Improve company productivity with a Business Account.Sign Up

x
?
Solved

Site to Site VPN

Posted on 2010-09-23
6
Medium Priority
?
594 Views
Last Modified: 2012-05-10
I'm trying to get a site to site VPN using Draytek 2820 routers setup as follows.

Site A
LAN 192.168.1.0 / 24 Default router on 192.168.1.1 VPN Router on 192.168.1.2
Connected to ADSL via NAT and single static IP

Site B
LAN 192.168.2.0 /24 Default router 192.168.2.1
Connected to ADSL via NAT and single static IP

The VPN is active and I can ping from the ping diagnostics on the router at site A to 192.168.1.2 at site B but I can't ping anything on the LAN at Site A from Site B

Do I need to add some other routes somewhere?
0
Comment
Question by:Milkybar-kid
6 Comments
 
LVL 1

Expert Comment

by:anand_mj
ID: 33742715
Use no nat for VPN traffic
0
 
LVL 1

Author Comment

by:Milkybar-kid
ID: 33742736
There is no problem with the VPN connection. It is a routing issue. I have configured these devices using NAT before. What difference will no nat make? Care to expand to help me reolve this?
0
 
LVL 3

Accepted Solution

by:
gjdonkeh earned 2000 total points
ID: 33743203
Do your clients at Site A, know that in order to route to Site B, they must go via the VPN router and not the Default Router ?

sounds like you need to add routes on your PC's, or on your default router.
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
LVL 1

Author Comment

by:Milkybar-kid
ID: 33743260
What routes should I add ?
0
 
LVL 15

Expert Comment

by:James
ID: 33743570
The best way of diagnosing the problem would be to view the route table information on the problematic site. Go to the command prompt > type route print > this will display the route table information. The next step would be to try tracert at the command. This will tell you where the point of failure is. You may need to add persistant routes. Also, you could try adding static entries to the host file on a PC and then check to see if you can ping. The problem could be down to dns resolution. An important point to note, make sure the firmware on both routers is up to date.
0
 
LVL 72

Expert Comment

by:Qlemo
ID: 33745336
No need for diagnosis. The default gateway on site A does not know how to route 192.168.2.0. Just add the route there, and you should be set.
0

Featured Post

Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
This article is about building a VRF-Aware site to site VPN tunnels in Cisco CSR1000V router with IOS XE. There are two VRF-Aware Policy Based IPsec VPN tunnels configured on CSR1000V router one with NAT and another without NAT.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question