Solved

VPN connection from 10.0.1.x network to 10.1.x.x network

Posted on 2004-09-18
11
348 Views
Last Modified: 2010-04-10
Hi,

I'm staying in a hotel right now, and I want to connect to my office LAN via VPN (Checkpoint Securemote). Our local lan has a 10.1.x.x IP range (mask 255.255.0.0). The hotel network assings my PC a 10.0.1.x (mask 255.255.255.0) IP address. Now I can make a VPN connection from the hotel network to our VPN server (193.121.168.125), but I cannot get access to any of the computers in our office LAN.

Can I do something about this?

PAtrick
0
Comment
Question by:bemsofpe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +2
11 Comments
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12093597
assuming you are using some version of windows, try the following:

route add 10.1.0.0 mask 255.255.0.0 193.121.168.125

That is assuming it is a routing problem because your VPN server isn't creating this route for you.
0
 
LVL 5

Assisted Solution

by:netspec01
netspec01 earned 100 total points
ID: 12093618
Since the two IP ranges are not overlapping, this should not be causing a problem.  If your VPN has worked before and no change have been made to the VPN setup, routing should not be an issue.  It is possible that the local network firewall/router you are connecting to is not allowing IPSEC to pass through properly.
0
 
LVL 15

Accepted Solution

by:
adamdrayer earned 200 total points
ID: 12093635
without knowing the subnet mask of the hotel network, you can't say whether the IP ranges are overlapping.  And since the VPN server is on a public interface, it's possible it does not supply any internal routing information with the VPN connection.  By default windows routes private addressing schemes over the local IP by specifying it as the gateway.  This needs to be changed in a VPN.

It could very well be something else though.  How do you normally connect from other places?
0
What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

 
LVL 15

Expert Comment

by:adamdrayer
ID: 12093637
sorry, I forgot he specified the mask for the hotel, but it's still worth a try since windows doesn't specify an external gateway by deafult for 10.x.x.x networks.
0
 
LVL 5

Assisted Solution

by:ITcrow
ITcrow earned 100 total points
ID: 12094473
Use tracert command to find out, where it goes when you try to go to some of your office IP address.

Start => Run => tracert 10.1.x.x

Post the result, it will be helpful in assisting you.
0
 

Author Comment

by:bemsofpe
ID: 12094499
I'm running Windows XP SP2. If I connect from other places (no 10.x.x.x networks!), I just start my securemote VPN client, and whenever I try to reach any of the machines on my office LAN, securemote asks me to enter the password for my VPN certificate, and everything is working.

When I try to add the route I get this error:

"The route addition failed: Either the interface index is wrong or the gateway does not lie on the same network as the interface. Check the IP Address Table for the machine."

A tracert times out for all office LAN IP adresses without any information.

C:\>tracert 10.1.1.201

Bezig met het traceren van de route naar 10.1.1.201 via maximaal 30 hops

  1     *        *        *     Time-out bij opdracht.
  2     *        *        *     Time-out bij opdracht.
  3     *        *    


I start to think that I won't be able to make this VPN connection work from here...
0
 
LVL 16

Assisted Solution

by:samccarthy
samccarthy earned 100 total points
ID: 12095452
Here are some things that might work.

If you authenticate properly to the VPN server and it puts you in the network, go to your VPN Properties, networking, TCP/IP properties, advanced, and see if there is a check in the box to use the default gateway on the remote network.  If it is not checked, then check it.  That should fix it.
0
 
LVL 5

Expert Comment

by:netspec01
ID: 12095638
I havn't used the Checkpoint VPN client before but it may provide you some logging/diagnostic information.  Look for transmit and receive byte counts.  If you see unidriectional traffic flow (transmit byte count high, receive count low) it would indicate that return trffic is being blocked.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12096248
you have to add that route when you are connected to the VPN
0
 

Author Comment

by:bemsofpe
ID: 12103258
According to information from my hardware vendor that implemented the Checkpoint firewall, it is not possible with the SecuRemote client to connect to my office lan from a lan that has an 10.x.x.x ip range.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12103341
well I assume if that is true, then it's because SecuRemote is configured that way.  Not because it is impossible.  Thanks.
0

Featured Post

Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question