Need access to subnet via safenet vpn client

Posted on 2006-05-13
Medium Priority
Last Modified: 2010-04-08
Okay...frustrated again. Here´s the deal.
I need access to subnet (only) via dynamic vpn connection. Might be routing/gateway problem.!

Main-office has one Zywall-router with 1 WAN and inside addr. /24.
The subnet is located on a layer 3 switch/router /24    Subnet= /24
PC´s on net, gateway to and can internet that way.

I need VNC acces to IP, through VPN-client - but can only connect to 192.168.1.xxx PC´s

When I connect my laptop inside the LAN, with ip, I succesfully ping 192.168.1.xx and 192.168.41.xx devices.
and VNC ok.

But when I VPN-in via SafenetClient, I can ping all on the 192.168.1.xxx net - no answer from   ????
Question by:HHLiisborg

Accepted Solution

redgun earned 1000 total points
ID: 16674529
I am not an expert in Zywall devices but as you says it sounds more to me like a routing problem
Q1) when you connect from your local lan, who is your default gateway (DG)? you can check it with ipcofig in win xP

if your DG is not the internal ip address of your zywall router then someone else is doing the routing job for it, this explains why when you connect from your vpn client the zywall does not knows how to reach the required network. then you will have to add this route on it
must be something like this
in order to reach network /24 you have to ask ip address x.y.z.w

when x.y.z.w is your internal DG.

Q2) when you connect from vpn, what is your ip and your DG?

if your firewall is giving you ip address from a network different from the inside your L3/ switch router will do not know how to reach it  so you will have to add a route on it pointing to this network

in order to reach network a.b.c.d ask  internal zywall ip address

Author Comment

ID: 16727955
Hi red... first of all, the Layer 3 switch was defect :-( Couldn´t add route.
Second, if you want access to subnets through vpn, you have to specify the hole IP-Range, and not just the local net.

The VPNnet-policy must be - ....of cause, otherwise there´s no way the vpn can get answer from 41.0 net.

Anyway..your reply, made me certain of routing-probs. Just needed to confirme. Thanx

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month14 days, 3 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question