Solved

VPN connection from 10.0.1.x network to 10.1.x.x network

Posted on 2004-09-18
11
330 Views
Last Modified: 2010-04-10
Hi,

I'm staying in a hotel right now, and I want to connect to my office LAN via VPN (Checkpoint Securemote). Our local lan has a 10.1.x.x IP range (mask 255.255.0.0). The hotel network assings my PC a 10.0.1.x (mask 255.255.255.0) IP address. Now I can make a VPN connection from the hotel network to our VPN server (193.121.168.125), but I cannot get access to any of the computers in our office LAN.

Can I do something about this?

PAtrick
0
Comment
Question by:bemsofpe
  • 5
  • 2
  • 2
  • +2
11 Comments
 
LVL 15

Expert Comment

by:adamdrayer
Comment Utility
assuming you are using some version of windows, try the following:

route add 10.1.0.0 mask 255.255.0.0 193.121.168.125

That is assuming it is a routing problem because your VPN server isn't creating this route for you.
0
 
LVL 5

Assisted Solution

by:netspec01
netspec01 earned 100 total points
Comment Utility
Since the two IP ranges are not overlapping, this should not be causing a problem.  If your VPN has worked before and no change have been made to the VPN setup, routing should not be an issue.  It is possible that the local network firewall/router you are connecting to is not allowing IPSEC to pass through properly.
0
 
LVL 15

Accepted Solution

by:
adamdrayer earned 200 total points
Comment Utility
without knowing the subnet mask of the hotel network, you can't say whether the IP ranges are overlapping.  And since the VPN server is on a public interface, it's possible it does not supply any internal routing information with the VPN connection.  By default windows routes private addressing schemes over the local IP by specifying it as the gateway.  This needs to be changed in a VPN.

It could very well be something else though.  How do you normally connect from other places?
0
 
LVL 15

Expert Comment

by:adamdrayer
Comment Utility
sorry, I forgot he specified the mask for the hotel, but it's still worth a try since windows doesn't specify an external gateway by deafult for 10.x.x.x networks.
0
 
LVL 5

Assisted Solution

by:ITcrow
ITcrow earned 100 total points
Comment Utility
Use tracert command to find out, where it goes when you try to go to some of your office IP address.

Start => Run => tracert 10.1.x.x

Post the result, it will be helpful in assisting you.
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 

Author Comment

by:bemsofpe
Comment Utility
I'm running Windows XP SP2. If I connect from other places (no 10.x.x.x networks!), I just start my securemote VPN client, and whenever I try to reach any of the machines on my office LAN, securemote asks me to enter the password for my VPN certificate, and everything is working.

When I try to add the route I get this error:

"The route addition failed: Either the interface index is wrong or the gateway does not lie on the same network as the interface. Check the IP Address Table for the machine."

A tracert times out for all office LAN IP adresses without any information.

C:\>tracert 10.1.1.201

Bezig met het traceren van de route naar 10.1.1.201 via maximaal 30 hops

  1     *        *        *     Time-out bij opdracht.
  2     *        *        *     Time-out bij opdracht.
  3     *        *    


I start to think that I won't be able to make this VPN connection work from here...
0
 
LVL 16

Assisted Solution

by:samccarthy
samccarthy earned 100 total points
Comment Utility
Here are some things that might work.

If you authenticate properly to the VPN server and it puts you in the network, go to your VPN Properties, networking, TCP/IP properties, advanced, and see if there is a check in the box to use the default gateway on the remote network.  If it is not checked, then check it.  That should fix it.
0
 
LVL 5

Expert Comment

by:netspec01
Comment Utility
I havn't used the Checkpoint VPN client before but it may provide you some logging/diagnostic information.  Look for transmit and receive byte counts.  If you see unidriectional traffic flow (transmit byte count high, receive count low) it would indicate that return trffic is being blocked.
0
 
LVL 15

Expert Comment

by:adamdrayer
Comment Utility
you have to add that route when you are connected to the VPN
0
 

Author Comment

by:bemsofpe
Comment Utility
According to information from my hardware vendor that implemented the Checkpoint firewall, it is not possible with the SecuRemote client to connect to my office lan from a lan that has an 10.x.x.x ip range.
0
 
LVL 15

Expert Comment

by:adamdrayer
Comment Utility
well I assume if that is true, then it's because SecuRemote is configured that way.  Not because it is impossible.  Thanks.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now