We help IT Professionals succeed at work.

Juniper NetScreen and Windows 2008 VPN Tunnel

Hi,

We have an office with internal LAN as 192.168.158.0/24 with a Juniper firewall in front which our service provider has set up the configuration for a VPN tunnel and provided details.
At the other site we have a internal LAN of 192.168.100.0/24 with a Windows 2008 R2 RRAS server which has two NIC's one internal (192.168.100.3) and one external public IP.

I have set up the Win 2008 server with RRAS and relvent IPSec settings and can see in the windows firewall there is a Main mode security association and have confirmed with our service provider that the tunnel is connected.

The problem I have is with routing, the subnet 192.168.100.0/24 can connect to the internet via the RRAS no problem however any traffic requests to the 192.168.158.0/24 network is not responding, I have had a look at static routes but cant seem to get this working.

Also from the other way if I ping an IP on the 192.168.100.0/24 subnet we can trace the pings over the VPN tunnel until it hits the external NIC of the RRAS server and stops so I am pretty certain it is a routing issue on the Windows 2008 server but cant see exactly what settings/configuration I need to change?

Has anyone set up a infrastructure like this before and know what I am missing? I have looked at the static routes and tried different combinations but cant seem to get it to work.

Thanks,

Nick
Comment
Watch Question

Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011

Commented:

Author

Commented:
Hi,

Thanks for this, it is very useful however this is if a problem lies with the Juniper configuration and troubleshooting the tunnel link, this part is working and I believe the problem lies within the Windows 2008 routing configuration.

Thanks,

Nick
Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011

Commented:
ok nick lets simplify the problem more ,you have 2 juniper on both sites? and both site should connect to server in different site?? is that's it?? am trying to help

Author

Commented:
Hi,

Apologies, my response was not meant to be blunt in anyway. I am very greatful for the responses.

We only have one Juniper in front of the 192.168.158.0/24 subnet with a public IP gateway, the other end is a Windows 2008 server with RRAS role that has 2 NIC's a public and internal address.

Thanks,

Nick
Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011

Commented:
don't be angry of me am not familiar with juniper but maybe idea can lead you to solution this what am trying to do , i doubt its windows firewall issue , try to stop the firewall and check the traffic again , also read here maybe something you missed with configuration RRAS with windows :

http://shannonbray.wordpress.com/2010/05/25/configuring-rras-for-windows-server-2008-r2/

Author

Commented:
Hi,

I have just tried the firewall and this has made no difference, I believe it might be something to do with the routing of the packets once they get to the windows 2008 RRAS, whether coming in from external or going out from internal they are not routed to the correct destination.

Thanks,

Nick
Network Administrator, Network Consultant
Top Expert 2011
Commented: