L2TP/IPSEC SITE TO SITE VPN Issues

Hello,
I currently have two vpn servers with Windows 2003 Server R2. One is a
VM Machine while the other is a physical server. Each server has one
nic configured with a local ip assigned. The main site has port
fowarding enabled directed at the vpn server and has local network id
of 192.168.1.0. The remote site has port fowarding enabled directed at
the remote vpn server and has local network id of 192.168.2.0. All
certicates are installed on each machine and the demand dial interface
is up and running. From the main site vpn server i can access the
remote network resources and vice versa. The problem i have is that
these two servers are the only ones that communicate with each other.
For example, on one of the main site computers i try to ping the other
network and i get no response nor can i access shares. Like i said
before, each server has one nic installed and have direct access to
their perspective networks. There are no permitter networks on each
side. The basic network setup is router with port fowarding of UDP 500
and UDP 4500 ports to the vpn routers. What i want is for every
computer on both networks to be able to acess each others resources. I
suspect it's because i have one nic installed on each vpn server and
routing. On both demand dials i set up static routes pointing to the
other network IDs. Can you guys please help?

Thanks

Have you enabled IP routing? Or use tracert to find out where the traffic
stops.

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"JoeyG 2391" <(E-Mail Removed)> wrote in message
news:770c35ab-2d6d-4903-887d-(E-Mail Removed)...
> Hello,
> I currently have two vpn servers with Windows 2003 Server R2. One is a
> VM Machine while the other is a physical server. Each server has one
> nic configured with a local ip assigned. The main site has port
> fowarding enabled directed at the vpn server and has local network id
> of 192.168.1.0. The remote site has port fowarding enabled directed at
> the remote vpn server and has local network id of 192.168.2.0. All
> certicates are installed on each machine and the demand dial interface
> is up and running. From the main site vpn server i can access the
> remote network resources and vice versa. The problem i have is that
> these two servers are the only ones that communicate with each other.
> For example, on one of the main site computers i try to ping the other
> network and i get no response nor can i access shares. Like i said
> before, each server has one nic installed and have direct access to
> their perspective networks. There are no permitter networks on each
> side. The basic network setup is router with port fowarding of UDP 500
> and UDP 4500 ports to the vpn routers. What i want is for every
> computer on both networks to be able to acess each others resources. I
> suspect it's because i have one nic installed on each vpn server and
> routing. On both demand dials i set up static routes pointing to the
> other network IDs. Can you guys please help?
>
> Thanks

yes, i enabled ip routing on both servers. The tracert goes to my
router and then timesout.

Thanks

On Oct 16, 2:20*pm, "Robert L. \(MS-MVP\)" <findem...@chicagotech.net>
wrote:
> Have you enabled IP routing? Or use tracert to find out where the traffic
> stops.
>
> --
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting onhttp://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access onhttp://www.HowToNetworking.com"JoeyG 2391" <joel.escu...@gmail.com> wrote in message
>
> news:770c35ab-2d6d-4903-887d-(E-Mail Removed)...
>
>
>
> > Hello,
> > I currently have two vpn servers with Windows 2003 Server R2. One is a
> > VM Machine while the other is a physical server. Each server has one
> > nic configured with a local ip assigned. The main site has port
> > fowarding enabled directed at the vpn server and has local network id
> > of 192.168.1.0. The remote site has port fowarding enabled directed at
> > the remote vpn server and has local network id of 192.168.2.0. All
> > certicates are installed on each machine and the demand dial interface
> > is up and running. From the main site vpn server i can access the
> > remote network resources and vice versa. The problem i have is that
> > these two servers are the only ones that communicate with each other.
> > For example, on one of the main site computers i try to ping the other
> > network and i get no response nor can i access shares. Like i said
> > before, each server has one nic installed and have direct access to
> > their perspective networks. There are no permitter networks on each
> > side. The basic network setup is router with port fowarding of UDP 500
> > and UDP 4500 ports to the vpn routers. What i want is for every
> > computer on both networks to be able to acess each others resources. I
> > suspect it's because i have one nic installed on each vpn server and
> > routing. On both demand dials i set up static routes pointing to the
> > other network IDs. Can you guys please help?
>
> > Thanks- Hide quoted text -
>
> - Show quoted text -

on the vpn servers it works perfectly just not the client. I think
the client clients need to point to the vpn server for gateway but
that will disable internet access.

