NAT & VPN on different servers. Site to Site VPN will not route

[eric]

I am trying to setup a site to site VPN for 2 locations using Windows
2003. The setup for site to site VPN was done without problem and
each location can access the other location just like in LAN when I
put NAT and VPN in the same server. The setup is:

client-NAT/VPN server-domain---internet---NAT/VPN server-client


However if I put NAT and VPN on 2 different servers (see below), only
remote site (NAT/VPN same server) can ping/access domain site, but
domain site can not ping remote site.

client-NAT server|__ domain---internet---NAT/VPN server-client
VPN server|

There must be a way to make this to work. Any help is appreciated.

 

[Bill Grant]

Do you have a particular reason to put NAT and VPN on separate routers?
It makes the routing a bit tricky, because only one router can be the
default gateway of the LAN. The best way around your problem (if you really
want to use two routers) is to make the NAT router the default gateway, then
add a static route to it (ie the Internet router) to redirect the traffic
for the subnet across the VPN link to the VPN router.