Site-to-Site VPN and Routing

I have two offices, site A with SBS 2003, single nic, subnet 192.168.200.0, and B with Windows Server 2008, single nic, subnet 192.168.201.0. I have configured site B with RRAS to VPN to A. The server can ping site A just fine, but none of the clients on site B can ping through to A.
The gateway at site B is setup correctly to route traffic to that subnet through the server. When I created the demand dial interface on the server it asked for a static route, and I put in 192.168.200.0, mask 255.255.255.0, metric 1.
I've done this before at another time and place using Windows 2003, and I remember running into the same problem, but for the life of me I can't remember how I fixed it.

Thanks in adance,
Kevin
kevincurreyAsked:
Who is Participating?
 
Dusan_BajicConnect With a Mentor Commented:
Oh, I see what you mean. You have to enable NAT (if it is not already enabled) at RRAS on server B, and add VPN interface as public and LAN as private.
0
 
Dusan_BajicCommented:
Can you run "route print" on both servers and paste here
0
 
kevincurreyAuthor Commented:
Interface List
 21 ........................... Remote Router
 10 ...00 15 f2 5a 11 0c ...... NVIDIA nForce 10/100/1000 Mbps Ethernet
 12 ........................... RAS (Dial In) Interface
  1 ........................... Software Loopback Interface 1
 11 ...00 00 00 00 00 00 00 e0  isatap.{E86C6192-CC73-48B9-81EA-8C41A0134039}
 20 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #2
 14 ...00 00 00 00 00 00 00 e0  isatap.{074876A9-C0F6-4412-B856-694E2247E4C7}
 22 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #4

Active Routes:
Network Dest.      Netmask                 Gateway             Interface                 Metric
0.0.0.0                    0.0.0.0                     192.168.201.1 192.168.201.60     276
127.0.0.0               255.0.0.0                  On-link              127.0.0.1               306
127.0.0.1               255.255.255.255    On-link              127.0.0.1               306
127.255.255.255 255.255.255.255    On-link              127.0.0.1                 306
(public ip A)          255.255.255.255    192.168.201.1   192.168.201.60     21
192.168.201.0     255.255.255.0          On-link                192.168.201.60   276
192.168.201.15   255.255.255.255     On-link                  192.168.201.15  306
192.168.201.60   255.255.255.255     On-link                  192.168.201.60  276
192.168.201.255 255.255.255.255     On-link                 192.168.201.60   276
192.168.200.0      255.255.255.0         192.168.200.26 192.168.200.24    21
192.168.200.24    255.255.255.255    On-link                 192.168.200.24    276
224.0.0.0                240.0.0.0                  On-link                 127.0.0.1               306
224.0.0.0                240.0.0.0                  On-link                 192.168.201.60   277
224.0.0.0                240.0.0.0                  On-link                 192.168.201.15   306
255.255.255.255 255.255.255.255     On-link                 127.0.0.1               306
255.255.255.255 255.255.255.255     On-link                 192.168.201.60   276
255.255.255.255 255.255.255.255     On-link                 192.168.201.15   306
255.255.255.255 255.255.255.255     On-link                 192.168.200.24   276

Persistent Routes:
Network Address     Netmask         Gateway Address       Metric
0.0.0.0                         0.0.0.0             192.168.201.1            Default
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
kevincurreyAuthor Commented:
I should have also posted results from tracert:
Tracert on server B:
 1    73 ms    73 ms    73 ms  serverA.domain.local [192.168.200.2]
Tracert on client:
  1    <1 ms    <1 ms    <1 ms  192.168.201.1  (router)
 2    <1 ms     *       <1 ms  192.168.201.60      (server B)
 3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
0
 
Dusan_BajicCommented:
can you run route print on server A also?
0
 
kevincurreyAuthor Commented:
There are not any routes from site A to site B, and this is intentional as I only need and want traffic to go one way.

