gateway to gateway vpn clients can connect

Hi

I have set up a gateway to gateway vpn over 2 DSL lines between a win 2000
server/ ISA 2000 server at site 1 and win2003 SBS / ISA2000 at site 2.

I have got the vpn connecting and working and both the servers can ping each
other. The problem i have is the client pc's in site 2 need to be able to
connect to site 1.

The client pc's have there default gateway as the sbs server internal IP
address (its main ip not the IP assigned to it by RRAS), I though RRAS would
have set up the routing automatically as part of the wizard when i created
it.

Anyone got any ideas.

Thanks

Nick

this may help. quoted from http://www.ChicagoTech.net
Routing issues on site to site VPN

You may have three ways to configure route: 1. Manually configure static
routes on both sites.
2. Perform auto-static updates on both sites.
3. If the site to site VPN connection is persistent, you can also configure
IP routing protocols such as RIP or OSPF to operate over the demand-dial
connection.


--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN%20process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.
"Nick" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi
>
> I have set up a gateway to gateway vpn over 2 DSL lines between a win 2000
> server/ ISA 2000 server at site 1 and win2003 SBS / ISA2000 at site 2.
>
> I have got the vpn connecting and working and both the servers can ping
> each other. The problem i have is the client pc's in site 2 need to be
> able to connect to site 1.
>
> The client pc's have there default gateway as the sbs server internal IP
> address (its main ip not the IP assigned to it by RRAS), I though RRAS
> would have set up the routing automatically as part of the wizard when i
> created it.
>
> Anyone got any ideas.
>
> Thanks
>
> Nick
>

If both sites are on a single subnet and each ISA server is the default
gateway for the local LAN, I would expect this to work by default. There
should be static routes set up on the servers to send traffic for the
"other" subnet through the VPN link.

The ISA wizard is different from the RRAS wizard, so you might do better
to post in the ISA newsgroup.

"Nick" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi
>
> I have set up a gateway to gateway vpn over 2 DSL lines between a win 2000
> server/ ISA 2000 server at site 1 and win2003 SBS / ISA2000 at site 2.
>
> I have got the vpn connecting and working and both the servers can ping
> each other. The problem i have is the client pc's in site 2 need to be
> able to connect to site 1.
>
> The client pc's have there default gateway as the sbs server internal IP
> address (its main ip not the IP assigned to it by RRAS), I though RRAS
> would have set up the routing automatically as part of the wizard when i
> created it.
>
> Anyone got any ideas.
>
> Thanks
>
> Nick
>

Hi Bill

The one at the main site server is win 2000 and was done using the ISA 2000
wizzard, the remote server is running windows 2003 so the ISA wizzards dont
work so was done manually. Not sure if this would have any effect.

Thanks

Nick


"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
> If both sites are on a single subnet and each ISA server is the default
> gateway for the local LAN, I would expect this to work by default. There
> should be static routes set up on the servers to send traffic for the
> "other" subnet through the VPN link.
>
> The ISA wizard is different from the RRAS wizard, so you might do
> better to post in the ISA newsgroup.
>
> "Nick" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi
>>
>> I have set up a gateway to gateway vpn over 2 DSL lines between a win
>> 2000 server/ ISA 2000 server at site 1 and win2003 SBS / ISA2000 at site
>> 2.
>>
>> I have got the vpn connecting and working and both the servers can ping
>> each other. The problem i have is the client pc's in site 2 need to be
>> able to connect to site 1.
>>
>> The client pc's have there default gateway as the sbs server internal IP
>> address (its main ip not the IP assigned to it by RRAS), I though RRAS
>> would have set up the routing automatically as part of the wizard when i
>> created it.
>>
>> Anyone got any ideas.
>>
>> Thanks
>>
>> Nick
>>
>
>

That sounds pretty dicey to me. The ISA wizard automates the setup and
creates a file to use on the "other" server. The wizard in RRAS isn't aware
of how this works.

For the routing to work, the "calling" router must use the name of the
demand-dial interface on the answering router as its username (read that a
few times slowly!). This is essential for routing to work.

Here's why. The static routes are associated with the demand-dial
interfaces. They only become active when the dd interfaces connect. When a
router receives an incoming call, it checks the username against its list of
demand dial interfaces. If there is a match, it connects to the interface.
The interface becomes active and any routes associated with it also become
active and are added to the routing table.

If there is no match, the router assumes it is a client-server
connection (not a router to router) and connects to the default internal
interface. In this case only a host route to the calling machine is set up.
Intersite routing then doesn't work.

"Nick" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Bill
>
> The one at the main site server is win 2000 and was done using the ISA
> 2000 wizzard, the remote server is running windows 2003 so the ISA
> wizzards dont work so was done manually. Not sure if this would have any
> effect.
>
> Thanks
>
> Nick
>
>
> "Bill Grant" <not.available@online> wrote in message
> news:(E-Mail Removed)...
>> If both sites are on a single subnet and each ISA server is the default
>> gateway for the local LAN, I would expect this to work by default. There
>> should be static routes set up on the servers to send traffic for the
>> "other" subnet through the VPN link.
>>
>> The ISA wizard is different from the RRAS wizard, so you might do
>> better to post in the ISA newsgroup.
>>
>> "Nick" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Hi
>>>
>>> I have set up a gateway to gateway vpn over 2 DSL lines between a win
>>> 2000 server/ ISA 2000 server at site 1 and win2003 SBS / ISA2000 at site
>>> 2.
>>>
>>> I have got the vpn connecting and working and both the servers can ping
>>> each other. The problem i have is the client pc's in site 2 need to be
>>> able to connect to site 1.
>>>
>>> The client pc's have there default gateway as the sbs server internal IP
>>> address (its main ip not the IP assigned to it by RRAS), I though RRAS
>>> would have set up the routing automatically as part of the wizard when i
>>> created it.
>>>
>>> Anyone got any ideas.
>>>
>>> Thanks
>>>
>>> Nick
>>>
>>
>>
>
>