Draytek LAN to LAN created but computers can see others on the other side

A customer is expanding and has taken a second office, we have two Draytek 2860 routers and have successfully created a secure Ipsec tunnel between the two offices.

The problem is that none of the machines on one side can reach the server or machines on the other side.

The machines can ping the router on the other side but not the machines or get access to the server or shares etc.

do we need to create some other "route" to see machines on the other side?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

It does sound like possibly a routing issue, what is the default route set to at the remote site?

Have you configured any static routes on the Drayteks themselves, I would expect you to setup a route to the normal LAn default gateway for each site on the drayteks so they know where the next hop is.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Kash2nd Line EngineerCommented:
make sure both networks are on the different network range. i.e: if one is using 192.168.1.x the other should be 192.168.2.x

also make sure you define the IP range right in LAN-LAN and username / passwords match.

i suspect its the IP range

You will need to create a route between the two sites.

The easiest way is to configure it on the default gateways at each office which probably look out the the internet.

If you are using a proxy, the default gateway may not be set on the clients.  If so, just set the site local Draytek as the D G/W (easiest way is via DHCP).
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

InsideviewM.D.Author Commented:
Dear All, the lans are and

Each client machine is set up with static IP address GateWay is the local router on the same side.

LAN to LAN settings are correct and the Secure VPN Ipsec tunel has been stable for 3 days.

BurundiLapp, I'm not sure what you are asking?
Just another thought.

Have you configured DNS to resolve each side?

Can you ping the hosts on the other segment (you do not mention that above)?

Also, are your local systems firewalled?  They might only allow local traffic.
InsideviewM.D.Author Commented:
rigo 2013, no, how do you configure DNS to resolve each side?
all machines are using AVG Internet security
Are there local firewalls enabled on each PC? That would be the obvious thing as from what you have said this should be working.
InsideviewM.D.Author Commented:
Hi, thank you all for comments so far but I may have found the answer in another post


the "more" button on the bottom of the VPN tunnel settings allows you to add subnets across the vpn

Will test and post result
InsideviewM.D.Author Commented:
Thank you, your comments pointed me in the right direction along with this post http://www.experts-exchange.com/Q_25989320.html

Clicking on the "more" button in the lan-lan set up allows you to tell the draytek which subnets should be router across the VPN and not go to the internet.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.