server) and 10.0.0.101 (Mac
OS 9.5 machine).
From 192.168.0.105 ping to 10.0.0.1 but not to
10.0.0.101 or to 10.0.0.200.

From 10.0.0.1 ping and view shared resources
192.168.0.1, 192.168.0.200 (MAC OS X Server) and
192.168.105 (Mac OS 9.5 machine).
From 10.0.0.101 ping to 192.168.0.1 but not to
192.168.0.200 or 192.168.0.105.

I tryed to use static routes configured at "user acount"
and everyting writed in the help or whitepapers provided.

HELP PLEASE, thanks in advance... (I apologize my bad
english)
 
B

Bill Grant

It sounds like your routes are not becoming active. The routes are stored
in the registry and are only added to the routing table when the demand-dial
interfaces connect. When you make the connection, do both the dd interfaces
change to "connected" in the RRAS console?

Are you using the name of the "answering" demand-dial interface as the
username when you connect? That is the mechanism to bind the "answering"
demand-dial interface to the connection.
 
G

Guest

It sounds like your routes are not becoming active. The routes are stored
in the registry and are only added to the routing table when the demand-dial
interfaces connect. When you make the connection, do both the dd interfaces
change to "connected" in the RRAS console?
YES, and the machines on LAN 192.168.0.0 reach without problem the server
10.0.0.1, and machines with IP 10.0.0.x reach the server 192.168.0.1, but not
betwen they (192.168.0.200 to 10.0.0.200)

Are you using the name of the "answering" demand-dial interface as the
username when you connect? That is the mechanism to bind the "answering"
demand-dial interface to the connection
YES too, there is a pair of Demand Dial Interfaces that matches names
and usernames each other.

I tryed using another static route, but doesn't work... I hope some help...
Thanks
 
B

Bill Grant

Reaching the server doesn't need to use the added routes. It is only
when you try to route from a machine behind the router to a machine behind
the router at the other site that they are needed.

Can you confirm (by checking the routing table while the link is up)
that each router has a route to the subnet of the other site via the VPN
link? If that is there, the VPN link should work just like an IP router (a
slow one) between the two sites. The other thing that is required is that
the RRAS router is the default gateway for the workstations in each site.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

site to site vpn using rras - routing problems. 3
2K RRAS not routing for vpn clients 3
Win2000 RRAS routing problem 1
RRAS, Routing, Subnets 1
VPN Server - 1 NIC vs 2 NIC 9
VPN Routing Problems...Cannot route from server side to client sid 3
Site-to-Site VPN 0
RRAS as VPN Server Configuration Questions... 8

Top