• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 29
  • Last Modified:

Windows 2003 to Windows 2012 VPN connection, can browse and ping one direction

OK so here is my setup... I have two Windows 2003 servers in one physical environment, and one Windows 2012 server in another physical location.

Location 1:

Galactus is the RRAS/VPN Server
Magneto is a member 2003 Server

Location 2:

HYPERV is the Windows 2012 R2 server.

I have successfully connected the two sites with VPN, and joined HYPERV to the Windows domain.  From HYPERV, I can browse the remote network, ping the remote network, copy files, etc.

From GALACTUS, I can ping HYPERV, I can browse it, copy files, etc.

From MAGNETO, I CANNOT ping, browse, or copy to HYPERV.

Location 1 physical network:
192.168.1.x subnet, 192.168.1.5 gateway (which is our router)

Location 2 physical network:
192.168.1.x subnet, 192.168.1.1 gateway (which is our router)

Location 1 IP addresses:
MAGNETO - 192.168.1.10
GALACTUS - 192.168.1.20

Location 2 IP Address:
HYPERV - 192.168.1.36

When I dial in with the VPN, GALACTUS takes a second address of 192.168.1.210, which I also CANNOT ping from Magneto.
HYPERV takes a second address of 192.168.1.210, which I also CANNOT ping from Magneto.

I have blacked out the public files, but attached are the screenshots of ROUTE PRINT, as well as IPCONFIG /ALL.
RemoteServer1.jpg
Galactus1.jpg
Magneto1.jpg
HYPERV2.JPG
galactus2.JPG
magneto2.jpg
0
FutureTechSysDOTcom
Asked:
FutureTechSysDOTcom
  • 8
  • 7
2 Solutions
 
Tomas ValentaIT ManagerCommented:
Hello,
you have two separated networks with the same IP subnet. It is not common.  A quick workaround could be static host route - in Magneto routing table add static route for HYPERV and gateway is GALACTUS. But the right solution is to make HYPERV subnet different - 192.168.2.x and then add static route in your router directed this network to the GALACTUS.
0
 
FutureTechSysDOTcomAuthor Commented:
I tried the static host route as follows previously:

route add 192.168.1.211 mask 255.255.255.255 192.168.1.210
route add 192.168.1.211 mask 255.255.255.255 192.168.1.20

Neither worked.

Would I change the subnet on HYPERV at the VPN level, or the actual IP level?
0
 
Tomas ValentaIT ManagerCommented:
MAGNETO - route add 192.168.1.36 MASK 255.255.255.255 192.168.1.210
routing must be enabled in RRAS (but it is not routing but bridging)
on other side - HYPERV - must be route back to the GALACTUS - route add 192.168.1.10 MASK 255.255.255.255 192.168.1.210 (really is on both VPN endpoint the same IP addresses ?
for testing run tracert -d hyperV from GALACTUS command to be sure the traffic
is routed to the MAGNETO and not to the router 192.168.1.5
but really I recommend to change the network on HYPERV side
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
FutureTechSysDOTcomAuthor Commented:
OK, let's assume I change the network on the HYPERV side - am I changing the LAN address to 192.168.2.x, or am I changing the VPN assigned address to 192.168.2.x?
0
 
Tomas ValentaIT ManagerCommented:
the LAN 2 must be different network so LAN address of the HYPERV must be 192.168.2.36
then you add static route to your router 192.168.1.5 (network 192.168.2.0/24 to gateway 192.168.1.20)
and on other side the router with IP 192.168.1.1 you must change to 192.168.2.1 and add route 192.168.1.0/24 to gateway 192.168.2.36. RRAS must be configured for routing.
0
 
FutureTechSysDOTcomAuthor Commented:
HYPERV is on a LAN with a router of 192.168.1.1
The primary location's LAN has a router of 192.168.1.5

If I change HYPERV's LAN to 192.168.2.x, would I leave the VPN addresses as 192.168.1.x?
0
 
Tomas ValentaIT ManagerCommented:
the IP must be from the local subnet so HYPERV's IP in 2.x
20150417-152229.jpg
0
 
FutureTechSysDOTcomAuthor Commented:
This is my router on the HYPERV side... is this where you would suggest adding the route?
0
 
Tomas ValentaIT ManagerCommented:
it could be visible in the attached picture (I hope..). The best practise is to have one default router in the network and here all networks routes. SO use your routers and add here the routes to the second network.
0
 
FutureTechSysDOTcomAuthor Commented:
Sorry file didn't attach first time
LocalRouter1.jpg
0
 
Tomas ValentaIT ManagerCommented:
and my picture describes right your network configuration ? In red are changes.
In your picture is important information - there is tab EoIP Tunell. Do you have the same equipment on both sites ?
If yes you can do VPN tunnel by these routers. Always must be on both sites different subnets.
0
 
FutureTechSysDOTcomAuthor Commented:
I have DD-WRT firmware on my home office router, and a sonicwall VPN.  This is a short term setup, so doing it via software tunnel is fine for now, as its just this one machine that I need to be able to talk to the remote network.

Your picture I think has the changes, but I'm afraid when it comes to routing I need it a little "dumber" for me :)
0
 
Tomas ValentaIT ManagerCommented:
do not worry. I will decribe it step by step:
1) Location 2 - changing of IP addresses - do it on-site because after change you lose connection
 - change the address of your router from 192.168.1.1 to 192.168.2.1
 - add static route to your router (based on your picture)
    - route name = Location1
    - destination LAN NET= 192.168.1.0
    - subnet mask = 255.255.255.0
    - gateway = 192.168.2.36
    - interface = LAN
 - change the LAN IP address of HYPERV to 192.168.2.36, also change the IP of the VPN interface to 192.168.2.x

2) Location 1
  - add static route to your router 192.168.1.5 - route to 192.168.2.0 mask 255.255.255.0 gateway 192.168.1.20 (GALACTUS)
 - in RRAS configuration should be configuration part where you write what network is on other site - please check it
 - MAGNETO will have only route to the default gateway - 192.168.1.5

For testing use from command prompt (Start and run cmd.exe) and utility tracert
Usage:
- from GALACTUS try connect to the HYPERV
- from MAGNETO try tracert -d 192.168.2.36 - the result must be the traffic is routed to the 192.168.1.5 and then to the 192.168.1.20, next hop then 192.168.2.36
Tell me the result. please.
0
 
FutureTechSysDOTcomAuthor Commented:
For a little clarification on the above - the IP of the VPN interface is set by GALACTUS, on the RRAS server.  Is that where I would change that portion of it?
0
 
Tomas ValentaIT ManagerCommented:
I checked on my testing Windows 2003 server the configuration of site to site VPN tunnel and on GALACTUS RRAS config you are assigning only IP for remote client and this mean use the IP address from the network 192.168.1.x.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

  • 8
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now