LAN to LAN routing via a VPN

01-04-2006, 05:02 AM

Hi all,

I am trying to connect 2 LANs via a vpn.
LANs are on seperate subnets 192.168.27 and 192.168.28
Each LAN has a 2003 Server with RRAS
I have got the the VPN connecting the 2 servers and they can see each other
I have set up RIP on each sever and each server now has a a route to the
other LAN but I can not see anything beyond the servers.

What do I need to the servers routers?

TIA

01-04-2006, 02:40 PM

posting the results of both server and client routing table here may help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"runningdog" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
Hi all,

I am trying to connect 2 LANs via a vpn.
LANs are on seperate subnets 192.168.27 and 192.168.28
Each LAN has a 2003 Server with RRAS
I have got the the VPN connecting the 2 servers and they can see each other
I have set up RIP on each sever and each server now has a a route to the
other LAN but I can not see anything beyond the servers.

What do I need to the servers routers?

TIA

01-04-2006, 05:20 PM

There is no way to answer that. We don't know how the LAN's routing
functioned before the VPN was in place,...we have no "context" to put it all
in.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------

"runningdog" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi all,
>
> I am trying to connect 2 LANs via a vpn.
> LANs are on seperate subnets 192.168.27 and 192.168.28
> Each LAN has a 2003 Server with RRAS
> I have got the the VPN connecting the 2 servers and they can see each
other
> I have set up RIP on each sever and each server now has a a route to the
> other LAN but I can not see anything beyond the servers.
>
> What do I need to the servers routers?
>
> TIA
>
>

01-04-2006, 09:55 PM

Why did you decide to use RIP? If you are simply connecting two sites,
static routes on the RRAS servers handle the routing.

Did you configure it as a LAN to LAN VPN? Do you have demand-dial
interfaces on both RRAS servers with static routes linked to the dd
interfaces?

Phillip Windell wrote:
> There is no way to answer that. We don't know how the LAN's routing
> functioned before the VPN was in place,...we have no "context" to put
> it all in.
>
>
> "runningdog" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi all,
>>
>> I am trying to connect 2 LANs via a vpn.
>> LANs are on seperate subnets 192.168.27 and 192.168.28
>> Each LAN has a 2003 Server with RRAS
>> I have got the the VPN connecting the 2 servers and they can see
>> each other I have set up RIP on each sever and each server now has a
>> a route to the other LAN but I can not see anything beyond the
>> servers.
>>
>> What do I need to the servers routers?
>>
>> TIA

01-04-2006, 11:08 PM

Thanks Bill I didn't think to setup DD's in both directions. Setup RIP
'cause I couldn't get it to work with static routes. I'll have another go.

"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
> Why did you decide to use RIP? If you are simply connecting two sites,
> static routes on the RRAS servers handle the routing.
>
> Did you configure it as a LAN to LAN VPN? Do you have demand-dial
> interfaces on both RRAS servers with static routes linked to the dd
> interfaces?
>
>
> Phillip Windell wrote:
>> There is no way to answer that. We don't know how the LAN's routing
>> functioned before the VPN was in place,...we have no "context" to put
>> it all in.
>>
>>
>> "runningdog" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Hi all,
>>>
>>> I am trying to connect 2 LANs via a vpn.
>>> LANs are on seperate subnets 192.168.27 and 192.168.28
>>> Each LAN has a 2003 Server with RRAS
>>> I have got the the VPN connecting the 2 servers and they can see
>>> each other I have set up RIP on each sever and each server now has a
>>> a route to the other LAN but I can not see anything beyond the
>>> servers.
>>>
>>> What do I need to the servers routers?
>>>
>>> TIA
>
>

01-05-2006, 01:50 AM

Also remember to use the name of the dd interface on the "answering"
router as the username when making the connection. This ensures that the
connection binds to the dd interface and activates the linked static route.