On Oct 16, 2:20*pm, "Robert L. \(MS-MVP\)" <findem...@chicagotech.net>
wrote:
> Have you enabled IP routing? Or use tracert to find out where the traffic
> stops.
>
> --
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting onhttp://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access onhttp://www.HowToNetworking.com"JoeyG 2391" <joel.escu...@gmail.com> wrote in message
>
> news:770c35ab-2d6d-4903-887d-(E-Mail Removed)...
>
>
>
> > Hello,
> > I currently have two vpn servers with Windows 2003 Server R2. One is a
> > VM Machine while the other is a physical server. Each server has one
> > nic configured with a local ip assigned. The main site has port
> > fowarding enabled directed at the vpn server and has local network id
> > of 192.168.1.0. The remote site has port fowarding enabled directed at
> > the remote vpn server and has local network id of 192.168.2.0. All
> > certicates are installed on each machine and the demand dial interface
> > is up and running. From the main site vpn server i can access the
> > remote network resources and vice versa. The problem i have is that
> > these two servers are the only ones that communicate with each other.
> > For example, on one of the main site computers i try to ping the other
> > network and i get no response nor can i access shares. Like i said
> > before, each server has one nic installed and have direct access to
> > their perspective networks. There are no permitter networks on each
> > side. The basic network setup is router with port fowarding of UDP 500
> > and UDP 4500 ports to the vpn routers. What i want is for every
> > computer on both networks to be able to acess each others resources. I
> > suspect it's because i have one nic installed on each vpn server and
> > routing. On both demand dials i set up static routes pointing to the
> > other network IDs. Can you guys please help?
>
> > Thanks- Hide quoted text -
>
> - Show quoted text -

Check my answer on this link: L2TP/IPSEC SITE TO SITE VPN Issues
http://www.chicagotech.net/netforums...hp?p=8175#8175

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"JoeyG 2391" <(E-Mail Removed)> wrote in message
news:53a05ca2-c64b-4591-95c0-(E-Mail Removed)...
yes, i enabled ip routing on both servers. The tracert goes to my
router and then timesout.

Thanks

On Oct 16, 2:20 pm, "Robert L. \(MS-MVP\)" <findem...@chicagotech.net>
wrote:
> Have you enabled IP routing? Or use tracert to find out where the traffic
> stops.
>
> --
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting
> onhttp://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access
> onhttp://www.HowToNetworking.com"JoeyG 2391" <joel.escu...@gmail.com>
> wrote in message
>
> news:770c35ab-2d6d-4903-887d-(E-Mail Removed)...
>
>
>
> > Hello,
> > I currently have two vpn servers with Windows 2003 Server R2. One is a
> > VM Machine while the other is a physical server. Each server has one
> > nic configured with a local ip assigned. The main site has port
> > fowarding enabled directed at the vpn server and has local network id
> > of 192.168.1.0. The remote site has port fowarding enabled directed at
> > the remote vpn server and has local network id of 192.168.2.0. All
> > certicates are installed on each machine and the demand dial interface
> > is up and running. From the main site vpn server i can access the
> > remote network resources and vice versa. The problem i have is that
> > these two servers are the only ones that communicate with each other.
> > For example, on one of the main site computers i try to ping the other
> > network and i get no response nor can i access shares. Like i said
> > before, each server has one nic installed and have direct access to
> > their perspective networks. There are no permitter networks on each
> > side. The basic network setup is router with port fowarding of UDP 500
> > and UDP 4500 ports to the vpn routers. What i want is for every
> > computer on both networks to be able to acess each others resources. I
> > suspect it's because i have one nic installed on each vpn server and
> > routing. On both demand dials i set up static routes pointing to the
> > other network IDs. Can you guys please help?
>
> > Thanks- Hide quoted text -
>
> - Show quoted text -