Site to Site VPN Established but can't ping anything but the end points
Posted on 2008-06-19
We are trying to establish a temporary Site to Site VPN so we can join some computers at a remote office to the domain at our main office, Once they are joined VPN will be shut down and they will be working off their regular internet connection.
Our main office uses ISA Server 2006 as a firewall, however we didn't use this as an endpoint, We purchased two Linksys VPN Routers, specifically the RVL200. With DHCP disabled we gave the first VPN Router a local IP address (192.168.1.19 in this example) and bypassed the ISA server giving it a direct internet connection on an external IP, for eample, 220.127.116.11.
To simulate our branch office for testing we are using an unusued DSL line with a static IP address. We connected the second VPN router to this, set it up correctly (internet connection worked) and enabled DHCP on it, local IP's 192.168.5.1 - 255 for example and a different subnet then the main office.
Setting up the IPSEC VPN tunnel on both was relatively easy and we got them to connect, no problem, (Using preshared key)
However computers at the remote site can't ping any of the 192.168.1.x machines at our local office except for the endpoint of the VPN Tunnel, that is in this case 192.168.1.19
On the main office side of things, computers can ping any of the 192.168.5.x computers from the branch office and only the endpoinbt box itself can ping the 192.168.5.1 router which is the other endpoint.
On the main office side I get the error that the destination is unreachable, on the branh office side they just time out.
I know there must be some sort of routing options to configure but I haven't found any idea of what they should be. In the Linksys setup there is an advanced routing option, I put in numbers I thought should be there but of course none of it worked so I deleted them to start fresh again.
Also, now that the VPN tunnel is up, how do I force all traffic from the branch office to use it? Can I do that?
I also played with ISA Server 2006 adding the 192.168.5.x range as part of the local network, but that also didn't change anything.