runningdog wrote:
> Thanks Bill I didn't think to setup DD's in both directions. Setup RIP
> 'cause I couldn't get it to work with static routes. I'll have
> another go.
> "Bill Grant" <not.available@online> wrote in message
> news:(E-Mail Removed)...
>> Why did you decide to use RIP? If you are simply connecting two
>> sites, static routes on the RRAS servers handle the routing.
>>
>> Did you configure it as a LAN to LAN VPN? Do you have demand-dial
>> interfaces on both RRAS servers with static routes linked to the dd
>> interfaces?
>>
>>
>> Phillip Windell wrote:
>>> There is no way to answer that. We don't know how the LAN's routing
>>> functioned before the VPN was in place,...we have no "context" to
>>> put it all in.
>>>
>>>
>>> "runningdog" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>> Hi all,
>>>>
>>>> I am trying to connect 2 LANs via a vpn.
>>>> LANs are on seperate subnets 192.168.27 and 192.168.28
>>>> Each LAN has a 2003 Server with RRAS
>>>> I have got the the VPN connecting the 2 servers and they can see
>>>> each other I have set up RIP on each sever and each server now has
>>>> a a route to the other LAN but I can not see anything beyond the
>>>> servers.
>>>>
>>>> What do I need to the servers routers?
>>>>
>>>> TIA

01-05-2006, 06:37 PM

"runningdog" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thanks Bill I didn't think to setup DD's in both directions. Setup RIP
> 'cause I couldn't get it to work with static routes. I'll have another go.

Static Routes are the "problem solver",...if they don't work, then trying to
run dynaimc routing protocls certainly isn't and will most likely
over-complicate things and it more difficult to trouble shoot.

As far as RRAS itself, Bill's the "RRAS King" :-),...he will take care of
you with that.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------

01-05-2006, 10:46 PM

Phillip uses ISA server. It has extra functionality built in so he
doesn't have to get down to the nitty gritty of RRAS.

Phillip Windell wrote:
> "runningdog" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Thanks Bill I didn't think to setup DD's in both directions. Setup
>> RIP 'cause I couldn't get it to work with static routes. I'll have
>> another go.
>
> Static Routes are the "problem solver",...if they don't work, then
> trying to run dynaimc routing protocls certainly isn't and will most
> likely over-complicate things and it more difficult to trouble shoot.
>
> As far as RRAS itself, Bill's the "RRAS King" :-),...he will take
> care of you with that.

01-06-2006, 02:16 AM

Still not got it. I can't see how to bind a static route to the incoming WAN
interface and it does seem to do it automaically.
What I am trying and failing to acheive is:

Lan 1 - SBS2003(IP 192.168.27.2) --- RRAS Server 2003 (IP 192.168.27.3 -
203.52.143.33) - ADSL router (IP 203.52.143.36)
Lan 2 - SBS2003 (IP 192.168.28.136 default gateway for the rest of this
lan) --- ADSL Router (IP 192.168.28.254)

I want Lan 2 to initate a demand dial interface to Lan 1 and for all
machines on both Lan's to be able to see each other.

I created a DD on Lan 2 and was prompted to create a Static route which I
did to 192.168.27.0 255.255.255.0.
When I bring the link up the routing table Lan 2 looks like this

IPv4 Route Table
================================================== =========================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x10003 ...02 60 08 42 13 7b ...... MAC Bridge Miniport
0x70005 ...00 0f ea 4f 62 ec ...... Realtek RTL8169/8110 Family Gigabit
Ethernet
NIC
0x90007 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
================================================== =========================
================================================== =========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.28.254 192.168.28.136 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
165.228.3.129 255.255.255.255 192.168.28.254 192.168.28.136 20
169.254.136.43 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.27.0 255.255.255.0 0.0.0.0 192.168.28.22 1
192.168.27.0 255.255.255.0 192.168.28.2 192.168.28.22 1
192.168.28.0 255.255.255.0 192.168.28.136 192.168.28.136 20
192.168.28.2 255.255.255.255 192.168.28.22 192.168.28.22 1
192.168.28.22 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.28.136 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.28.255 255.255.255.255 192.168.28.22 192.168.28.22 50
192.168.28.255 255.255.255.255 192.168.28.136 192.168.28.136 20
224.0.0.0 240.0.0.0 192.168.28.22 192.168.28.22 50
224.0.0.0 240.0.0.0 192.168.28.136 192.168.28.136 20
255.255.255.255 255.255.255.255 192.168.28.22 192.168.28.22 1
255.255.255.255 255.255.255.255 192.168.28.22 10003 1
255.255.255.255 255.255.255.255 192.168.28.136 192.168.28.136 1
Default Gateway: 192.168.28.254
================================================== =========================
Persistent Routes:
None
This server can see all of Lan 1

