Solved

Site-to-Site VPN and Routing

Posted on 2008-10-31
12
2,218 Views
Last Modified: 2012-06-21
I have two offices, site A with SBS 2003, single nic, subnet 192.168.200.0, and B with Windows Server 2008, single nic, subnet 192.168.201.0. I have configured site B with RRAS to VPN to A. The server can ping site A just fine, but none of the clients on site B can ping through to A.
The gateway at site B is setup correctly to route traffic to that subnet through the server. When I created the demand dial interface on the server it asked for a static route, and I put in 192.168.200.0, mask 255.255.255.0, metric 1.
I've done this before at another time and place using Windows 2003, and I remember running into the same problem, but for the life of me I can't remember how I fixed it.

Thanks in adance,
Kevin
0
Comment
Question by:kevincurrey
  • 6
  • 4
12 Comments
 
LVL 7

Expert Comment

by:Dusan_Bajic
ID: 22856157
Can you run "route print" on both servers and paste here
0
 

Author Comment

by:kevincurrey
ID: 22859210
Interface List
 21 ........................... Remote Router
 10 ...00 15 f2 5a 11 0c ...... NVIDIA nForce 10/100/1000 Mbps Ethernet
 12 ........................... RAS (Dial In) Interface
  1 ........................... Software Loopback Interface 1
 11 ...00 00 00 00 00 00 00 e0  isatap.{E86C6192-CC73-48B9-81EA-8C41A0134039}
 20 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #2
 14 ...00 00 00 00 00 00 00 e0  isatap.{074876A9-C0F6-4412-B856-694E2247E4C7}
 22 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #4

Active Routes:
Network Dest.      Netmask                 Gateway             Interface                 Metric
0.0.0.0                    0.0.0.0                     192.168.201.1 192.168.201.60     276
127.0.0.0               255.0.0.0                  On-link              127.0.0.1               306
127.0.0.1               255.255.255.255    On-link              127.0.0.1               306
127.255.255.255 255.255.255.255    On-link              127.0.0.1                 306
(public ip A)          255.255.255.255    192.168.201.1   192.168.201.60     21
192.168.201.0     255.255.255.0          On-link                192.168.201.60   276
192.168.201.15   255.255.255.255     On-link                  192.168.201.15  306
192.168.201.60   255.255.255.255     On-link                  192.168.201.60  276
192.168.201.255 255.255.255.255     On-link                 192.168.201.60   276
192.168.200.0      255.255.255.0         192.168.200.26 192.168.200.24    21
192.168.200.24    255.255.255.255    On-link                 192.168.200.24    276
224.0.0.0                240.0.0.0                  On-link                 127.0.0.1               306
224.0.0.0                240.0.0.0                  On-link                 192.168.201.60   277
224.0.0.0                240.0.0.0                  On-link                 192.168.201.15   306
255.255.255.255 255.255.255.255     On-link                 127.0.0.1               306
255.255.255.255 255.255.255.255     On-link                 192.168.201.60   276
255.255.255.255 255.255.255.255     On-link                 192.168.201.15   306
255.255.255.255 255.255.255.255     On-link                 192.168.200.24   276

Persistent Routes:
Network Address     Netmask         Gateway Address       Metric
0.0.0.0                         0.0.0.0             192.168.201.1            Default
0
 

Author Comment

by:kevincurrey
ID: 22859242
I should have also posted results from tracert:
Tracert on server B:
 1    73 ms    73 ms    73 ms  serverA.domain.local [192.168.200.2]
Tracert on client:
  1    <1 ms    <1 ms    <1 ms  192.168.201.1  (router)
 2    <1 ms     *       <1 ms  192.168.201.60      (server B)
 3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
0
 
LVL 7

Expert Comment

by:Dusan_Bajic
ID: 22887781
can you run route print on server A also?
0
 

Author Comment

by:kevincurrey
ID: 22888149
There are not any routes from site A to site B, and this is intentional as I only need and want traffic to go one way.

