Draytek LAN to LAN created but computers can see others on the other side

A customer is expanding and has taken a second office, we have two Draytek 2860 routers and have successfully created a secure Ipsec tunnel between the two offices.

The problem is that none of the machines on one side can reach the server or machines on the other side.

The machines can ping the router on the other side but not the machines or get access to the server or shares etc.

do we need to create some other "route" to see machines on the other side?
Who is Participating?
BurundiLappConnect With a Mentor Commented:
It does sound like possibly a routing issue, what is the default route set to at the remote site?

Have you configured any static routes on the Drayteks themselves, I would expect you to setup a route to the normal LAn default gateway for each site on the drayteks so they know where the next hop is.
Kash2nd Line EngineerCommented:
make sure both networks are on the different network range. i.e: if one is using 192.168.1.x the other should be 192.168.2.x

also make sure you define the IP range right in LAN-LAN and username / passwords match.

i suspect its the IP range
rigo2013Connect With a Mentor Commented:

You will need to create a route between the two sites.

The easiest way is to configure it on the default gateways at each office which probably look out the the internet.

If you are using a proxy, the default gateway may not be set on the clients.  If so, just set the site local Draytek as the D G/W (easiest way is via DHCP).
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

InsideviewM.D.Author Commented:
Dear All, the lans are and

Each client machine is set up with static IP address GateWay is the local router on the same side.

LAN to LAN settings are correct and the Secure VPN Ipsec tunel has been stable for 3 days.

BurundiLapp, I'm not sure what you are asking?
Just another thought.

Have you configured DNS to resolve each side?

Can you ping the hosts on the other segment (you do not mention that above)?

Also, are your local systems firewalled?  They might only allow local traffic.
InsideviewM.D.Author Commented:
rigo 2013, no, how do you configure DNS to resolve each side?
all machines are using AVG Internet security
Are there local firewalls enabled on each PC? That would be the obvious thing as from what you have said this should be working.
InsideviewM.D.Author Commented:
Hi, thank you all for comments so far but I may have found the answer in another post


the "more" button on the bottom of the VPN tunnel settings allows you to add subnets across the vpn

Will test and post result
InsideviewM.D.Author Commented:
Thank you, your comments pointed me in the right direction along with this post http://www.experts-exchange.com/Q_25989320.html

Clicking on the "more" button in the lan-lan set up allows you to tell the draytek which subnets should be router across the VPN and not go to the internet.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.