On Lan 2 RRAS says I have a route to Lan 1
Destination,Network mask,Gateway,Interface,Metric,Protocol
0.0.0.0,0.0.0.0,203.52.143.33,Internet Connection ,20,Network management
127.0.0.0,255.0.0.0,127.0.0.1,Loopback,1,Local
127.0.0.1,255.255.255.255,127.0.0.1,Loopback,1,Loc al
192.168.27.0,255.255.255.0,192.168.27.3,Local Area Connection,10,Local
192.168.27.3,255.255.255.255,127.0.0.1,Loopback,10 ,Local
192.168.27.255,255.255.255.255,192.168.27.3,Local Area Connection,10,Local
192.168.28.0,255.255.255.0,192.168.28.2,Internal,1 ,Network management
192.168.28.2,255.255.255.255,127.0.0.1,Loopback,50 ,Local
192.168.28.22,255.255.255.255,192.168.28.2,Interna l,1,Network management
203.52.143.32,255.255.255.248,203.52.143.36,Intern et Connection ,20,Local
203.52.143.36,255.255.255.255,127.0.0.1,Loopback,2 0,Local
203.52.143.255,255.255.255.255,203.52.143.36,Inter net Connection ,20,Local
220.240.235.41,255.255.255.255,203.52.143.33,Inter net Connection ,20,Network
management
224.0.0.0,240.0.0.0,203.52.143.36,Internet Connection ,20,Local
224.0.0.0,240.0.0.0,192.168.27.3,Local Area Connection,10,Local
255.255.255.255,255.255.255.255,203.52.143.36,Inte rnet Connection ,1,Local
255.255.255.255,255.255.255.255,192.168.27.3,Local Area Connection,1,Local

But Netstat -nr dosn't report it and the only ip address on Lan 2 I can ping
is that of the VPN end point
Any pointers would be appreciated.

TIA

PS. I found one article that suggested a VPN server with a single NIC may
not route under some conditions. Might this be my issue?

01-06-2006, 02:58 AM

To answer my own question. It does seem that a dual NIC configuration is
required. I configured a second NIC on the LAN 2 server and put it and the
ADSL router on subnet 29 and all works as expected.

Thanks for listening.

