?
Solved

Internal VPN & Routing table

Posted on 2004-10-17
7
Medium Priority
?
2,299 Views
Last Modified: 2012-06-27
I am using secpol.msc in windows XP Home and a Linksys BEFVP41 VPN Router to configure a VPN between a private network and a single private pc
I have set the security policies and tunnel parameters in windows and the linksys BEFVP41 vpn router
The set up is

VPN Server end
Lan IP 192.168.1.0  Mask 255.255.255.0   Def Gateway 192.168.1.1
-----> Linksys VPN Router:  IP 192.168.1.1   Mask 255.255.255.0   Wan IP 192.168.3.249

Client PC end
----> D-Link DI-624 Router:   Wan IP 192.168.3.150    IP 192.168.3.1    Mask  255.255.255.0
 ---> Client PC: IP 192.168.3.149   Mask 255.255.255.0   Def Gateway 192.168.3.1

When I ping 192.168.1.110 (one of the pc's on the lan) from the Client PC I get  Negotiating IP Security I set it to ping 30 packets but no reply
I think I need to add a route to the table but i dont know what. The D-Link router has IPSec and PPTP set to always allow
0
Comment
Question by:jedfreeman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 750 total points
ID: 12333082
I'm a little confused on your setup. The BEFVP41 is the VPN server.
Are you doing this in a lab with the two routers on the same LAN subnet for testing?
GW=default gateway
L= LAN port
W= WAN port

PC w/IPsecpol  -------> DI-624 <----------------->BEFVP41<----------test system
       |                             |                                 |                            |
192.168.3.149            L-192.168.3.150            L-192.168.1.1          192.168.1.100
GW: 192.168.3.150     W-192.168.4.249--------W-192.168.4.250     GW: 192.168.1.1
                                GW:192.168.4.250         GW:192.168.4.249

It appears that you currently have the same LAN subnet on both sides of your DL-624
Each device in line should have a default gateway pointing to the next hop. PC points to local router LAN IP,
Each router points to either 1) default gateway of ISP in live environment  2) next hop router in test environment (they point to each other as defaults)

0
 

Author Comment

by:jedfreeman
ID: 12334241
Thanks that makes sense I have changed the setup accordingly but I still dont get a response when I ping 192.168.1.100
Just: Negotiating IP Security which I think means the security policies are working. I have the tunnel parameters in IPSecpol
set as the WAN Addresses both ends is this correct, the securities are identical to the VPN Router ie: MD5 and 3DES  inc the Pre-Shared Key
One more thing I have the remote secure group on the VPN Router set to the DI-624 WAN IP
I can post the route print if nessesary

And Yes it is just for testing
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12335149
Have you followed these directions for setting up the PC?
http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=207

[URL edited for length by The--Captain]
0
Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

 

Author Comment

by:jedfreeman
ID: 12336944
Yes this is what is printed in the manual but I had to add IPsecpol to XP Home
The settings are the same exept the Authentication I have MD5 instead of SHA and the tunnel end points which are the wan addresses

I wanted to use SSH Sentinel client software to do the job but it's no longer available

And Yes edit the post
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12337847
Jon, go ahead and edit the link. Thanks..

0
 
LVL 16

Expert Comment

by:The--Captain
ID: 12345196
I concur with lrmoore -  your config should be adjusted as suggested - I agree that the same subnet on multiple interfaces is nonsensical, but it is a bizarre fact of life there exist routers (typically low-end) that support (or even demands) the same subnet on both interfaces - the Cayman series of router supplied to DSL customers of SBC comes to mind as a concrete example - if you want me to post a link to the URL that tells how to configure your Cayman this way, I could likely dig it up - it's the only way to make SBC DSL connections using a Cayman route the entire netblock to the customer firewall, AFAIK)

In any case, I am curious to know what you see if you run a sniffer on 192.168.1.110 while it is being pinged from the client PC - can you see the ICMP packets arriving and the corresponding replies going out?

Cheers,
-Jon
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question