Routing through a VPN

[Tony]

I have setup a VPN between two Win2K SP3 Servers. Let's call them Srv1 and
Srv2.
I have no problem connecting the two servers to each other - they can ping,
share do everything. When I try to ping the internal network of Srv1 from
Srv2 I don't get a reply. When I tracert to the internal network from Srv2
to Srv1, it routes through Srv1 then times out.
Now here's the funny thing, if I ping Srv2 from a PC in the internal network
I get a reply??

any help would be appreciated..

thanks
Tony.

 

[Bill Grant]

You cannot route through a normal client-server VPN connection. The
routing is only designed for a single caller (or client), and only a host
route is set up through the VPN link.

To route between the sites, you set up a router to router VPN link
between the RRAS servers. This includes static routes attached to the
demand-dial interfaces to handle the routing between workstations behind the
routers.

 

[Jim]

Yes, that is exactly what I figured. The question then is why am I all of a
sudden losing my VPN connections? I've never had a problem in the past 8
months of production. In one day, I bet they lost connections 15-20 times!

 

[Tony]

Thanks Bill,

I didn't actually word it quite right.
I have setup a Router to router VPN with is a two way connection with static
routes between each server. Each RRAS server has a static address pool
assigned to it as such:
Srv1:
LAN IP: 192.168.111.2
RRAS Dial in: 192.168.254.10
Gets IP from Srv2: 192.168.253.11-20

Srv2:
LAN IP: 192.168.4.2
RRAS Dial in: 192.168.253.10
Gets IP from Srv1: 192.168.254.11-20

I have static routes assigned so that the links are demand dial. Both
servers are DCs and AD replication happens between both.

does that explain it better??

Thanks again
Tony.

 

[Rany ElHousieny [MSFT]]

Do you have a route back on the machine you are trying to ping?
if you ping from srv1 to srv2 fine and then try to ping from Srv1 to a
client behind Srv2 (say Client2) and it doesn't work that means client2
doesn't have the route back

 

[Pavan]

Did you make sure you used the same name on both for the Tunnel on both the
servers.
Pavan

 

[Tony]

Rany,

thanks for the reply..
srv1 and srv2 both have static routes applied while clients behind each have
routes to the external server via their local server...eg.. clients on the
srv1 network, use srv1 LAN IP as their route to Srv2 and vice versa, clients
on srv2 network use srv2 LAN IP to get to Srv1.
the problem I am having is that srv1 and srv2 ping each other with no
problems, clients on srv1 network can ping srv2 and use network resources -
but Srv2 can't ping the clients on the srv1 network - it works one way but
not the other?????

Tony.

 

[Rany ElHousieny [MSFT]]

Could you please send me the routes from your 4 machines Servers and clients
using the following commands

route print
netsh ro ip sh pers
netsh ro ip sh rtmr
ipconfig /all

This way I can check if there is a missed route
Thanks for your time