VPN tunnel established, now what?

Have 2 Linksys befvp41 routers, one at work and one at home.  After much loss of sleep I have established a tunnel.  In the linksys setup, VPN setup screen there is a button to connect.  It shows connected and the log and status screens show that it is connected.  This is the only way that I can get it to connect.  My problem is now I can't do anything----can't join the other network or see anything else on the other side. What do I need to do?
drprm1Asked:
Who is Participating?
 
Rob WilliamsConnect With a Mentor Commented:
Thought we were discussing a site to site VPN with 2 BEFVP41's ?
Are they working correctly now?
If so TheGreenBow discussion should really be handled in a new question.

>>"Am I correct to assume that I should be able to treat this like any other network, ie treat it like a LAN?"
More or less. Effectively you have two network segments connected by a router. You can connect to any device by IP or mapping a drive to a device using the IP to access data such as:
net  use  Z:  \\192.168.123.123\ShareName
The two main restrictions with VPN's are
-accessing data bases will usually not work due to the fact that the VPN uses a much slower connection
-name resolution over a VPN does not always work for various reasons especially in a workgroup environment. Workgroups generally rely on NetBIOS broadcasts for name resolution. Broadcasts are not routable, and therefore cannot be forwarded over a VPN. If you have a domain with your own DNS and WINS servers name resolution can usually be dealt with. Following are some ways to deal with connecting to remote devices over a VPN:

1) Use the IP address (of the computer you are connecting to) when connecting to devices such as;   \\123.123.123.123\ShareName   or map a drive at a  command prompt using  
 Net  Use  U:  \\123.123.123.123\ShareName
2) An option is to use the LMHosts file which creates a table of IP's and computer names. LMHosts is located in the Windows directory under c:\Windows (or WINNT)\System32\Drivers\Etc\LMHosts.sam , instructions are included within the file. Any line starting with # is just a comment and is ignored. Open the file with Notepad and add entries for your computers as below;
192.168.0.101      CompName       #PRE
Hit enter when each line is complete (important), then save the file without a file extension. To be sure there is no extension ,when saving enclose in quotations like "LMHosts". Now when you try to connect to a computer name it should find it as it will search the LMHosts file for the record before connecting.
More details regarding LMHosts file:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cnfd_lmh_qxqq.mspx?mfr=true
The drawback of the LMHosts file is you have to maintain a static list of computernames and IP addresses. Also if the remote end uses DHCP assigned IP's it is not a feasible option. Thus in order to be able to use computer names dynamically try to enable with some of the following options:
3) if you have a WINS server add that to the network cards configuration
4) also under the WINS configuration on the network adapter make sure NetBIOS over TCP/IP is selected
5) try adding the remote DNS server to your local DNS servers in your network card's TCP/IP configuration
6) verify your router does not have a "block NetBIOS broadcast" option enabled
7) test if you can connect with the full computer and domain name as  \\ComputerName.domain.local  If so, add the suffix DomainName.local to the DNS configuration of the virtual private adapter/connection [ right click virtual adapter | properties | TCP/IP properties | Advanced | DNS | "Append these DNS suffixes (in order)" | Add ]

0
 
Rob WilliamsCommented:
Computer names will often not work over a VPN, though that can often be dealt with (see below), but as a test try connecting to a remote resource using the IP address such as:
\\192.168.123.123  or \\192.168.123.123\ShareName
If that doesn't work, can you ping a computer on the remote network?
If not the most common cause of this is using the same subnet at both site such as both using 192.168.1.x. They must be different for a VPN to route packets.

NetBIOS names  (computer names) are not broadcast over most VPN's.
You can resolve this in several ways:
1) Use the IP address (of the computer you are connecting to) when connecting to devices such as;   \\123.123.123.123\ShareName   or map a drive at a  command prompt using  
 Net  Use  U:  \\123.123.123.123\ShareName
2) An option is to use the LMHosts file which creates a table of IP's and computer names. LMHosts is located in the Windows directory under c:\Windows (or WINNT)\System32\Drivers\Etc\LMHosts.sam , instructions are included within the file. Any line starting with # is just a comment and is ignored. Open the file with Notepad and add entries for your computers as below;
192.168.0.101      CompName       #PRE
Hit enter when each line is complete (important), then save the file without a file extension. To be sure there is no extension ,when saving enclose in quotations like "LMHosts". Now when you try to connect to a computer name it should find it as it will search the LMHosts file for the record before connecting.
More details regarding LMHosts file:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cnfd_lmh_qxqq.mspx?mfr=true
The drawback of the LMHosts file is you have to maintain a static list of computernames and IP addresses. Also if the remote end uses DHCP assigned IP's it is not a feasible option. Thus in order to be able to use computer names dynamically try to enable with some of the following options:
3) if you have a WINS server add that to the network cards configuration
4) also under the WINS configuration on the network adapter make sure NetBIOS over TCP/IP is selected
5) try adding the remote DNS server to your local DNS servers in your network card's TCP/IP configuration
6) verify your router does not have a "block NetBIOS broadcast" option enabled
7) test if you can connect with the full computer and domain name as  \\ComputerName.domain.local  If so, add the suffix DomainName.local to the DNS configuration of the virtual private adapter/connection [ right click virtual adapter | properties | TCP/IP properties | Advanced | DNS | "Append these DNS suffixes (in order)" | Add ]

0
 
drprm1Author Commented:
Is this the way I would start the tunnel by going into the router's setup each time? Can I disconnect and connect from either end regardless of what end initiated it? Can I set it to keep alive and leave it? Should I?


Is this why I keep finding how to set static ip addresses behind your routers?

Thanks for the help.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
drprm1Author Commented:
Could I just set the subnet to a different value on one end?
0
 
Rob WilliamsCommented:
The tunnel should stay connected at all times on it's own. Enabling "keep alive" will help with brief disconnects caused by the ISP.
I am not familiar with the BEFVP41 but the other Linksys are actually showing the status of the connection. If the "button" shows "Disconnect" it indicates the connection has been established.

>>"Is this why I keep finding how to set static ip addresses behind your routers?"
Sorry, not sure what you are asking with ti line.

Are you able to ping devices at the remote site/s?
0
 
drprm1Author Commented:
How would I ping a computer on the remote?
0
 
Rob WilliamsCommented:
>>"Could I just set the subnet to a different value on one end?"
Yes. Keep in mind though, it the subnet, not the subnet mask.
If one end is using 192.168.1.x with 255.255.255.0, then try 192.168.2.x with 255.255.255.0 at the other site.
0
 
Rob WilliamsCommented:
>>"How would I ping a computer on the remote?"
At a command line (DOS Windows) enter ping and the IP of a computer at the remote end. Try using a local IP first just so you are familiar with the response:
ping 192.168.2.123

If you have a connection you should get a response similar to:
Pinging 192.168.19.10 with 32 bytes of data:
Reply from 192.168.19.10: bytes=32 time<1ms TTL=128
...repeated 4 times

If you do not have a connection, or a software firewall is blocking the connection, you should receive something like:
Pinging 192.168.2.123 with 32 bytes of data:
Request timed out.
...repeated 4 times
0
 
drprm1Author Commented:
Downloaded Greenbow client IPSec Client , configured and got a tunnel established. Can't do much of anything with it though.In the process of changing configurations of things to establish network.  Am I correct to assume that I should be able to treat this like any other network, ie treat it like a LAN? Point software to data somewhere remote. Backup remote files etc?

I need to have all computers in the same workgroup etc.
0
 
Rob WilliamsCommented:
Sorry forgot I posted the name resolution "list" earlier.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.