D
dexion
My testbed
have 2 dlink's (804hv) and a w2k server
dlink1 = pub 10.176.249/24 private 192.168.0.1/24
dlink2= public 10.2.176.248/24 private 192.168.10.1/24
The w2k server = 10.2.176.86
Ok routing is set up on the w2k server.
I created 2 pptp tunnels from the w2k server to the 2
dlink routers to the private sides (192...)
I then set up 2 static routes for the 2k server to find
the remote private subnets.
I set the dlinks up as pptp servers.
Both dlinks are able to talk to the w2k server through the
lan OR through ipsec filters but that is not needed in
this cas.e
The w2k server is able to hit BOTH private networks and
both (duh) public pipes.
BUT even though and here is what makes me want to chew my
own foot off, I set the default gateways on the dlinks to
the public IP of the w2k server they STILL can not
communicate with each other's private network.
I.E. 192.168.0.1/24 can not ping 192.168.10.1/24 and vice
versa. Even though their DG is the w2k server that rougts
the packets and can talk with both private lans.
When I test a client behind the dlinks they have full
connectivity to the internet, the local 10.2.176.0/24 lan
and the w2k server.
When I trace things out it goes from the client, to the
router (dlink) to the w2k server and where it needs to go.
EXCEPT when I try to hit the private lans from either
dlink.
It goes for example:
192.168.0.124 ---->192.168.0.1----->10.2.176.86-------
I must not have a good enough grasp on routing although
this just should be a piece of cake.
I can create pptp or ipsec tunnels BETWEEN each router and
they will then communicate fine between themselves, but
there is a LIMIT of 40 tunnels built into the routers. I
have to make 82 tunnels.
These results are duplicatable with 2 way Ipsec tunnels to
the w2k server from the dlinks also.
My goal is to at best have no need to have a static route
to the w2k server (once these boxes go on different
subnets) and have all lan to lan traffic go through the
vpn tunnels. Or at worst have a few static routes telling
all traffic destined for the lan sides to hit the w2k
server.
Any help would be appreciated.
thanks dex
have 2 dlink's (804hv) and a w2k server
dlink1 = pub 10.176.249/24 private 192.168.0.1/24
dlink2= public 10.2.176.248/24 private 192.168.10.1/24
The w2k server = 10.2.176.86
Ok routing is set up on the w2k server.
I created 2 pptp tunnels from the w2k server to the 2
dlink routers to the private sides (192...)
I then set up 2 static routes for the 2k server to find
the remote private subnets.
I set the dlinks up as pptp servers.
Both dlinks are able to talk to the w2k server through the
lan OR through ipsec filters but that is not needed in
this cas.e
The w2k server is able to hit BOTH private networks and
both (duh) public pipes.
BUT even though and here is what makes me want to chew my
own foot off, I set the default gateways on the dlinks to
the public IP of the w2k server they STILL can not
communicate with each other's private network.
I.E. 192.168.0.1/24 can not ping 192.168.10.1/24 and vice
versa. Even though their DG is the w2k server that rougts
the packets and can talk with both private lans.
When I test a client behind the dlinks they have full
connectivity to the internet, the local 10.2.176.0/24 lan
and the w2k server.
When I trace things out it goes from the client, to the
router (dlink) to the w2k server and where it needs to go.
EXCEPT when I try to hit the private lans from either
dlink.
It goes for example:
192.168.0.124 ---->192.168.0.1----->10.2.176.86-------
10.2.176.254 (the default gateway of the w2k server)
I must not have a good enough grasp on routing although
this just should be a piece of cake.
I can create pptp or ipsec tunnels BETWEEN each router and
they will then communicate fine between themselves, but
there is a LIMIT of 40 tunnels built into the routers. I
have to make 82 tunnels.
These results are duplicatable with 2 way Ipsec tunnels to
the w2k server from the dlinks also.
My goal is to at best have no need to have a static route
to the w2k server (once these boxes go on different
subnets) and have all lan to lan traffic go through the
vpn tunnels. Or at worst have a few static routes telling
all traffic destined for the lan sides to hit the w2k
server.
Any help would be appreciated.
thanks dex