Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Internal VPN & Routing table

Posted on 2004-10-17
7
Medium Priority
?
2,300 Views
Last Modified: 2012-06-27
I am using secpol.msc in windows XP Home and a Linksys BEFVP41 VPN Router to configure a VPN between a private network and a single private pc
I have set the security policies and tunnel parameters in windows and the linksys BEFVP41 vpn router
The set up is

VPN Server end
Lan IP 192.168.1.0  Mask 255.255.255.0   Def Gateway 192.168.1.1
-----> Linksys VPN Router:  IP 192.168.1.1   Mask 255.255.255.0   Wan IP 192.168.3.249

Client PC end
----> D-Link DI-624 Router:   Wan IP 192.168.3.150    IP 192.168.3.1    Mask  255.255.255.0
 ---> Client PC: IP 192.168.3.149   Mask 255.255.255.0   Def Gateway 192.168.3.1

When I ping 192.168.1.110 (one of the pc's on the lan) from the Client PC I get  Negotiating IP Security I set it to ping 30 packets but no reply
I think I need to add a route to the table but i dont know what. The D-Link router has IPSec and PPTP set to always allow
0
Comment
Question by:jedfreeman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 750 total points
ID: 12333082
I'm a little confused on your setup. The BEFVP41 is the VPN server.
Are you doing this in a lab with the two routers on the same LAN subnet for testing?
GW=default gateway
L= LAN port
W= WAN port

PC w/IPsecpol  -------> DI-624 <----------------->BEFVP41<----------test system
       |                             |                                 |                            |
192.168.3.149            L-192.168.3.150            L-192.168.1.1          192.168.1.100
GW: 192.168.3.150     W-192.168.4.249--------W-192.168.4.250     GW: 192.168.1.1
                                GW:192.168.4.250         GW:192.168.4.249

It appears that you currently have the same LAN subnet on both sides of your DL-624
Each device in line should have a default gateway pointing to the next hop. PC points to local router LAN IP,
Each router points to either 1) default gateway of ISP in live environment  2) next hop router in test environment (they point to each other as defaults)

0
 

Author Comment

by:jedfreeman
ID: 12334241
Thanks that makes sense I have changed the setup accordingly but I still dont get a response when I ping 192.168.1.100
Just: Negotiating IP Security which I think means the security policies are working. I have the tunnel parameters in IPSecpol
set as the WAN Addresses both ends is this correct, the securities are identical to the VPN Router ie: MD5 and 3DES  inc the Pre-Shared Key
One more thing I have the remote secure group on the VPN Router set to the DI-624 WAN IP
I can post the route print if nessesary

And Yes it is just for testing
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12335149
Have you followed these directions for setting up the PC?
http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=207

[URL edited for length by The--Captain]
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 

Author Comment

by:jedfreeman
ID: 12336944
Yes this is what is printed in the manual but I had to add IPsecpol to XP Home
The settings are the same exept the Authentication I have MD5 instead of SHA and the tunnel end points which are the wan addresses

I wanted to use SSH Sentinel client software to do the job but it's no longer available

And Yes edit the post
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12337847
Jon, go ahead and edit the link. Thanks..

0
 
LVL 16

Expert Comment

by:The--Captain
ID: 12345196
I concur with lrmoore -  your config should be adjusted as suggested - I agree that the same subnet on multiple interfaces is nonsensical, but it is a bizarre fact of life there exist routers (typically low-end) that support (or even demands) the same subnet on both interfaces - the Cayman series of router supplied to DSL customers of SBC comes to mind as a concrete example - if you want me to post a link to the URL that tells how to configure your Cayman this way, I could likely dig it up - it's the only way to make SBC DSL connections using a Cayman route the entire netblock to the customer firewall, AFAIK)

In any case, I am curious to know what you see if you run a sniffer on 192.168.1.110 while it is being pinged from the client PC - can you see the ICMP packets arriving and the corresponding replies going out?

Cheers,
-Jon
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Make the most of your online learning experience.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question