Adding route to vpn based destinations - vpn not set as default gw

Help

I am trying to add a route to a network that is through a vpn connection
When connected the vpn is not set to be the default gw

fo this example

route add 192.168.9.0 mask 255.255.255.0 192.168.10.3

the .10 network is what I connect to via the VPN
I cannot set the vpn to use that as the default gateway as that will break
other things happening on the server (2003) - eg TS from the outside world,
other tunnels etc

the error message I get is

The route addition failed: Either the interface index is wrong or the
gateway d
es not lie on the same network as the interface. Check the IP Address Table
for
the machine.

If I do a route print I get

0x1 ........................... MS TCP Loopback interface
0x10003 ...00 d0 b7 89 e4 44 ...... Intel(R) 82559 Fast Ethernet LAN on
Mother
ard
0x2c0004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
================================================== =========================
================================================== =========================
Active Routes:
Network Destination Netmask Gateway Interface
Metric
0.0.0.0 0.0.0.0 192.168.201.254
192.168.201.10 20
127.0.0.0 255.0.0.0 127.0.0.1
127.0.0.1 1
192.168.10.0 255.255.255.0 192.168.10.194 192.168.10.194
1
192.168.10.194 255.255.255.255 .127.0.0.1 127.0.0.1 50
192.168.10.255 255.255.255.255 192.168.10.194 192.168.10.194
50
192.168.198.0 255.255.255.0 192.168.201.1 192.168.201.10
1
192.168.199.0 255.255.255.0 192.168.201.1 192.168.201.10
1
192.168.201.0 255.255.255.0 192.168.201.10 192.168.201.10
20
192.168.201.10 255.255.255.255 127.0.0.1 127.0.0.1
20
192.168.201.255 255.255.255.255 192.168.201.10 192.168.201.10
20
210.48.103.2 255.255.255.255 192.168.201.254 192.168.201.10
20
224.0.0.0 240.0.0.0 192.168.10.194
192.168.10.194 50
224.0.0.0 240.0.0.0 '192.168.201.10
192.168.201.10 20
255.255.255.255 255.255.255.255 192.168.201.10 192.168.201.10
1
Default Gateway: 192.168.201.254
================================================== =========================

Any suggestions ?

The solution will (I think) require a manual command that I run when this
VPN is connected - a persistant static is not a good idea as I have another
vpn that uses .10 (it's outside my control), that we know cannot be used at
the sme time as this one ....

"Peter Tobin" <(E-Mail Removed)> wrote in message
news:O8$J8mo#(E-Mail Removed)...
> route add 192.168.9.0 mask 255.255.255.0 192.168.10.3

The route is wrong. It also should not be on the VPN device itself. From the
perspective of the VPN device the remote VPN Network is a
"Directly-Connected-Network" and therefore there is no "route" because it is
already connected to it to begin with.

If you have some *other* routing device in your system and the clients use
it as their Default Gateway, then on *that* device you must either.....

1. Set the VPN Device as its Default Gateway
OR
2. Set a static route on this device that points to the VPN Device for that
particular VPN Network. If the VPN Device is, for example,192.168.9.5 and
the remote VPN Network is 192.168.10.x, then the route would be
"Route add -p 192.168.10.0 mask 255.255.255.0 192.168.9.5"

On the other hand if there is no *other* routing device used by the clients
and the clients are simply using the VPN device as the Default Gateway then
there is no "route" to add to anything anywhere.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

If you are making VPN connections to link subnets, you need to use
demand-dial interfaces to act as the VPN endpoints. That way, you can link
the static routes to the dd interfaces. When the link is up, the system
automatically adds the routes to the routing table.

See the section in help on router to router VPN connections.

"Phillip Windell" <@.> wrote in message
news:OwAcEcu#(E-Mail Removed)...
> "Peter Tobin" <(E-Mail Removed)> wrote in message
> news:O8$J8mo#(E-Mail Removed)...
> > route add 192.168.9.0 mask 255.255.255.0 192.168.10.3
>
> The route is wrong. It also should not be on the VPN device itself. From
the
> perspective of the VPN device the remote VPN Network is a
> "Directly-Connected-Network" and therefore there is no "route" because it
is
> already connected to it to begin with.
>
> If you have some *other* routing device in your system and the clients use
> it as their Default Gateway, then on *that* device you must either.....
>
> 1. Set the VPN Device as its Default Gateway
> OR
> 2. Set a static route on this device that points to the VPN Device for
that
> particular VPN Network. If the VPN Device is, for example,192.168.9.5 and
> the remote VPN Network is 192.168.10.x, then the route would be
> "Route add -p 192.168.10.0 mask 255.255.255.0 192.168.9.5"
>
> On the other hand if there is no *other* routing device used by the
clients
> and the clients are simply using the VPN device as the Default Gateway
then
> there is no "route" to add to anything anywhere.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>

Sorry, suspect I was not clear in the original post

My local network is 192.168.201.*

I VPN into a network 192.168.10.*

I cannot set the tcp to use the default gateway on the remote network
- it's a terminal server and used both locally, and "from the world", which
would break the TS session if external and changing the default gateway

