• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 492
  • Last Modified:

Need access to subnet via safenet vpn client

Okay...frustrated again. Here´s the deal.
I need access to subnet (only) via dynamic vpn connection. Might be routing/gateway problem.!

Main-office has one Zywall-router with 1 WAN and inside addr. 192.168.1.1 /24.
The subnet is located on a layer 3 switch/router 192.168.1.171 /24    Subnet= 192.168.41.1 /24
PC´s on 192.168.41.0 net, gateway to 192.168.41.1 and can internet that way.

I need VNC acces to IP 192.168.41.7, through VPN-client - but can only connect to 192.168.1.xxx PC´s

When I connect my laptop inside the LAN, with ip 192.168.1.73, I succesfully ping 192.168.1.xx and 192.168.41.xx devices.
and VNC ok.

But when I VPN-in via SafenetClient, I can ping all on the 192.168.1.xxx net - no answer from 192.168.41.7   ????
???
0
HHLiisborg
Asked:
HHLiisborg
1 Solution
 
redgunCommented:
Hi,
I am not an expert in Zywall devices but as you says it sounds more to me like a routing problem
Q1) when you connect from your local lan, who is your default gateway (DG)? you can check it with ipcofig in win xP

if your DG is not the internal ip address of your zywall router then someone else is doing the routing job for it, this explains why when you connect from your vpn client the zywall does not knows how to reach the required network. then you will have to add this route on it
must be something like this
in order to reach network 192.168.41.1 /24 you have to ask ip address x.y.z.w

when x.y.z.w is your internal DG.

Q2) when you connect from vpn, what is your ip and your DG?

if your firewall is giving you ip address from a network different from the inside your L3/ switch router will do not know how to reach it  so you will have to add a route on it pointing to this network

in order to reach network a.b.c.d ask  internal zywall ip address
0
 
HHLiisborgAuthor Commented:
Hi red... first of all, the Layer 3 switch was defect :-( Couldn´t add route.
Second, if you want access to subnets through vpn, you have to specify the hole IP-Range, and not just the local 192.168.1.0 net.

The VPNnet-policy must be 192.168.0.0 - 192.168.255.255 ....of cause, otherwise there´s no way the vpn can get answer from 41.0 net.

Anyway..your reply, made me certain of routing-probs. Just needed to confirme. Thanx
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now