Solved

linksys RV4000 VPN configuration

Posted on 2009-05-03
14
493 Views
Last Modified: 2012-06-27
I've setup a VPN Tunnel between 2 offices of my client.  Tunnel is up and running.  I've run into a situation.  I can ping equipment from one side of the Network to the other (192.168.1.0 to 192.168.2.0), but not vise versa.  On the 192.168.1.0 side there is a DHCP running on Windows Server 2008 Standard which is the DC.  On the other side is the remote office with the IP phones and the users computers.  No Servers, just Linksys WRVS4400N router with a Linksys Gigabit switch and the users equipment.

Can anyone offer a suggestion on the issue?
0
Comment
Question by:IntekTech
  • 7
  • 7
14 Comments
 
LVL 68

Expert Comment

by:Qlemo
ID: 24290836
As you can ping one way, this is (most probably) a VPN policy/access rule issue.

Are you using Site-2-Site, with routing, or a more client-like setup with one of the Linksys "dialing in" into the other? In that case, you might run into a NAT issue.
0
 

Author Comment

by:IntekTech
ID: 24291865
I'm using a Linksys RV4000 on one end and a WRVS4400N on the other.  Both firmwares are up-to-date.  They are connected via the IPSec Tunnel not client.  The connection is made by both ends I assume.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24296574
I can only repeat myself. As you can ping one way, this is (most probably) a VPN policy/access rule issue.

The models seem to be very close, so configuration is comparable, I reckon. Did you compare the firewall rules yet?
0
 

Author Comment

by:IntekTech
ID: 24306601
Ok...So I can ping both ways.  I can ping the server and the router from the remote site (192.168.2.1->192.168.1.1 and 1.250) but I can't ping any of the PCs on the network.  That's not a problem.  The IP Phones are working (Yeah!), but I can't search for computers on the 192.168.1.0 network by name only IP.  What am I missing?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24307427
Is it only network browsing / name resolution not working?
Or does ping with IP also not work from 192.168.2.1 -> 192.168.1.x (except .1 and .250)?

If you can't ping even with IP addresses, there is a severe error, which must be resolved first. I suppose the Linksys' are both default gateway for all computers. If so, I cannot image the reason IP ping does not work.

Browsing does not work since you have a routing connection. NetBIOS / NetBT neighbourhood information can't be used over routers, they are done by IP Broadcasts, which are only delivered to the same network, and not routed. The same applies to name resolution.
For Browsing and NetBIOS Name Resolution, you could build a WINS server on one side (a server is needed, so it is the 192.168.1.x server), and use that WINS server on each client on both sides.
All clients will register at WINS, and ask it for unknown names.
WINS is outdated, so this is an easy, but not the future solution ...

The "better" solution would be to use a single DNS server for both sides. All clients register with that DNS server, and it is asked for names.

0
 

Author Comment

by:IntekTech
ID: 24307538
I've got the server at 192.168.1.250.  It is the DHCP and DNS server for the domain.  On the remote site I have the DNS of the server as a static address on the LAN side of the router (static DNS 2).  should I move it to DNS1?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24307833
DNS2 is useless - it's purpose is to jump in when DNS1 is not answering at all (not working, not reachable). That DNS server has to be #1 to be used.

0
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

 

Author Comment

by:IntekTech
ID: 24308482
I guess I can't have the DHCP server on the 192.168.1.0 network (the server) assign IP addresses for the remote machines and eliminate the 192.168.2.0 network can I?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24308662
There are tricks to do that, but I would not recommend to apply them. As you have routers,  DHCP request cannot pass them, and you need distinct networks to route between. You can do subnetting, but that builds just maller networks looking like a single contigious one. And it does not solve any of your problems.
0
 

Author Comment

by:IntekTech
ID: 24309295
Well....I assigned 192.168.1.250 to the Static DNS of the router on the 192.168.2.1 side.  I don't see the DNS records populating in the DNS Server.  Is there anything else I need to do to make sure the IPs are getting registered in the DNS Server?
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
ID: 24309784
If you are not using DHCP, each client has to register at the DNS server. I assume you set up the local Linksys as DNS (forwarder), then no DNS self-register will happen. (With DHCP, the DHCP server does take care of registering in DNS for each client - normally).

Only if the one-and-only DNS server for the internal domain is addressed directly, when using static IPs, you will find clients registering.
To force DNS register, you can type a    ipconfig /registerdns.

0
 
LVL 68

Expert Comment

by:Qlemo
ID: 24309791
BTW, I would appreciate if you could increase points. The configuration is getting more and more complex now.
0
 

Author Comment

by:IntekTech
ID: 24311476
Ok.  I increased the points as your solutions are very informative and helpful.  I will test some more and get back to you.
0
 

Author Comment

by:IntekTech
ID: 24354776
Ok, so I enabled the WINS server and pointed all computers to Windows DNS Server.  Checked from remote office and everything is working great.  I'm sure the WINS server is only a temp fix, but I will figure something out.  

Thanks for your help.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now