Solved

Internal VPN & Routing table

Posted on 2004-10-17
7
2,286 Views
Last Modified: 2012-06-27
I am using secpol.msc in windows XP Home and a Linksys BEFVP41 VPN Router to configure a VPN between a private network and a single private pc
I have set the security policies and tunnel parameters in windows and the linksys BEFVP41 vpn router
The set up is

VPN Server end
Lan IP 192.168.1.0  Mask 255.255.255.0   Def Gateway 192.168.1.1
-----> Linksys VPN Router:  IP 192.168.1.1   Mask 255.255.255.0   Wan IP 192.168.3.249

Client PC end
----> D-Link DI-624 Router:   Wan IP 192.168.3.150    IP 192.168.3.1    Mask  255.255.255.0
 ---> Client PC: IP 192.168.3.149   Mask 255.255.255.0   Def Gateway 192.168.3.1

When I ping 192.168.1.110 (one of the pc's on the lan) from the Client PC I get  Negotiating IP Security I set it to ping 30 packets but no reply
I think I need to add a route to the table but i dont know what. The D-Link router has IPSec and PPTP set to always allow
0
Comment
Question by:jedfreeman
  • 3
  • 2
7 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 12333082
I'm a little confused on your setup. The BEFVP41 is the VPN server.
Are you doing this in a lab with the two routers on the same LAN subnet for testing?
GW=default gateway
L= LAN port
W= WAN port

PC w/IPsecpol  -------> DI-624 <----------------->BEFVP41<----------test system
       |                             |                                 |                            |
192.168.3.149            L-192.168.3.150            L-192.168.1.1          192.168.1.100
GW: 192.168.3.150     W-192.168.4.249--------W-192.168.4.250     GW: 192.168.1.1
                                GW:192.168.4.250         GW:192.168.4.249

It appears that you currently have the same LAN subnet on both sides of your DL-624
Each device in line should have a default gateway pointing to the next hop. PC points to local router LAN IP,
Each router points to either 1) default gateway of ISP in live environment  2) next hop router in test environment (they point to each other as defaults)

0
 

Author Comment

by:jedfreeman
ID: 12334241
Thanks that makes sense I have changed the setup accordingly but I still dont get a response when I ping 192.168.1.100
Just: Negotiating IP Security which I think means the security policies are working. I have the tunnel parameters in IPSecpol
set as the WAN Addresses both ends is this correct, the securities are identical to the VPN Router ie: MD5 and 3DES  inc the Pre-Shared Key
One more thing I have the remote secure group on the VPN Router set to the DI-624 WAN IP
I can post the route print if nessesary

And Yes it is just for testing
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12335149
Have you followed these directions for setting up the PC?
http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=207

[URL edited for length by The--Captain]
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:jedfreeman
ID: 12336944
Yes this is what is printed in the manual but I had to add IPsecpol to XP Home
The settings are the same exept the Authentication I have MD5 instead of SHA and the tunnel end points which are the wan addresses

I wanted to use SSH Sentinel client software to do the job but it's no longer available

And Yes edit the post
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12337847
Jon, go ahead and edit the link. Thanks..

0
 
LVL 16

Expert Comment

by:The--Captain
ID: 12345196
I concur with lrmoore -  your config should be adjusted as suggested - I agree that the same subnet on multiple interfaces is nonsensical, but it is a bizarre fact of life there exist routers (typically low-end) that support (or even demands) the same subnet on both interfaces - the Cayman series of router supplied to DSL customers of SBC comes to mind as a concrete example - if you want me to post a link to the URL that tells how to configure your Cayman this way, I could likely dig it up - it's the only way to make SBC DSL connections using a Cayman route the entire netblock to the customer firewall, AFAIK)

In any case, I am curious to know what you see if you run a sniffer on 192.168.1.110 while it is being pinged from the client PC - can you see the ICMP packets arriving and the corresponding replies going out?

Cheers,
-Jon
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question