Please Help Site-To-Site without ISA

Hello, I was wondering if someone could help. I am trying to configure a
demand dial interface using RRAS and not using ISA. I have a standard
linksys on remote and local networks. The servers then sit behind the
router as a standard client like all other computers. I then want to
initiate a demand dial VPN to remote network (persistent) and allow the
client to beable to use the RRAS demand dial connection as a router. I do
not want the clients to be behind the server in a NAT environment as I think
it just complicates things. I created the demand dial interface VPN and
connects perfectly fine. The server locally can ping internally and
externally on both networks. I then add a route add that tells the clients
to use the server NIC when exiting to the remote network. I can ping the
local server's IP assigned by the remote server, but my clients cannot ping
beyond this point. Any help would be greatly appreciated. Thanks.

For a site to site VPN you need to have RRAS servers at both ends of the
link. Each RRAS server has a demand-dial interface configured and there is a
subnet route for the "other" site associated with each demand-dial
interface. The "calling" router must use the name of the demand-dial
interface on the "answering" router as its username when connecting. This
binds the connection to the dd interface and activates the subnet route.

When the VPN connects correctly, each RRAS router has a subnet route to
the "other" site through the VPN. If each RRAS router is the default gateway
for its local LAN, the site to site link now works. If the default gateway
is the Linksys, you still have work to do. You need to get the private
traffic to the RRAS router before it tries to cross the Internet. If you
don't it has not been encrypted and encapsulated. It still has a private IP
and is discarded.

The way to fix that is to add a static route to the Linksys to bounce
the private subnet of the "other" site to the RRAS router. The RRAS router
will then encrypt and encapsulate the traffic before sending it back to the
gateway router. It now has a public IP header and can be sent across the
Internet to the other site.

Site A

192.168.16.x dg 192.168.16.1
|
RRAS
192.168.16.n dg 192.168.16.1
|
192.168.16.1
Linksys (static route 192.168.33.0 255.255.255.0 192.168.16.n)
Public IP
|
Internet
|
Public IP
Linksys (static route 192.168.16.0 255.255.255.0 192.168.33.n)
192.168.33.1
|
RRAS
192.168.33.n dg 192.168.33.1
|
192.168.33.x dg 192.168.33.1

Site B


"msnews.microsoft.com" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hello, I was wondering if someone could help. I am trying to configure a
> demand dial interface using RRAS and not using ISA. I have a standard
> linksys on remote and local networks. The servers then sit behind the
> router as a standard client like all other computers. I then want to
> initiate a demand dial VPN to remote network (persistent) and allow the
> client to beable to use the RRAS demand dial connection as a router. I do
> not want the clients to be behind the server in a NAT environment as I
> think it just complicates things. I created the demand dial interface VPN
> and connects perfectly fine. The server locally can ping internally and
> externally on both networks. I then add a route add that tells the
> clients to use the server NIC when exiting to the remote network. I can
> ping the local server's IP assigned by the remote server, but my clients
> cannot ping beyond this point. Any help would be greatly appreciated.
> Thanks.
>

Thank you very much for your response. I still am not able to get it to
work. I even made a couple changes to see if it will work. I added a
second NIC to the server. Then I configured NAT and VPN on the server. I
still am using the Linksys router as it is connected to the public side of
the NAT. Right now I don't care if the remote end can communicate to my
end. I created the demand dial interface on my server. Here is the
following diagram;

192.168.0.x dg 192.168.0.7
|
RRAS 192.168.0.7 Private Interface dg 192.168.0.7
Has a static route added by default by the New Demand Dial wizard
10.10.0.0 mask 255.255.255.0 using the Demand Dial Interface
|
10.100.0.2 Public Interface dg 10.100.0.1
|
10.100.0.1 Linksys Firewall
|
Internet
|
10.10.0.1 Firewall Linksys
|
RRAS 10.10.0.2 dg 10.10.0.1
|
10.10.0.x dg 10.10.0.1

The VPN connects successfully and only the server can ping all IP's on
remote end. The only IP the client can ping is the address that is assigned
to the server by the remote VPN server. Any ideas would be greatly
appreciated. Thank you very much.

