?
Solved

Can't access remote resources through RRAS Persistent Site to Site VPN connection

Posted on 2006-06-27
2
Medium Priority
?
325 Views
Last Modified: 2008-03-06
Hi All - 1st time Poster here - any input is greatly appreciated!

Situation is as follows:

Windows Server 2003 R2 behind a SOHO 6 Watchgard firewall has a persistent VPN connection to a remote Windows 2000 Server also behind a SOHO 6 Watchgard firewall. The persistent VPN connection is setup using RRAS at both sites (The Watchgards don't have the upgrade to enable VPN).

The 2 servers which have the VPN persistent connection can ping each other using HOSTS names and internal IP's.

Clients on Domain A & B can ping the internal IP of the remote VPN server but thats where the connectivity stops.

I have tried setting up static routes on both points of the VPN to enable users on Domain A to access resources on Domain B and vise versa.

Domain A has IP 192.168.0.x
Domain B has IP 192.7.1.x

Both sites have static IP's and have forwarded the correct ports to each of the vpn servers.

On Domain B VPN Server "Calling Router" (Win2k 192.7.1.2) I have added a static route of 192.168.0.0 SM 255.255.255.0
DG (Greyed Out) which I thought would filter any traffic comming from the local clients that is looking for 192.168.0.x Ip's and forward it through the VPN rather than searching locally.

On Domain A VPN Server "Answering Router" (Win2003 192.168.0.56) I have a static route setup as 192.7.1.0 SM 255.255.255.0 DG (Blank) to filter local traffic looking for 192.7.1.x through the vpn to the remote site.

From Domain A VPN Server - I can ping the remote VPN Server and ALL other remote servers and workstations by internal IP (same with Domain B back to Domain A resources).

How do I get local clients (all XP Pro) of Domain A to be able to ping Domain B clients and servers using the persistent site to site connection (and vice versa for Domain B to Domain A)?

Some TRACERT info:

From client  (192.7.1.1) on Domain B:
tracert 192.168.0.58 (remote client)

1 <10 ms <10 ms <10 ms SERVERB (192.7.1.2)
2 96 ms 96 ms 95 ms        SERVERA (192.7.1.245)     <---- static Ip setup in demand dial connection
3 *       *           *
4 *       *           * (etc)

From Dom B vpn server (192.7.1.2) to Dom A vpn server:
tracert 192.168.0.56 (Dom A vpn server)

1 78 ms 78 ms 73 ms     SERVERA (192.168.0.56)
trace complete

From Dom B vpn server to client on Dom A
tracert 192.168.0.58 (client on Dom A)

1 6 ms 62 ms 47 ms  SERVERA (192.7.1.245)
2 47 ms 63 ms 62 ms CLIENT_ON_DomA (192.168.0.58)
trace complete

From client on Dom B to SERVERA (vpn server on Dom A)
tracert 192.168.0.56 (vpn server on Dom A)

1 <1 ms <1 ms 1< ms  192.7.1.2 (Dom B vpn server)
2  54 ms 55 ms 54 ms   SERVERA (192.168.0.56)
trace complete

From client on Dom B to client on Dom A
tracert 192.168.0.58 (client on Dom A)

1 <1 ms <1 ms 1< ms  192.7.1.2 (Dom B vpn server)
2  54 ms  55 ms  54 ms 192.7.1.245
3   *          *         *
4   *          *         *  (etc)

This behavior from Dom B to Dom A is also manifesting from Dom A to Dom B.

Thanks for your help!

 
0
Comment
Question by:IamBruceM
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Accepted Solution

by:
DLeaver earned 1500 total points
ID: 17001545
Hi

Have you set the clients as VPN clients?  What is your current DNS setup?  Is the VPN connection between the servers a demand dial persistent connection?

DL
0
 

Author Comment

by:IamBruceM
ID: 17198410
Hi DL,

My customer wound up outsourcing this issue to another company.

I'd like to give you points for showing intrest but am not sure how to proceed.

Thanks for your help!
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question