"runningdog" <(E-Mail Removed)> wrote in message
news:OwAMT%(E-Mail Removed)...
> Still not got it. I can't see how to bind a static route to the incoming
> WAN interface and it does seem to do it automaically.
> What I am trying and failing to acheive is:
>
> Lan 1 - SBS2003(IP 192.168.27.2) --- RRAS Server 2003 (IP 192.168.27.3 -
> 203.52.143.33) - ADSL router (IP 203.52.143.36)
> Lan 2 - SBS2003 (IP 192.168.28.136 default gateway for the rest of this
> lan) --- ADSL Router (IP 192.168.28.254)
>
> I want Lan 2 to initate a demand dial interface to Lan 1 and for all
> machines on both Lan's to be able to see each other.
>
> I created a DD on Lan 2 and was prompted to create a Static route which I
> did to 192.168.27.0 255.255.255.0.
> When I bring the link up the routing table Lan 2 looks like this
>
> IPv4 Route Table
> ================================================== =========================
> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
> 0x10003 ...02 60 08 42 13 7b ...... MAC Bridge Miniport
> 0x70005 ...00 0f ea 4f 62 ec ...... Realtek RTL8169/8110 Family Gigabit
> Ethernet
> NIC
> 0x90007 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
> ================================================== =========================
> ================================================== =========================
> Active Routes:
> Network Destination Netmask Gateway Interface
> Metric
> 0.0.0.0 0.0.0.0 192.168.28.254 192.168.28.136 20
> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
> 165.228.3.129 255.255.255.255 192.168.28.254 192.168.28.136 20
> 169.254.136.43 255.255.255.255 127.0.0.1 127.0.0.1 50
> 192.168.27.0 255.255.255.0 0.0.0.0 192.168.28.22 1
> 192.168.27.0 255.255.255.0 192.168.28.2 192.168.28.22 1
> 192.168.28.0 255.255.255.0 192.168.28.136 192.168.28.136 20
> 192.168.28.2 255.255.255.255 192.168.28.22 192.168.28.22 1
> 192.168.28.22 255.255.255.255 127.0.0.1 127.0.0.1 50
> 192.168.28.136 255.255.255.255 127.0.0.1 127.0.0.1 20
> 192.168.28.255 255.255.255.255 192.168.28.22 192.168.28.22 50
> 192.168.28.255 255.255.255.255 192.168.28.136 192.168.28.136 20
> 224.0.0.0 240.0.0.0 192.168.28.22 192.168.28.22 50
> 224.0.0.0 240.0.0.0 192.168.28.136 192.168.28.136 20
> 255.255.255.255 255.255.255.255 192.168.28.22 192.168.28.22 1
> 255.255.255.255 255.255.255.255 192.168.28.22 10003 1
> 255.255.255.255 255.255.255.255 192.168.28.136 192.168.28.136 1
> Default Gateway: 192.168.28.254
> ================================================== =========================
> Persistent Routes:
> None
> This server can see all of Lan 1
>
> On Lan 2 RRAS says I have a route to Lan 1
> Destination,Network mask,Gateway,Interface,Metric,Protocol
> 0.0.0.0,0.0.0.0,203.52.143.33,Internet Connection ,20,Network management
> 127.0.0.0,255.0.0.0,127.0.0.1,Loopback,1,Local
> 127.0.0.1,255.255.255.255,127.0.0.1,Loopback,1,Loc al
> 192.168.27.0,255.255.255.0,192.168.27.3,Local Area Connection,10,Local
> 192.168.27.3,255.255.255.255,127.0.0.1,Loopback,10 ,Local
> 192.168.27.255,255.255.255.255,192.168.27.3,Local Area Connection,10,Local
> 192.168.28.0,255.255.255.0,192.168.28.2,Internal,1 ,Network management
> 192.168.28.2,255.255.255.255,127.0.0.1,Loopback,50 ,Local
> 192.168.28.22,255.255.255.255,192.168.28.2,Interna l,1,Network management
> 203.52.143.32,255.255.255.248,203.52.143.36,Intern et Connection ,20,Local
> 203.52.143.36,255.255.255.255,127.0.0.1,Loopback,2 0,Local
> 203.52.143.255,255.255.255.255,203.52.143.36,Inter net Connection ,20,Local
> 220.240.235.41,255.255.255.255,203.52.143.33,Inter net Connection
> ,20,Network management
> 224.0.0.0,240.0.0.0,203.52.143.36,Internet Connection ,20,Local
> 224.0.0.0,240.0.0.0,192.168.27.3,Local Area Connection,10,Local
> 255.255.255.255,255.255.255.255,203.52.143.36,Inte rnet Connection ,1,Local
> 255.255.255.255,255.255.255.255,192.168.27.3,Local Area Connection,1,Local
>
> But Netstat -nr dosn't report it and the only ip address on Lan 2 I can
> ping is that of the VPN end point
> Any pointers would be appreciated.
>
> TIA
>
> PS. I found one article that suggested a VPN server with a single NIC may
> not route under some conditions. Might this be my issue?
>

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Missing routing in LAN-WAN routing	mc	Windows Networking	5	12-03-2008 03:22 PM
Win2003 R2 server just stops routing traffic until I restart Routing service	Martijn Tonies	Windows Networking	8	11-03-2008 11:05 AM
IP Routing	ITCOM	Windows Networking	1	07-30-2007 04:29 PM
I not find the NAT/Basic Firewall under Routing\IP Routing	mtczx232@yahoo.com	Windows Networking	2	12-16-2006 04:08 PM
routing between 2 nic	ckwong19802003@yahoo.com	Windows Networking	7	02-13-2006 01:43 PM