"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
> For a site to site VPN you need to have RRAS servers at both ends of the
> link. Each RRAS server has a demand-dial interface configured and there is
> a subnet route for the "other" site associated with each demand-dial
> interface. The "calling" router must use the name of the demand-dial
> interface on the "answering" router as its username when connecting. This
> binds the connection to the dd interface and activates the subnet route.
>
> When the VPN connects correctly, each RRAS router has a subnet route to
> the "other" site through the VPN. If each RRAS router is the default
> gateway for its local LAN, the site to site link now works. If the default
> gateway is the Linksys, you still have work to do. You need to get the
> private traffic to the RRAS router before it tries to cross the Internet.
> If you don't it has not been encrypted and encapsulated. It still has a
> private IP and is discarded.
>
> The way to fix that is to add a static route to the Linksys to bounce
> the private subnet of the "other" site to the RRAS router. The RRAS router
> will then encrypt and encapsulate the traffic before sending it back to
> the gateway router. It now has a public IP header and can be sent across
> the Internet to the other site.
>
> Site A
>
> 192.168.16.x dg 192.168.16.1
> |
> RRAS
> 192.168.16.n dg 192.168.16.1
> |
> 192.168.16.1
> Linksys (static route 192.168.33.0 255.255.255.0 192.168.16.n)
> Public IP
> |
> Internet
> |
> Public IP
> Linksys (static route 192.168.16.0 255.255.255.0 192.168.33.n)
> 192.168.33.1
> |
> RRAS
> 192.168.33.n dg 192.168.33.1
> |
> 192.168.33.x dg 192.168.33.1
>
> Site B
>
>
> "msnews.microsoft.com" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Hello, I was wondering if someone could help. I am trying to configure a
>> demand dial interface using RRAS and not using ISA. I have a standard
>> linksys on remote and local networks. The servers then sit behind the
>> router as a standard client like all other computers. I then want to
>> initiate a demand dial VPN to remote network (persistent) and allow the
>> client to beable to use the RRAS demand dial connection as a router. I
>> do not want the clients to be behind the server in a NAT environment as I
>> think it just complicates things. I created the demand dial interface
>> VPN and connects perfectly fine. The server locally can ping internally
>> and externally on both networks. I then add a route add that tells the
>> clients to use the server NIC when exiting to the remote network. I can
>> ping the local server's IP assigned by the remote server, but my clients
>> cannot ping beyond this point. Any help would be greatly appreciated.
>> Thanks.
>>
>
>

Why would you add a second NIC or install NAT? That makes things worse,
not better. Your Linksys is already doing all of that.

Get rid of both of those then read my post again.

"msnews.microsoft.com" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thank you very much for your response. I still am not able to get it to
> work. I even made a couple changes to see if it will work. I added a
> second NIC to the server. Then I configured NAT and VPN on the server. I
> still am using the Linksys router as it is connected to the public side of
> the NAT. Right now I don't care if the remote end can communicate to my
> end. I created the demand dial interface on my server. Here is the
> following diagram;
>
> 192.168.0.x dg 192.168.0.7
> |
> RRAS 192.168.0.7 Private Interface dg 192.168.0.7
> Has a static route added by default by the New Demand Dial wizard
> 10.10.0.0 mask 255.255.255.0 using the Demand Dial Interface
> |
> 10.100.0.2 Public Interface dg 10.100.0.1
> |
> 10.100.0.1 Linksys Firewall
> |
> Internet
> |
> 10.10.0.1 Firewall Linksys
> |
> RRAS 10.10.0.2 dg 10.10.0.1
> |
> 10.10.0.x dg 10.10.0.1
>
> The VPN connects successfully and only the server can ping all IP's on
> remote end. The only IP the client can ping is the address that is
> assigned to the server by the remote VPN server. Any ideas would be
> greatly appreciated. Thank you very much.
>
> "Bill Grant" <not.available@online> wrote in message
> news:(E-Mail Removed)...
>> For a site to site VPN you need to have RRAS servers at both ends of
>> the link. Each RRAS server has a demand-dial interface configured and
>> there is a subnet route for the "other" site associated with each
>> demand-dial interface. The "calling" router must use the name of the
>> demand-dial interface on the "answering" router as its username when
>> connecting. This binds the connection to the dd interface and activates
>> the subnet route.
>>
>> When the VPN connects correctly, each RRAS router has a subnet route
>> to the "other" site through the VPN. If each RRAS router is the default
>> gateway for its local LAN, the site to site link now works. If the
>> default gateway is the Linksys, you still have work to do. You need to
>> get the private traffic to the RRAS router before it tries to cross the
>> Internet. If you don't it has not been encrypted and encapsulated. It
>> still has a private IP and is discarded.
>>
>> The way to fix that is to add a static route to the Linksys to bounce
>> the private subnet of the "other" site to the RRAS router. The RRAS
>> router will then encrypt and encapsulate the traffic before sending it
>> back to the gateway router. It now has a public IP header and can be sent
>> across the Internet to the other site.
>>
>> Site A
>>
>> 192.168.16.x dg 192.168.16.1
>> |
>> RRAS
>> 192.168.16.n dg 192.168.16.1
>> |
>> 192.168.16.1
>> Linksys (static route 192.168.33.0 255.255.255.0 192.168.16.n)
>> Public IP
>> |
>> Internet
>> |
>> Public IP
>> Linksys (static route 192.168.16.0 255.255.255.0 192.168.33.n)
>> 192.168.33.1
>> |
>> RRAS
>> 192.168.33.n dg 192.168.33.1
>> |
>> 192.168.33.x dg 192.168.33.1
>>
>> Site B
>>
>>
>> "msnews.microsoft.com" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>>> Hello, I was wondering if someone could help. I am trying to configure
>>> a demand dial interface using RRAS and not using ISA. I have a standard
>>> linksys on remote and local networks. The servers then sit behind the
>>> router as a standard client like all other computers. I then want to
>>> initiate a demand dial VPN to remote network (persistent) and allow the
>>> client to beable to use the RRAS demand dial connection as a router. I
>>> do not want the clients to be behind the server in a NAT environment as
>>> I think it just complicates things. I created the demand dial interface
>>> VPN and connects perfectly fine. The server locally can ping internally
>>> and externally on both networks. I then add a route add that tells the
>>> clients to use the server NIC when exiting to the remote network. I can
>>> ping the local server's IP assigned by the remote server, but my clients
>>> cannot ping beyond this point. Any help would be greatly appreciated.
>>> Thanks.
>>>
>>
>>
>
>

