Link to home
Create AccountLog in
Avatar of jsstanley
jsstanleyFlag for United States of America

asked on

VPN accessing two IP ranges

I have two address ranges in our building.  

The primary one is 10.0.0.1/255.   The subnet is 255.255.255.0 and the gateway is 10.0.0.1.  It consists of our Small Business Server 2003, fileservers and all of our network workstations and printers.  All nodes are attached to  a Linksys router that is set up as a DMZ behind a Comcast Business gateway

The second range is 10.1.22.1/255.  The subnet is 255.255.255.0 and the gateway is 10.1.22.1.   It consists of IP addressable hardware that we sell.  It is a test network.  The router's WAN port is attached to the Domain so the "test" network can have access to the web, and so that computers on the 10.0.0.1/255 network can access the web interface built into the router.

I have one user that accesses both of these networks from his workstation using two NICs.  

This user routinely access the 10.0.0.x network via VPN from job sites and home.  He wants to be able to access devices on both networks via VPN.  

How can this be accomplished?
Avatar of Qlemo
Qlemo
Flag of Germany image

It should be sufficient if both gateways know of the other's network (have according routes). I assume VPN ip addresses are out of 10.0.0.0 network. When other ip addresses are used, those must be routed on the 10.1.22.1, too.
Avatar of jsstanley

ASKER

Yes, all my VPN users authenticate onto the SBS server on the 10.0.0.0 network.  Where/How do you suggest I create a route to both networks?
Easist way is to define necessary routes on gateways only, and to define those (local) gateways as default gateways on the corresponding network side.
I still do not have a resolution.

If I give myself a static IP on the 10.1.22.x range, I can access all resources on the internet and on my 10.0.0.x network.  But, if I use an IP handed to me by the SBS server (10.0.0.x) I'm unable to touch the 10.1.22.x network.

How can I establish a route in the SBS to the 10.1.22.x network, so my users with an IP of 10.0.0.x will be able to use resources on the 10.1.22.x network?

I believe if I can establish a route on the SBS, my VPN users will have access to the resources on the 10.1.22.x network after they authenticate onto the SBS (10.0.0.2).  Can anyone help with this?
Ok, I see, this is not as easy as I thought first. You would have to set an additional route on Linksys - but I don't think you can do that.

Next idea - change LinkSys net 10.0.0.0 / 8   (= 255.0.0.0). That way, it will post all data for any 10.x address onto the internal network. On the 10.1.x router, you will have to do the same, so packets are sent back.

Is this really the solution? Many nodes on the 10.1.22.x network have static IPs.  Changing the subnet would require me to touch each node.  Also I would have to reconfigure domain info.  I really dont want to break my network.......

Do you have any other ideas?
Please reread my writings. You only have to apply changes to at least the Linksys router (the change to test router should not be necessary as it has two interfaces).
The router only lets me configure the last octet.  I can not manually enter the subnet........
Are you able to set a route in Linksys for  10.1.22.x with gateway address of WAN port of the test router?
All domain PCs are handed an IP via the SBS.  DHCP is configured to hand out a subnet of 255.255.255.0.  I tried hard coding my IP with subnet of 255.0.0.0 and I was able to touch devices on the 10.1.22.x network with an IP of 10.0.0.x.  This does not solve my original problem with being able to access the test network via VPN.

The next step is to change settings in the SBS.  Unfortunately Im unable to make any changes to SBS at this time.  I would like to keep this discussion open until Im unable to make changes to the SBS.

Although a solution was not handed to me, I believe you(Qlemo) should be awarded the points because you got be thinking in the right direction.

I'll post again soon if I have found a solution or need further assistance.
ASKER CERTIFIED SOLUTION
Avatar of Qlemo
Qlemo
Flag of Germany image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account