Solved

Site to Site VPN Established but can't ping anything but the end points

Posted on 2008-06-19
2
699 Views
Last Modified: 2012-06-27
We are trying to establish a temporary Site to Site VPN so we can join some computers at a remote office to the domain at our main office, Once they are joined VPN will be shut down and they will be working off their regular internet connection.

Our main office uses ISA Server 2006 as a firewall, however we didn't use this as an endpoint, We purchased two Linksys VPN Routers, specifically the RVL200. With DHCP disabled we gave the first VPN Router a local IP address (192.168.1.19 in this example) and bypassed the ISA server giving it a direct internet connection on an external IP, for eample, 65.65.65.100.

To simulate our branch office for testing we are using an unusued DSL line with a static IP address. We connected the second VPN router to this, set it up correctly (internet connection worked) and enabled DHCP on it, local IP's 192.168.5.1 - 255 for example and a different subnet then the main office.

Setting up the IPSEC VPN tunnel on both was relatively easy and we got them to connect, no problem, (Using preshared key)

However computers at the remote site can't ping any of the 192.168.1.x machines at our local office except for the endpoint of the VPN Tunnel, that is in this case 192.168.1.19

On the main office side of things, computers can ping any of the 192.168.5.x computers from the branch office and only the endpoinbt box itself can ping the 192.168.5.1 router which is the other endpoint.

On the main office side I get the error that the destination is unreachable, on the branh office side they just time out.

I know there must be some sort of routing options to configure but I haven't found any idea of what they should be. In the Linksys setup there is an advanced routing option, I put in numbers I thought should be there but of course none of it worked so I deleted them to start fresh again.

Also, now that the VPN tunnel is up, how do I force all traffic from the branch office to use it? Can I do that?  

I also played with ISA Server 2006 adding the 192.168.5.x range as part of the local network, but that also didn't change anything.
0
Comment
Question by:BirdOPrey5
  • 2
2 Comments
 

Author Comment

by:BirdOPrey5
ID: 21826513
OK, half way there... I had to use the Route command on the command prompt of ISA server...

Route 192.168.5.0 mask 255.255.255.0 192.168.1.19 metric 1

That lets all the main office computers ping the branch computers- I'm assuming there's a similar command/setup on the Linksys that will let the branch computers ping the main office?
0
 

Accepted Solution

by:
BirdOPrey5 earned 0 total points
ID: 21826855
Adding the 'Route" command manually to the other machines at the main office allows for the branch office computers to ping that specific machine, but it seems like the wrong way of setting this up- there has to be a quicker/easier way then adding a route command to every machine I want to access.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
network monitoring tools / software 5 138
DMVPN Spoke Connectivity Issue 1 34
VPN Connection WIndows 10 5 61
snmp v2 configuration on a switch 3 16
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

838 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question