Thanks,
Kevin

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.200.1    192.168.200.2      1
   75.162.207.147  255.255.255.255     192.168.200.1    192.168.200.2      1
        127.0.0.0        255.0.0.0         127.0.0.1        127.0.0.1      1
  128.187.172.199  255.255.255.255     192.168.200.1    192.168.200.2      1
    192.168.200.0    255.255.255.0    1 92.168.200.2    192.168.200.2     10
    192.168.200.2  255.255.255.255         127.0.0.1        127.0.0.1     10
   192.168.200.21  255.255.255.255    192.168.200.2    192.168.200.26      1
   192.168.200.22  255.255.255.255    192.168.200.26   192.168.200.26      1
   192.168.200.24  255.255.255.255    192.168.200.26   192.168.200.26      1
   192.168.200.26  255.255.255.255         127.0.0.1        127.0.0.1     50
  192.168.200.255  255.255.255.255     192.168.200.2    192.168.200.2     10
        224.0.0.0        240.0.0.0     192.168.200.2    192.168.200.2     10
  255.255.255.255  255.255.255.255     192.168.200.2    192.168.200.2      1
Default Gateway:      192.168.200.1

Persistent Routes:
  None
0
 
Dusan_BajicCommented:
That is hardly possible. Take ping for example. You send packet, you need to receive reply or it doesn't make much sense. You need that route if you want reply. In fact, you need that route, period.
0
 
kevincurreyAuthor Commented:
So you don't think its a problem in the routing of server B? Because I've done it this way before with success. I'm just missing a step that I took before, and I can't fiure out what that is. I believe it had something to do with NAT on the remote interface for server B.
I do appreciate the input though and will try it.
0
 
Fred MarshallPrincipalCommented:
The first route print shows some things I don't understand:

Network Dest.      Netmask                 Gateway             Interface                 Metric
0.0.0.0                    0.0.0.0                     192.168.201.1 192.168.201.60     276
...this tells me that this computer has .201.60 on a NIC.
192.168.201.15   255.255.255.255     On-link                  192.168.201.15  306
...this tells me that this computer has .201.15 on a NIC..??? you didn't mention it.
192.168.200.0      255.255.255.0         192.168.200.26 192.168.200.24    21
...this tells me that this computer has .200.24 on a NIC??? that doesn't make sense to me as the subnet is supposed to be on the other end of the VPN.  The VPN must have different subnets at each end.

I don't see any persistent routes.  Presumably 192.168.201.1 has the route to 192.168.200.0, right?  But, this is a problem because any packet going to 192.168.200.0 will go to 192.168.200.24    which appears to be a NIC on the first machine.

Now to the second route print:

Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.200.1    192.168.200.2      1
   75.162.207.147  255.255.255.255     192.168.200.1    192.168.200.2      1
        127.0.0.0        255.0.0.0         127.0.0.1        127.0.0.1      1
  128.187.172.199  255.255.255.255     192.168.200.1    192.168.200.2      1
    192.168.200.0    255.255.255.0    1 92.168.200.2    192.168.200.2     10
    192.168.200.2  255.255.255.255         127.0.0.1        127.0.0.1     10
   192.168.200.21  255.255.255.255    192.168.200.2    192.168.200.26      1
   192.168.200.22  255.255.255.255    192.168.200.26   192.168.200.26      1
   192.168.200.24  255.255.255.255    192.168.200.26   192.168.200.26      1
   192.168.200.26  255.255.255.255         127.0.0.1        127.0.0.1     50
  192.168.200.255  255.255.255.255     192.168.200.2    192.168.200.2     10
        224.0.0.0        240.0.0.0     192.168.200.2    192.168.200.2     10
  255.255.255.255  255.255.255.255     192.168.200.2    192.168.200.2      1
Default Gateway:      192.168.200.1

Persistent Routes:
  None
*******************
All this looks fine.  Presumably 192.168.200.1 knows how to route packets to 192.168.201.0, yes?
0
 
kevincurreyAuthor Commented:
Dusan -
I think that's it! I was putting NAT on the VPN interface as private and didn't put NAT on the LAN interface. I don't have a way of checking it now, but I think that should do it.

Thank you, I'll accept as solution as soon as I can confirm that it works.
0
 
kevincurreyAuthor Commented:
Thanks again! That was all I needed to do.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.