• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 796
  • Last Modified:

Site to Site VPN Established but can't ping anything but the end points

We are trying to establish a temporary Site to Site VPN so we can join some computers at a remote office to the domain at our main office, Once they are joined VPN will be shut down and they will be working off their regular internet connection.

Our main office uses ISA Server 2006 as a firewall, however we didn't use this as an endpoint, We purchased two Linksys VPN Routers, specifically the RVL200. With DHCP disabled we gave the first VPN Router a local IP address ( in this example) and bypassed the ISA server giving it a direct internet connection on an external IP, for eample,

To simulate our branch office for testing we are using an unusued DSL line with a static IP address. We connected the second VPN router to this, set it up correctly (internet connection worked) and enabled DHCP on it, local IP's - 255 for example and a different subnet then the main office.

Setting up the IPSEC VPN tunnel on both was relatively easy and we got them to connect, no problem, (Using preshared key)

However computers at the remote site can't ping any of the 192.168.1.x machines at our local office except for the endpoint of the VPN Tunnel, that is in this case

On the main office side of things, computers can ping any of the 192.168.5.x computers from the branch office and only the endpoinbt box itself can ping the router which is the other endpoint.

On the main office side I get the error that the destination is unreachable, on the branh office side they just time out.

I know there must be some sort of routing options to configure but I haven't found any idea of what they should be. In the Linksys setup there is an advanced routing option, I put in numbers I thought should be there but of course none of it worked so I deleted them to start fresh again.

Also, now that the VPN tunnel is up, how do I force all traffic from the branch office to use it? Can I do that?  

I also played with ISA Server 2006 adding the 192.168.5.x range as part of the local network, but that also didn't change anything.
  • 2
1 Solution
BirdOPrey5Author Commented:
OK, half way there... I had to use the Route command on the command prompt of ISA server...

Route mask metric 1

That lets all the main office computers ping the branch computers- I'm assuming there's a similar command/setup on the Linksys that will let the branch computers ping the main office?
BirdOPrey5Author Commented:
Adding the 'Route" command manually to the other machines at the main office allows for the branch office computers to ping that specific machine, but it seems like the wrong way of setting this up- there has to be a quicker/easier way then adding a route command to every machine I want to access.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now