Solved

Can't access remote resources through RRAS Persistent Site to Site VPN connection

Posted on 2006-06-27
2
321 Views
Last Modified: 2008-03-06
Hi All - 1st time Poster here - any input is greatly appreciated!

Situation is as follows:

Windows Server 2003 R2 behind a SOHO 6 Watchgard firewall has a persistent VPN connection to a remote Windows 2000 Server also behind a SOHO 6 Watchgard firewall. The persistent VPN connection is setup using RRAS at both sites (The Watchgards don't have the upgrade to enable VPN).

The 2 servers which have the VPN persistent connection can ping each other using HOSTS names and internal IP's.

Clients on Domain A & B can ping the internal IP of the remote VPN server but thats where the connectivity stops.

I have tried setting up static routes on both points of the VPN to enable users on Domain A to access resources on Domain B and vise versa.

Domain A has IP 192.168.0.x
Domain B has IP 192.7.1.x

Both sites have static IP's and have forwarded the correct ports to each of the vpn servers.

On Domain B VPN Server "Calling Router" (Win2k 192.7.1.2) I have added a static route of 192.168.0.0 SM 255.255.255.0
DG (Greyed Out) which I thought would filter any traffic comming from the local clients that is looking for 192.168.0.x Ip's and forward it through the VPN rather than searching locally.

On Domain A VPN Server "Answering Router" (Win2003 192.168.0.56) I have a static route setup as 192.7.1.0 SM 255.255.255.0 DG (Blank) to filter local traffic looking for 192.7.1.x through the vpn to the remote site.

From Domain A VPN Server - I can ping the remote VPN Server and ALL other remote servers and workstations by internal IP (same with Domain B back to Domain A resources).

How do I get local clients (all XP Pro) of Domain A to be able to ping Domain B clients and servers using the persistent site to site connection (and vice versa for Domain B to Domain A)?

Some TRACERT info:

From client  (192.7.1.1) on Domain B:
tracert 192.168.0.58 (remote client)

1 <10 ms <10 ms <10 ms SERVERB (192.7.1.2)
2 96 ms 96 ms 95 ms        SERVERA (192.7.1.245)     <---- static Ip setup in demand dial connection
3 *       *           *
4 *       *           * (etc)

From Dom B vpn server (192.7.1.2) to Dom A vpn server:
tracert 192.168.0.56 (Dom A vpn server)

1 78 ms 78 ms 73 ms     SERVERA (192.168.0.56)
trace complete

From Dom B vpn server to client on Dom A
tracert 192.168.0.58 (client on Dom A)

1 6 ms 62 ms 47 ms  SERVERA (192.7.1.245)
2 47 ms 63 ms 62 ms CLIENT_ON_DomA (192.168.0.58)
trace complete

From client on Dom B to SERVERA (vpn server on Dom A)
tracert 192.168.0.56 (vpn server on Dom A)

1 <1 ms <1 ms 1< ms  192.7.1.2 (Dom B vpn server)
2  54 ms 55 ms 54 ms   SERVERA (192.168.0.56)
trace complete

From client on Dom B to client on Dom A
tracert 192.168.0.58 (client on Dom A)

1 <1 ms <1 ms 1< ms  192.7.1.2 (Dom B vpn server)
2  54 ms  55 ms  54 ms 192.7.1.245
3   *          *         *
4   *          *         *  (etc)

This behavior from Dom B to Dom A is also manifesting from Dom A to Dom B.

Thanks for your help!

 
0
Comment
Question by:IamBruceM
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Accepted Solution

by:
DLeaver earned 500 total points
ID: 17001545
Hi

Have you set the clients as VPN clients?  What is your current DNS setup?  Is the VPN connection between the servers a demand dial persistent connection?

DL
0
 

Author Comment

by:IamBruceM
ID: 17198410
Hi DL,

My customer wound up outsourcing this issue to another company.

I'd like to give you points for showing intrest but am not sure how to proceed.

Thanks for your help!
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question