It was a Microsoft MVP suggestion. I finally got it working. Needless to
say the Microsoft MVP didn't know what he was talking about. Thanks for all
your help. Is there a way to force a VPN connection to use a specific NIC,
or am I stuck with the NIC that is the VPN server? Have a great weekend.

"Bill Grant" <not.available@online> wrote in message
news:ON%(E-Mail Removed)...
> Why would you add a second NIC or install NAT? That makes things worse,
> not better. Your Linksys is already doing all of that.
>
> Get rid of both of those then read my post again.
>
> "msnews.microsoft.com" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Thank you very much for your response. I still am not able to get it to
>> work. I even made a couple changes to see if it will work. I added a
>> second NIC to the server. Then I configured NAT and VPN on the server.
>> I still am using the Linksys router as it is connected to the public side
>> of the NAT. Right now I don't care if the remote end can communicate to
>> my end. I created the demand dial interface on my server. Here is the
>> following diagram;
>>
>> 192.168.0.x dg 192.168.0.7
>> |
>> RRAS 192.168.0.7 Private Interface dg 192.168.0.7
>> Has a static route added by default by the New Demand Dial wizard
>> 10.10.0.0 mask 255.255.255.0 using the Demand Dial Interface
>> |
>> 10.100.0.2 Public Interface dg 10.100.0.1
>> |
>> 10.100.0.1 Linksys Firewall
>> |
>> Internet
>> |
>> 10.10.0.1 Firewall Linksys
>> |
>> RRAS 10.10.0.2 dg 10.10.0.1
>> |
>> 10.10.0.x dg 10.10.0.1
>>
>> The VPN connects successfully and only the server can ping all IP's on
>> remote end. The only IP the client can ping is the address that is
>> assigned to the server by the remote VPN server. Any ideas would be
>> greatly appreciated. Thank you very much.
>>
>> "Bill Grant" <not.available@online> wrote in message
>> news:(E-Mail Removed)...
>>> For a site to site VPN you need to have RRAS servers at both ends of
>>> the link. Each RRAS server has a demand-dial interface configured and
>>> there is a subnet route for the "other" site associated with each
>>> demand-dial interface. The "calling" router must use the name of the
>>> demand-dial interface on the "answering" router as its username when
>>> connecting. This binds the connection to the dd interface and activates
>>> the subnet route.
>>>
>>> When the VPN connects correctly, each RRAS router has a subnet route
>>> to the "other" site through the VPN. If each RRAS router is the default
>>> gateway for its local LAN, the site to site link now works. If the
>>> default gateway is the Linksys, you still have work to do. You need to
>>> get the private traffic to the RRAS router before it tries to cross the
>>> Internet. If you don't it has not been encrypted and encapsulated. It
>>> still has a private IP and is discarded.
>>>
>>> The way to fix that is to add a static route to the Linksys to bounce
>>> the private subnet of the "other" site to the RRAS router. The RRAS
>>> router will then encrypt and encapsulate the traffic before sending it
>>> back to the gateway router. It now has a public IP header and can be
>>> sent across the Internet to the other site.
>>>
>>> Site A
>>>
>>> 192.168.16.x dg 192.168.16.1
>>> |
>>> RRAS
>>> 192.168.16.n dg 192.168.16.1
>>> |
>>> 192.168.16.1
>>> Linksys (static route 192.168.33.0 255.255.255.0 192.168.16.n)
>>> Public IP
>>> |
>>> Internet
>>> |
>>> Public IP
>>> Linksys (static route 192.168.16.0 255.255.255.0 192.168.33.n)
>>> 192.168.33.1
>>> |
>>> RRAS
>>> 192.168.33.n dg 192.168.33.1
>>> |
>>> 192.168.33.x dg 192.168.33.1
>>>
>>> Site B
>>>
>>>
>>> "msnews.microsoft.com" <(E-Mail Removed)> wrote in message
>>> news:%(E-Mail Removed)...
>>>> Hello, I was wondering if someone could help. I am trying to configure
>>>> a demand dial interface using RRAS and not using ISA. I have a
>>>> standard linksys on remote and local networks. The servers then sit
>>>> behind the router as a standard client like all other computers. I
>>>> then want to initiate a demand dial VPN to remote network (persistent)
>>>> and allow the client to beable to use the RRAS demand dial connection
>>>> as a router. I do not want the clients to be behind the server in a
>>>> NAT environment as I think it just complicates things. I created the
>>>> demand dial interface VPN and connects perfectly fine. The server
>>>> locally can ping internally and externally on both networks. I then
>>>> add a route add that tells the clients to use the server NIC when
>>>> exiting to the remote network. I can ping the local server's IP
>>>> assigned by the remote server, but my clients cannot ping beyond this
>>>> point. Any help would be greatly appreciated. Thanks.
>>>>
>>>
>>>
>>
>>
>
>

