VPN can't route to subnet

GY · Mar 8, 2005

Hi all,

My internal network is divided into 2 subnets (Subnet A: 192.168.0.0 ~
192.168.3.0 & Subnet B: 192.168.4.0 ~ 192.168.7.0). I have setup a RRAS
server, this server also work as a router between these 2 subnets. Its NICs
info as follows:

To internet - Real IP
To Subnet A - 192.168.1.2, 255.255.252.0, 192.168.1.2
To Subnet B - 192.168.4.2, 255.255.252.0, 192.168.4.2

This server serves internal clients well, they can travel between these 2
subnets. However, when I connect it from internal as a VPN client. My remote
computer can only go to subnet B. My remote computer is using:

192.168.1.x, 255.255.255.255, 192.168.1.x

It can ping 192.168.1.2, and all of the IPs in subnet B. It can't ping any
other IPs in subnet A. Can anyone advise me what to do?

Thanks a lot!!

Herb Martin · Mar 8, 2005

GY said:
Hi all,

My internal network is divided into 2 subnets (Subnet A: 192.168.0.0 ~
192.168.3.0 & Subnet B: 192.168.4.0 ~ 192.168.7.0). I have setup a RRAS
server, this server also work as a router between these 2 subnets. Its NICs
info as follows:

To internet - Real IP
To Subnet A - 192.168.1.2, 255.255.252.0, 192.168.1.2
To Subnet B - 192.168.4.2, 255.255.252.0, 192.168.4.2

Is all of the above on the single RRAS router?

Are there ANY other routers (other than the ISP)
involved?

This server serves internal clients well, they can travel between these 2
subnets. However, when I connect it from internal as a VPN client. My remote
computer can only go to subnet B. My remote computer is using:

"from internal as VPN client"???

Is this same RRAS server also the VPN server?

(I am looking for a 3rd router, ISP--RRAS---???)

If you have a 3rd router involved then the "middle"
router(s) must have static routes (unless you use
dynamic routing.)

[It's a rule.]

GY · Mar 8, 2005

There's no 3rd router & both RRAS & VPN is on the same server.

Herb Martin said:
GY said:

Hi all,

My internal network is divided into 2 subnets (Subnet A: 192.168.0.0 ~
192.168.3.0 & Subnet B: 192.168.4.0 ~ 192.168.7.0). I have setup a RRAS
server, this server also work as a router between these 2 subnets. Its NICs
info as follows:

To internet - Real IP
To Subnet A - 192.168.1.2, 255.255.252.0, 192.168.1.2
To Subnet B - 192.168.4.2, 255.255.252.0, 192.168.4.2

Click to expand...

Is all of the above on the single RRAS router?

Are there ANY other routers (other than the ISP)
involved?

This server serves internal clients well, they can travel between these 2
subnets. However, when I connect it from internal as a VPN client. My remote
computer can only go to subnet B. My remote computer is using:

Click to expand...

"from internal as VPN client"???

Is this same RRAS server also the VPN server?

(I am looking for a 3rd router, ISP--RRAS---???)

If you have a 3rd router involved then the "middle"
router(s) must have static routes (unless you use
dynamic routing.)

[It's a rule.]

192.168.1.x, 255.255.255.255, 192.168.1.x

It can ping 192.168.1.2, and all of the IPs in subnet B. It can't ping
any
other IPs in subnet A. Can anyone advise me what to do?

Thanks a lot!!

Click to expand...

Herb Martin · Mar 8, 2005

GY said:
There's no 3rd router & both RRAS & VPN is on the same server.

Ok, so when ping doesn't work (by address) you
try "Tracert" (unless you suspect a firewall is
blocking ICMP and even then tracert might show
you WHERE such a firewall is located.)

You should also try some "regular" (e.g., TCP or
UDP) connection like a web or DNS servers (by
address.)

Herb Martin said:
Herb Martin said:

GY said:

Hi all,

My internal network is divided into 2 subnets (Subnet A: 192.168.0.0 ~
192.168.3.0 & Subnet B: 192.168.4.0 ~ 192.168.7.0). I have setup a RRAS
server, this server also work as a router between these 2 subnets. Its NICs
info as follows:

To internet - Real IP
To Subnet A - 192.168.1.2, 255.255.252.0, 192.168.1.2
To Subnet B - 192.168.4.2, 255.255.252.0, 192.168.4.2

Click to expand...

Is all of the above on the single RRAS router?

Are there ANY other routers (other than the ISP)
involved?

This server serves internal clients well, they can travel between these 2
subnets. However, when I connect it from internal as a VPN client. My remote
computer can only go to subnet B. My remote computer is using:

Click to expand...

"from internal as VPN client"???

Is this same RRAS server also the VPN server?

(I am looking for a 3rd router, ISP--RRAS---???)

If you have a 3rd router involved then the "middle"
router(s) must have static routes (unless you use
dynamic routing.)

[It's a rule.]

192.168.1.x, 255.255.255.255, 192.168.1.x

It can ping 192.168.1.2, and all of the IPs in subnet B. It can't ping
any
other IPs in subnet A. Can anyone advise me what to do?

Thanks a lot!!

Click to expand...

Click to expand...

GY · Mar 9, 2005

Thanks Herb,

I've tried to use a standalone as a VPN server, it has two nics. One is
connected to internet directly w/ real IP, the other has been given a static
internal IP. It runs Windows 2003 server. It can ping the internal network,
but when there's a remote client connected through VPN. The internal nic
can't ping the internal network anymore. What happened?

Herb Martin said:
GY said:

There's no 3rd router & both RRAS & VPN is on the same server.

Click to expand...

Ok, so when ping doesn't work (by address) you
try "Tracert" (unless you suspect a firewall is
blocking ICMP and even then tracert might show
you WHERE such a firewall is located.)

You should also try some "regular" (e.g., TCP or
UDP) connection like a web or DNS servers (by
address.)

Herb Martin said:

Hi all,

My internal network is divided into 2 subnets (Subnet A: 192.168.0.0 ~
192.168.3.0 & Subnet B: 192.168.4.0 ~ 192.168.7.0). I have setup a
RRAS
server, this server also work as a router between these 2 subnets. Its
NICs
info as follows:

To internet - Real IP
To Subnet A - 192.168.1.2, 255.255.252.0, 192.168.1.2
To Subnet B - 192.168.4.2, 255.255.252.0, 192.168.4.2

Is all of the above on the single RRAS router?

Are there ANY other routers (other than the ISP)
involved?

This server serves internal clients well, they can travel between
these 2
subnets. However, when I connect it from internal as a VPN client. My
remote
computer can only go to subnet B. My remote computer is using:

"from internal as VPN client"???

Is this same RRAS server also the VPN server?

(I am looking for a 3rd router, ISP--RRAS---???)

If you have a 3rd router involved then the "middle"
router(s) must have static routes (unless you use
dynamic routing.)

[It's a rule.]

192.168.1.x, 255.255.255.255, 192.168.1.x

It can ping 192.168.1.2, and all of the IPs in subnet B. It can't ping
any
other IPs in subnet A. Can anyone advise me what to do?

Thanks a lot!!

Click to expand...

Click to expand...

Herb Martin · Mar 9, 2005

GY said:
Thanks Herb,

I've tried to use a standalone as a VPN server, it has two nics. One is
connected to internet directly w/ real IP, the other has been given a static
internal IP. It runs Windows 2003 server. It can ping the internal network,
but when there's a remote client connected through VPN. The internal nic
can't ping the internal network anymore. What happened?

"The internal nic can't ping the internal network"?????

The above is largely incompresible as a problem
report.