Thanks,
Kevin

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.200.1    192.168.200.2      1
   75.162.207.147  255.255.255.255     192.168.200.1    192.168.200.2      1
        127.0.0.0        255.0.0.0         127.0.0.1        127.0.0.1      1
  128.187.172.199  255.255.255.255     192.168.200.1    192.168.200.2      1
    192.168.200.0    255.255.255.0    1 92.168.200.2    192.168.200.2     10
    192.168.200.2  255.255.255.255         127.0.0.1        127.0.0.1     10
   192.168.200.21  255.255.255.255    192.168.200.2    192.168.200.26      1
   192.168.200.22  255.255.255.255    192.168.200.26   192.168.200.26      1
   192.168.200.24  255.255.255.255    192.168.200.26   192.168.200.26      1
   192.168.200.26  255.255.255.255         127.0.0.1        127.0.0.1     50
  192.168.200.255  255.255.255.255     192.168.200.2    192.168.200.2     10
        224.0.0.0        240.0.0.0     192.168.200.2    192.168.200.2     10
  255.255.255.255  255.255.255.255     192.168.200.2    192.168.200.2      1
Default Gateway:      192.168.200.1

Persistent Routes:
  None
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 7

Expert Comment

by:Dusan_Bajic
ID: 22888268
That is hardly possible. Take ping for example. You send packet, you need to receive reply or it doesn't make much sense. You need that route if you want reply. In fact, you need that route, period.
0
 

Author Comment

by:kevincurrey
ID: 22888810
So you don't think its a problem in the routing of server B? Because I've done it this way before with success. I'm just missing a step that I took before, and I can't fiure out what that is. I believe it had something to do with NAT on the remote interface for server B.
I do appreciate the input though and will try it.
0
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 22888847
The first route print shows some things I don't understand:

Network Dest.      Netmask                 Gateway             Interface                 Metric
0.0.0.0                    0.0.0.0                     192.168.201.1 192.168.201.60     276
...this tells me that this computer has .201.60 on a NIC.
192.168.201.15   255.255.255.255     On-link                  192.168.201.15  306
...this tells me that this computer has .201.15 on a NIC..??? you didn't mention it.
192.168.200.0      255.255.255.0         192.168.200.26 192.168.200.24    21
...this tells me that this computer has .200.24 on a NIC??? that doesn't make sense to me as the subnet is supposed to be on the other end of the VPN.  The VPN must have different subnets at each end.

I don't see any persistent routes.  Presumably 192.168.201.1 has the route to 192.168.200.0, right?  But, this is a problem because any packet going to 192.168.200.0 will go to 192.168.200.24    which appears to be a NIC on the first machine.

Now to the second route print:

Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.200.1    192.168.200.2      1
   75.162.207.147  255.255.255.255     192.168.200.1    192.168.200.2      1
        127.0.0.0        255.0.0.0         127.0.0.1        127.0.0.1      1
  128.187.172.199  255.255.255.255     192.168.200.1    192.168.200.2      1
    192.168.200.0    255.255.255.0    1 92.168.200.2    192.168.200.2     10
    192.168.200.2  255.255.255.255         127.0.0.1        127.0.0.1     10
   192.168.200.21  255.255.255.255    192.168.200.2    192.168.200.26      1
   192.168.200.22  255.255.255.255    192.168.200.26   192.168.200.26      1
   192.168.200.24  255.255.255.255    192.168.200.26   192.168.200.26      1
   192.168.200.26  255.255.255.255         127.0.0.1        127.0.0.1     50
  192.168.200.255  255.255.255.255     192.168.200.2    192.168.200.2     10
        224.0.0.0        240.0.0.0     192.168.200.2    192.168.200.2     10
  255.255.255.255  255.255.255.255     192.168.200.2    192.168.200.2      1
Default Gateway:      192.168.200.1

Persistent Routes:
  None
*******************
All this looks fine.  Presumably 192.168.200.1 knows how to route packets to 192.168.201.0, yes?
0
 
LVL 7

Accepted Solution

by:
Dusan_Bajic earned 500 total points
ID: 22888878
Oh, I see what you mean. You have to enable NAT (if it is not already enabled) at RRAS on server B, and add VPN interface as public and LAN as private.
0
 

Author Comment

by:kevincurrey
ID: 22888964
Dusan -
I think that's it! I was putting NAT on the VPN interface as private and didn't put NAT on the LAN interface. I don't have a way of checking it now, but I think that should do it.

Thank you, I'll accept as solution as soon as I can confirm that it works.
0
 

Author Closing Comment

by:kevincurrey
ID: 31512272
Thanks again! That was all I needed to do.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now