how to Site to Site VPN behide firwall?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Dears,

I have set the windows 2003 VPN server. but it does not work.

i have 2 windows 2003 server in 2 network(192.168.1.254 - Network A and
192.168.2.254 - network B), both of them are domain controller. they are
behide the firewall (192.168.1.1 and 192.168.2.1)

i have set the port forward in my firewalls so that they will forward all
trafice of port 1723 to my windows 2003 server.

I read the step-by-step guideline, they use another network for server to
server, so i setup like this:

Server B will get a IP 172.16.1.2 when connecting to server A (172.16.1.1)
Server A will get a IP 172.16.2.2 when connecting to server B (172.16.2.1)

now, I have add the on-demand interface in both server, Server A connect to
Server B and Server B connect to Server A

in server A, i can ping server B. but i cant ping client in network B. i fix
it by change the client B computer gateway from 192.168.2.1 to
192.168.2.254. then server A can ping the clinet B.

I try to add a static route in computer B

route add 192.168.1.0 mask 255.255.255.0 192.168.2.254

and set the gateway back to 192.168.2.1, then, i can'y ping the computer B
form server A!

finally, i find that i need to set this route!

route delte 192.168.1.0 (the previous rule is use less, so i delete it)
route add 172.16.2.0 mask 255.255.255.0 192.168.2.254 (it is unreasonable)

Now my server A can ping both server B and Clinet B. However, my client A
can't Ping Clinet B.

Please HELP HELP!
 
Jon said:
Dears,

I have set the windows 2003 VPN server. but it does not work.

i have 2 windows 2003 server in 2 network(192.168.1.254 - Network A and
192.168.2.254 - network B), both of them are domain controller. they are
behide the firewall (192.168.1.1 and 192.168.2.1)

i have set the port forward in my firewalls so that they will forward all
trafice of port 1723 to my windows 2003 server.

I read the step-by-step guideline, they use another network for server to
server, so i setup like this:

Server B will get a IP 172.16.1.2 when connecting to server A (172.16.1.1)
Server A will get a IP 172.16.2.2 when connecting to server B (172.16.2.1)

now, I have add the on-demand interface in both server, Server A connect to
Server B and Server B connect to Server A

in server A, i can ping server B. but i cant ping client in network B. i fix
it by change the client B computer gateway from 192.168.2.1 to
192.168.2.254. then server A can ping the clinet B.

I try to add a static route in computer B

route add 192.168.1.0 mask 255.255.255.0 192.168.2.254

and set the gateway back to 192.168.2.1, then, i can'y ping the computer B
form server A!

finally, i find that i need to set this route!

route delte 192.168.1.0 (the previous rule is use less, so i delete it)
route add 172.16.2.0 mask 255.255.255.0 192.168.2.254 (it is unreasonable)

Now my server A can ping both server B and Clinet B. However, my client A
can't Ping Clinet B.

Please HELP HELP!

I am assuming you are using a PPTP VPN (or two of them, one in each
direction). You are correct, it doesn't work that way. Please see my
drawing at

http://65.243.151.82/pptp-vpn.jpg

....kurt
 
I tried everything, but still don't work. I think I can't use one interface
to act as a vpn server. i finally change to openvpn. it is much simple. and i
can do what i want. thank you for your help.
 
Back
Top