Solved

Site to Site VPN Established but can't ping anything but the end points

Posted on 2008-06-19
2
715 Views
Last Modified: 2012-06-27
We are trying to establish a temporary Site to Site VPN so we can join some computers at a remote office to the domain at our main office, Once they are joined VPN will be shut down and they will be working off their regular internet connection.

Our main office uses ISA Server 2006 as a firewall, however we didn't use this as an endpoint, We purchased two Linksys VPN Routers, specifically the RVL200. With DHCP disabled we gave the first VPN Router a local IP address (192.168.1.19 in this example) and bypassed the ISA server giving it a direct internet connection on an external IP, for eample, 65.65.65.100.

To simulate our branch office for testing we are using an unusued DSL line with a static IP address. We connected the second VPN router to this, set it up correctly (internet connection worked) and enabled DHCP on it, local IP's 192.168.5.1 - 255 for example and a different subnet then the main office.

Setting up the IPSEC VPN tunnel on both was relatively easy and we got them to connect, no problem, (Using preshared key)

However computers at the remote site can't ping any of the 192.168.1.x machines at our local office except for the endpoint of the VPN Tunnel, that is in this case 192.168.1.19

On the main office side of things, computers can ping any of the 192.168.5.x computers from the branch office and only the endpoinbt box itself can ping the 192.168.5.1 router which is the other endpoint.

On the main office side I get the error that the destination is unreachable, on the branh office side they just time out.

I know there must be some sort of routing options to configure but I haven't found any idea of what they should be. In the Linksys setup there is an advanced routing option, I put in numbers I thought should be there but of course none of it worked so I deleted them to start fresh again.

Also, now that the VPN tunnel is up, how do I force all traffic from the branch office to use it? Can I do that?  

I also played with ISA Server 2006 adding the 192.168.5.x range as part of the local network, but that also didn't change anything.
0
Comment
Question by:BirdOPrey5
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 

Author Comment

by:BirdOPrey5
ID: 21826513
OK, half way there... I had to use the Route command on the command prompt of ISA server...

Route 192.168.5.0 mask 255.255.255.0 192.168.1.19 metric 1

That lets all the main office computers ping the branch computers- I'm assuming there's a similar command/setup on the Linksys that will let the branch computers ping the main office?
0
 

Accepted Solution

by:
BirdOPrey5 earned 0 total points
ID: 21826855
Adding the 'Route" command manually to the other machines at the main office allows for the branch office computers to ping that specific machine, but it seems like the wrong way of setting this up- there has to be a quicker/easier way then adding a route command to every machine I want to access.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month6 days, 22 hours left to enroll

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question