I need to access a PC on 192.168.9.0 which can be reached via a router
connected to the 192.186.10.0 network




"Peter Tobin" <(E-Mail Removed)> wrote in message
news:O8$J8mo%(E-Mail Removed)...
> Help
>
> I am trying to add a route to a network that is through a vpn connection
> When connected the vpn is not set to be the default gw
>
> fo this example
>
> route add 192.168.9.0 mask 255.255.255.0 192.168.10.3
>
> the .10 network is what I connect to via the VPN
> I cannot set the vpn to use that as the default gateway as that will break
> other things happening on the server (2003) - eg TS from the outside
world,
> other tunnels etc
>
> the error message I get is
>
> The route addition failed: Either the interface index is wrong or the
> gateway d
> es not lie on the same network as the interface. Check the IP Address
Table
> for
> the machine.
>
> If I do a route print I get
>
> 0x1 ........................... MS TCP Loopback interface
> 0x10003 ...00 d0 b7 89 e4 44 ...... Intel(R) 82559 Fast Ethernet LAN on
> Mother
> ard
> 0x2c0004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
>
================================================== =========================
>
================================================== =========================
> Active Routes:
> Network Destination Netmask Gateway Interface
> Metric
> 0.0.0.0 0.0.0.0 192.168.201.254
> 192.168.201.10 20
> 127.0.0.0 255.0.0.0 127.0.0.1
> 127.0.0.1 1
> 192.168.10.0 255.255.255.0 192.168.10.194 192.168.10.194
> 1
> 192.168.10.194 255.255.255.255 .127.0.0.1 127.0.0.1
50
> 192.168.10.255 255.255.255.255 192.168.10.194 192.168.10.194
> 50
> 192.168.198.0 255.255.255.0 192.168.201.1 192.168.201.10
> 1
> 192.168.199.0 255.255.255.0 192.168.201.1 192.168.201.10
> 1
> 192.168.201.0 255.255.255.0 192.168.201.10 192.168.201.10
> 20
> 192.168.201.10 255.255.255.255 127.0.0.1 127.0.0.1
> 20
> 192.168.201.255 255.255.255.255 192.168.201.10 192.168.201.10
> 20
> 210.48.103.2 255.255.255.255 192.168.201.254 192.168.201.10
> 20
> 224.0.0.0 240.0.0.0 192.168.10.194
> 192.168.10.194 50
> 224.0.0.0 240.0.0.0 '192.168.201.10
> 192.168.201.10 20
> 255.255.255.255 255.255.255.255 192.168.201.10 192.168.201.10
> 1
> Default Gateway: 192.168.201.254
>
================================================== =========================
>
> Any suggestions ?
>
> The solution will (I think) require a manual command that I run when this
> VPN is connected - a persistant static is not a good idea as I have
another
> vpn that uses .10 (it's outside my control), that we know cannot be used
at
> the sme time as this one ....
>
>

"Peter Tobin" <(E-Mail Removed)> wrote in message
news:ObU29k##(E-Mail Removed)...
> Sorry, suspect I was not clear in the original post
>
> My local network is 192.168.201.*
>
> I VPN into a network 192.168.10.*
>
> I cannot set the tcp to use the default gateway on the remote network
> - it's a terminal server and used both locally, and "from the world",
which
> would break the TS session if external and changing the default gateway
>
> I need to access a PC on 192.168.9.0 which can be reached via a router
> connected to the 192.186.10.0 network

You still are not clear....access 192.168.9.x from what?...the TS Server
during a TS Session or from your local workstation directly? I'll assume
this time it is from the TS Server Session, so..the TS Server is trying to
talk to something on 192.168.9.x .....

Then your local network block of 192.168.201.x is not relevant to the issue.
The keyboard and mouse commands are processed by the TS Server when you are
in a TS Session and your local workstation (192.168.201.x) is meaningless.
This issue is between the TS Server and the 192.168.9.x network.

One of two solutions:

1. The TS Server's Default Gateway must somehow eventually get the traffic
to 192.168.9.x The 192.168.9.x must also know how to get *back*.

OR

2. The TS Server must have a static route to 192.168.9.* Again, the
192.168.9.x must also know how to get *back*.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

If you make a VPN connection to a remote site, your default gateway will
be set to the "received" IP address. What this really means is that all
traffic will be sent across the VPN link by default.

So if you cannot access something on a remote network, the routing
problem is probably at that remote site, not at your end. The machine you
want to connect to must have enough routing info to know how to send traffic
for your VPN client machine back through the VPN link.

