Ping LAN from WAN

  • Thread starter Thread starter StinkyDuck
  • Start date Start date
S

StinkyDuck

We have a Win2003 box with RAS setup. We are attempting to setup a
firewall to firewall VPN. We seem to have the tunnel setup properly as
the status on both ends shows a valid connection. We are not able to
ping from one end of the network to the other end.

In trying to figure out a solution we tried a few things. We have a Win
2003 box setup with 2 network cards (LAN and WAN). The LAN side is
obviously hooked into the internal network. The WAN side is hooked into
our Firewall device. When we plug another machine into the Firewall
device, we can ping the WAN side of our Win 2003 box. We are unable to
ping the LAN side of the box. The IP range is identical.

I am under the assumption that there is a rule or setup configuration
which is missing but I'm not sure where to look.

Any help would be greatly appreciated.

-StinkyDuck
 
StinkyDuck said:
We have a Win2003 box with RAS setup. We are attempting to setup a
firewall to firewall VPN. We seem to have the tunnel setup properly as
the status on both ends shows a valid connection. We are not able to
ping from one end of the network to the other end.

In trying to figure out a solution we tried a few things. We have a Win
2003 box setup with 2 network cards (LAN and WAN). The LAN side is
obviously hooked into the internal network. The WAN side is hooked into
our Firewall device. When we plug another machine into the Firewall
device, we can ping the WAN side of our Win 2003 box. We are unable to
ping the LAN side of the box. The IP range is identical.

I am under the assumption that there is a rule or setup configuration
which is missing but I'm not sure where to look.

Any help would be greatly appreciated.

-StinkyDuck
Click to expand...

The behavior is exactly what is to be expected the way you've got it
hooked up. You could configure your server as a router, but you'd just
be adding complication to the setup.

You don't need two NICS in the server. The firewall at each end would
generally be the default gateway for the LAN, but doesn't have to be.
The usual setup would be

LAN A (Say 192.168.0.0 /24)
|
|
Firewall/Router
|
|
Internet
/
\ (VPN tunnel)
/
Internet
|
|
firewall/router
|
|
LAN B (Say 192.168.2.0 /24)

All servers and workstations would have an IP address on the local
subnet, and all would be configured to use the firewall as their default
gateway. As long as the routers (firewalls) are configured to route the
private subnets across the tunnel, no other configuration is needed.

If your VPN Router is NOT your LAN default gateway, you'll still hook it
up the same way as above, but you'll either have to add a static route
in the default gateway router at each site to the private network at the
opposite site via their local VPN router. Another option would be to add
the routes directly to the workstations and servers.

Either way, only one NIC required.

...kurt

....kurt
 
Back
Top