linksys RV4000 VPN configuration
I've setup a VPN Tunnel between 2 offices of my client. Tunnel is up and running. I've run into a situation. I can ping equipment from one side of the Network to the other (192.168.1.0 to 192.168.2.0), but not vise versa. On the 192.168.1.0 side there is a DHCP running on Windows Server 2008 Standard which is the DC. On the other side is the remote office with the IP phones and the users computers. No Servers, just Linksys WRVS4400N router with a Linksys Gigabit switch and the users equipment.
Can anyone offer a suggestion on the issue?
Can anyone offer a suggestion on the issue?
ASKER
I'm using a Linksys RV4000 on one end and a WRVS4400N on the other. Both firmwares are up-to-date. They are connected via the IPSec Tunnel not client. The connection is made by both ends I assume.
I can only repeat myself. As you can ping one way, this is (most probably) a VPN policy/access rule issue.
The models seem to be very close, so configuration is comparable, I reckon. Did you compare the firewall rules yet?
The models seem to be very close, so configuration is comparable, I reckon. Did you compare the firewall rules yet?
ASKER
Ok...So I can ping both ways. I can ping the server and the router from the remote site (192.168.2.1->192.168.1.1 and 1.250) but I can't ping any of the PCs on the network. That's not a problem. The IP Phones are working (Yeah!), but I can't search for computers on the 192.168.1.0 network by name only IP. What am I missing?
Is it only network browsing / name resolution not working?
Or does ping with IP also not work from 192.168.2.1 -> 192.168.1.x (except .1 and .250)?
If you can't ping even with IP addresses, there is a severe error, which must be resolved first. I suppose the Linksys' are both default gateway for all computers. If so, I cannot image the reason IP ping does not work.
Browsing does not work since you have a routing connection. NetBIOS / NetBT neighbourhood information can't be used over routers, they are done by IP Broadcasts, which are only delivered to the same network, and not routed. The same applies to name resolution.
For Browsing and NetBIOS Name Resolution, you could build a WINS server on one side (a server is needed, so it is the 192.168.1.x server), and use that WINS server on each client on both sides.
All clients will register at WINS, and ask it for unknown names.
WINS is outdated, so this is an easy, but not the future solution ...
The "better" solution would be to use a single DNS server for both sides. All clients register with that DNS server, and it is asked for names.
Or does ping with IP also not work from 192.168.2.1 -> 192.168.1.x (except .1 and .250)?
If you can't ping even with IP addresses, there is a severe error, which must be resolved first. I suppose the Linksys' are both default gateway for all computers. If so, I cannot image the reason IP ping does not work.
Browsing does not work since you have a routing connection. NetBIOS / NetBT neighbourhood information can't be used over routers, they are done by IP Broadcasts, which are only delivered to the same network, and not routed. The same applies to name resolution.
For Browsing and NetBIOS Name Resolution, you could build a WINS server on one side (a server is needed, so it is the 192.168.1.x server), and use that WINS server on each client on both sides.
All clients will register at WINS, and ask it for unknown names.
WINS is outdated, so this is an easy, but not the future solution ...
The "better" solution would be to use a single DNS server for both sides. All clients register with that DNS server, and it is asked for names.
ASKER
I've got the server at 192.168.1.250. It is the DHCP and DNS server for the domain. On the remote site I have the DNS of the server as a static address on the LAN side of the router (static DNS 2). should I move it to DNS1?
DNS2 is useless - it's purpose is to jump in when DNS1 is not answering at all (not working, not reachable). That DNS server has to be #1 to be used.
ASKER
I guess I can't have the DHCP server on the 192.168.1.0 network (the server) assign IP addresses for the remote machines and eliminate the 192.168.2.0 network can I?
There are tricks to do that, but I would not recommend to apply them. As you have routers, DHCP request cannot pass them, and you need distinct networks to route between. You can do subnetting, but that builds just maller networks looking like a single contigious one. And it does not solve any of your problems.
ASKER
Well....I assigned 192.168.1.250 to the Static DNS of the router on the 192.168.2.1 side. I don't see the DNS records populating in the DNS Server. Is there anything else I need to do to make sure the IPs are getting registered in the DNS Server?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
BTW, I would appreciate if you could increase points. The configuration is getting more and more complex now.
ASKER
Ok. I increased the points as your solutions are very informative and helpful. I will test some more and get back to you.
ASKER
Ok, so I enabled the WINS server and pointed all computers to Windows DNS Server. Checked from remote office and everything is working great. I'm sure the WINS server is only a temp fix, but I will figure something out.
Thanks for your help.
Thanks for your help.
Are you using Site-2-Site, with routing, or a more client-like setup with one of the Linksys "dialing in" into the other? In that case, you might run into a NAT issue.