"Peter Tobin" <(E-Mail Removed)> wrote in message
news:ObU29k##(E-Mail Removed)...
> Sorry, suspect I was not clear in the original post
>
> My local network is 192.168.201.*
>
> I VPN into a network 192.168.10.*
>
> I cannot set the tcp to use the default gateway on the remote network
> - it's a terminal server and used both locally, and "from the world",
which
> would break the TS session if external and changing the default gateway
>
> I need to access a PC on 192.168.9.0 which can be reached via a router
> connected to the 192.186.10.0 network
>
>
>
>
> "Peter Tobin" <(E-Mail Removed)> wrote in message
> news:O8$J8mo%(E-Mail Removed)...
> > Help
> >
> > I am trying to add a route to a network that is through a vpn connection
> > When connected the vpn is not set to be the default gw
> >
> > fo this example
> >
> > route add 192.168.9.0 mask 255.255.255.0 192.168.10.3
> >
> > the .10 network is what I connect to via the VPN
> > I cannot set the vpn to use that as the default gateway as that will
break
> > other things happening on the server (2003) - eg TS from the outside
> world,
> > other tunnels etc
> >
> > the error message I get is
> >
> > The route addition failed: Either the interface index is wrong or the
> > gateway d
> > es not lie on the same network as the interface. Check the IP Address
> Table
> > for
> > the machine.
> >
> > If I do a route print I get
> >
> > 0x1 ........................... MS TCP Loopback interface
> > 0x10003 ...00 d0 b7 89 e4 44 ...... Intel(R) 82559 Fast Ethernet LAN on
> > Mother
> > ard
> > 0x2c0004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
> >
>
================================================== =========================
> >
>
================================================== =========================
> > Active Routes:
> > Network Destination Netmask Gateway Interface
> > Metric
> > 0.0.0.0 0.0.0.0 192.168.201.254
> > 192.168.201.10 20
> > 127.0.0.0 255.0.0.0 127.0.0.1
> > 127.0.0.1 1
> > 192.168.10.0 255.255.255.0 192.168.10.194
192.168.10.194
> > 1
> > 192.168.10.194 255.255.255.255 .127.0.0.1 127.0.0.1
> 50
> > 192.168.10.255 255.255.255.255 192.168.10.194 192.168.10.194
> > 50
> > 192.168.198.0 255.255.255.0 192.168.201.1
192.168.201.10
> > 1
> > 192.168.199.0 255.255.255.0 192.168.201.1
192.168.201.10
> > 1
> > 192.168.201.0 255.255.255.0 192.168.201.10
192.168.201.10
> > 20
> > 192.168.201.10 255.255.255.255 127.0.0.1 127.0.0.1
> > 20
> > 192.168.201.255 255.255.255.255 192.168.201.10 192.168.201.10
> > 20
> > 210.48.103.2 255.255.255.255 192.168.201.254
192.168.201.10
> > 20
> > 224.0.0.0 240.0.0.0 192.168.10.194
> > 192.168.10.194 50
> > 224.0.0.0 240.0.0.0 '192.168.201.10
> > 192.168.201.10 20
> > 255.255.255.255 255.255.255.255 192.168.201.10 192.168.201.10
> > 1
> > Default Gateway: 192.168.201.254
> >
>
================================================== =========================
> >
> > Any suggestions ?
> >
> > The solution will (I think) require a manual command that I run when
this
> > VPN is connected - a persistant static is not a good idea as I have
> another
> > vpn that uses .10 (it's outside my control), that we know cannot be used
> at
> > the sme time as this one ....
> >
> >
>
>

Thanks for your replys ...

The TS is on the 192.168.201.X network

from the outside world we connect through a real No which is de-nat'd to the
"local" ts - ie a real no port forwards 3389 to the 201 network

From the TS we need to vpn to another network that presents a 192.168.10.x
range of address's.
That network has servers on yet another range of numbers (192.168.9.x)
which are connect via a router on the .10 range

so ....

what I want to achive is a route that will work when a punter connects to
our TS, from the world,
..
for example from home someone connects to the TS (which lives on the 201
network)
starts a vpn connection on the TS which connects through to the .10 network
then see through the .10 network to the .9 network range (which is behind a
router on the .10 network)

If the punters were all on the local network (201) we could have the default
gateway setting set on the VPN connection; as they are not, doing this will
break the TS session (as the route to the outside world is changed)

Well, I feel like I'm being run around in circles here. Everytime you post
it is a completely different description. I don't know what to do with it.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Peter Tobin" <(E-Mail Removed)> wrote in message
news:On4ZstB$(E-Mail Removed)...
> Thanks for your replys ...
>
> The TS is on the 192.168.201.X network
>
> from the outside world we connect through a real No which is de-nat'd to
the
> "local" ts - ie a real no port forwards 3389 to the 201 network
>
> From the TS we need to vpn to another network that presents a 192.168.10.x
> range of address's.
> That network has servers on yet another range of numbers (192.168.9.x)
> which are connect via a router on the .10 range
>
> so ....
>
> what I want to achive is a route that will work when a punter connects to
> our TS, from the world,
> .
> for example from home someone connects to the TS (which lives on the 201
> network)
> starts a vpn connection on the TS which connects through to the .10
network
> then see through the .10 network to the .9 network range (which is behind
a
> router on the .10 network)
>
> If the punters were all on the local network (201) we could have the
default
> gateway setting set on the VPN connection; as they are not, doing this
will
> break the TS session (as the route to the outside world is changed)
>
>