Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

VPN connection from 10.0.1.x network to 10.1.x.x network

Posted on 2004-09-18
11
Medium Priority
?
350 Views
Last Modified: 2010-04-10
Hi,

I'm staying in a hotel right now, and I want to connect to my office LAN via VPN (Checkpoint Securemote). Our local lan has a 10.1.x.x IP range (mask 255.255.0.0). The hotel network assings my PC a 10.0.1.x (mask 255.255.255.0) IP address. Now I can make a VPN connection from the hotel network to our VPN server (193.121.168.125), but I cannot get access to any of the computers in our office LAN.

Can I do something about this?

PAtrick
0
Comment
Question by:bemsofpe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +2
11 Comments
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12093597
assuming you are using some version of windows, try the following:

route add 10.1.0.0 mask 255.255.0.0 193.121.168.125

That is assuming it is a routing problem because your VPN server isn't creating this route for you.
0
 
LVL 5

Assisted Solution

by:netspec01
netspec01 earned 300 total points
ID: 12093618
Since the two IP ranges are not overlapping, this should not be causing a problem.  If your VPN has worked before and no change have been made to the VPN setup, routing should not be an issue.  It is possible that the local network firewall/router you are connecting to is not allowing IPSEC to pass through properly.
0
 
LVL 15

Accepted Solution

by:
adamdrayer earned 600 total points
ID: 12093635
without knowing the subnet mask of the hotel network, you can't say whether the IP ranges are overlapping.  And since the VPN server is on a public interface, it's possible it does not supply any internal routing information with the VPN connection.  By default windows routes private addressing schemes over the local IP by specifying it as the gateway.  This needs to be changed in a VPN.

It could very well be something else though.  How do you normally connect from other places?
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 15

Expert Comment

by:adamdrayer
ID: 12093637
sorry, I forgot he specified the mask for the hotel, but it's still worth a try since windows doesn't specify an external gateway by deafult for 10.x.x.x networks.
0
 
LVL 5

Assisted Solution

by:ITcrow
ITcrow earned 300 total points
ID: 12094473
Use tracert command to find out, where it goes when you try to go to some of your office IP address.

Start => Run => tracert 10.1.x.x

Post the result, it will be helpful in assisting you.
0
 

Author Comment

by:bemsofpe
ID: 12094499
I'm running Windows XP SP2. If I connect from other places (no 10.x.x.x networks!), I just start my securemote VPN client, and whenever I try to reach any of the machines on my office LAN, securemote asks me to enter the password for my VPN certificate, and everything is working.

When I try to add the route I get this error:

"The route addition failed: Either the interface index is wrong or the gateway does not lie on the same network as the interface. Check the IP Address Table for the machine."

A tracert times out for all office LAN IP adresses without any information.

C:\>tracert 10.1.1.201

Bezig met het traceren van de route naar 10.1.1.201 via maximaal 30 hops

  1     *        *        *     Time-out bij opdracht.
  2     *        *        *     Time-out bij opdracht.
  3     *        *    


I start to think that I won't be able to make this VPN connection work from here...
0
 
LVL 16

Assisted Solution

by:samccarthy
samccarthy earned 300 total points
ID: 12095452
Here are some things that might work.

If you authenticate properly to the VPN server and it puts you in the network, go to your VPN Properties, networking, TCP/IP properties, advanced, and see if there is a check in the box to use the default gateway on the remote network.  If it is not checked, then check it.  That should fix it.
0
 
LVL 5

Expert Comment

by:netspec01
ID: 12095638
I havn't used the Checkpoint VPN client before but it may provide you some logging/diagnostic information.  Look for transmit and receive byte counts.  If you see unidriectional traffic flow (transmit byte count high, receive count low) it would indicate that return trffic is being blocked.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12096248
you have to add that route when you are connected to the VPN
0
 

Author Comment

by:bemsofpe
ID: 12103258
According to information from my hardware vendor that implemented the Checkpoint firewall, it is not possible with the SecuRemote client to connect to my office lan from a lan that has an 10.x.x.x ip range.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12103341
well I assume if that is true, then it's because SecuRemote is configured that way.  Not because it is impossible.  Thanks.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question