• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 339
  • Last Modified:

Can't access remote resources through RRAS Persistent Site to Site VPN connection

Hi All - 1st time Poster here - any input is greatly appreciated!

Situation is as follows:

Windows Server 2003 R2 behind a SOHO 6 Watchgard firewall has a persistent VPN connection to a remote Windows 2000 Server also behind a SOHO 6 Watchgard firewall. The persistent VPN connection is setup using RRAS at both sites (The Watchgards don't have the upgrade to enable VPN).

The 2 servers which have the VPN persistent connection can ping each other using HOSTS names and internal IP's.

Clients on Domain A & B can ping the internal IP of the remote VPN server but thats where the connectivity stops.

I have tried setting up static routes on both points of the VPN to enable users on Domain A to access resources on Domain B and vise versa.

Domain A has IP 192.168.0.x
Domain B has IP 192.7.1.x

Both sites have static IP's and have forwarded the correct ports to each of the vpn servers.

On Domain B VPN Server "Calling Router" (Win2k 192.7.1.2) I have added a static route of 192.168.0.0 SM 255.255.255.0
DG (Greyed Out) which I thought would filter any traffic comming from the local clients that is looking for 192.168.0.x Ip's and forward it through the VPN rather than searching locally.

On Domain A VPN Server "Answering Router" (Win2003 192.168.0.56) I have a static route setup as 192.7.1.0 SM 255.255.255.0 DG (Blank) to filter local traffic looking for 192.7.1.x through the vpn to the remote site.

From Domain A VPN Server - I can ping the remote VPN Server and ALL other remote servers and workstations by internal IP (same with Domain B back to Domain A resources).

How do I get local clients (all XP Pro) of Domain A to be able to ping Domain B clients and servers using the persistent site to site connection (and vice versa for Domain B to Domain A)?

Some TRACERT info:

From client  (192.7.1.1) on Domain B:
tracert 192.168.0.58 (remote client)

1 <10 ms <10 ms <10 ms SERVERB (192.7.1.2)
2 96 ms 96 ms 95 ms        SERVERA (192.7.1.245)     <---- static Ip setup in demand dial connection
3 *       *           *
4 *       *           * (etc)

From Dom B vpn server (192.7.1.2) to Dom A vpn server:
tracert 192.168.0.56 (Dom A vpn server)

1 78 ms 78 ms 73 ms     SERVERA (192.168.0.56)
trace complete

From Dom B vpn server to client on Dom A
tracert 192.168.0.58 (client on Dom A)

1 6 ms 62 ms 47 ms  SERVERA (192.7.1.245)
2 47 ms 63 ms 62 ms CLIENT_ON_DomA (192.168.0.58)
trace complete

From client on Dom B to SERVERA (vpn server on Dom A)
tracert 192.168.0.56 (vpn server on Dom A)

1 <1 ms <1 ms 1< ms  192.7.1.2 (Dom B vpn server)
2  54 ms 55 ms 54 ms   SERVERA (192.168.0.56)
trace complete

From client on Dom B to client on Dom A
tracert 192.168.0.58 (client on Dom A)

1 <1 ms <1 ms 1< ms  192.7.1.2 (Dom B vpn server)
2  54 ms  55 ms  54 ms 192.7.1.245
3   *          *         *
4   *          *         *  (etc)

This behavior from Dom B to Dom A is also manifesting from Dom A to Dom B.

Thanks for your help!

 
0
IamBruceM
Asked:
IamBruceM
1 Solution
 
DLeaverCommented:
Hi

Have you set the clients as VPN clients?  What is your current DNS setup?  Is the VPN connection between the servers a demand dial persistent connection?

DL
0
 
IamBruceMAuthor Commented:
Hi DL,

My customer wound up outsourcing this issue to another company.

I'd like to give you points for showing intrest but am not sure how to proceed.

Thanks for your help!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now