Glad to hear you got it working. What exactly do you mean by "use a
specific NIC?"

A VPN connection does not really connect to any NIC. The VPN connection
terminates at the internal interface for a client-server or "dialup" type
connection and at the demand-dial interface for a router to router
connection.

"msnews.microsoft.com" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> It was a Microsoft MVP suggestion. I finally got it working. Needless to
> say the Microsoft MVP didn't know what he was talking about. Thanks for
> all your help. Is there a way to force a VPN connection to use a specific
> NIC, or am I stuck with the NIC that is the VPN server? Have a great
> weekend.
>
> "Bill Grant" <not.available@online> wrote in message
> news:ON%(E-Mail Removed)...
>> Why would you add a second NIC or install NAT? That makes things worse,
>> not better. Your Linksys is already doing all of that.
>>
>> Get rid of both of those then read my post again.
>>
>> "msnews.microsoft.com" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Thank you very much for your response. I still am not able to get it to
>>> work. I even made a couple changes to see if it will work. I added a
>>> second NIC to the server. Then I configured NAT and VPN on the server.
>>> I still am using the Linksys router as it is connected to the public
>>> side of the NAT. Right now I don't care if the remote end can
>>> communicate to my end. I created the demand dial interface on my
>>> server. Here is the following diagram;
>>>
>>> 192.168.0.x dg 192.168.0.7
>>> |
>>> RRAS 192.168.0.7 Private Interface dg 192.168.0.7
>>> Has a static route added by default by the New Demand Dial wizard
>>> 10.10.0.0 mask 255.255.255.0 using the Demand Dial Interface
>>> |
>>> 10.100.0.2 Public Interface dg 10.100.0.1
>>> |
>>> 10.100.0.1 Linksys Firewall
>>> |
>>> Internet
>>> |
>>> 10.10.0.1 Firewall Linksys
>>> |
>>> RRAS 10.10.0.2 dg 10.10.0.1
>>> |
>>> 10.10.0.x dg 10.10.0.1
>>>
>>> The VPN connects successfully and only the server can ping all IP's on
>>> remote end. The only IP the client can ping is the address that is
>>> assigned to the server by the remote VPN server. Any ideas would be
>>> greatly appreciated. Thank you very much.
>>>
>>> "Bill Grant" <not.available@online> wrote in message
>>> news:(E-Mail Removed)...
>>>> For a site to site VPN you need to have RRAS servers at both ends of
>>>> the link. Each RRAS server has a demand-dial interface configured and
>>>> there is a subnet route for the "other" site associated with each
>>>> demand-dial interface. The "calling" router must use the name of the
>>>> demand-dial interface on the "answering" router as its username when
>>>> connecting. This binds the connection to the dd interface and activates
>>>> the subnet route.
>>>>
>>>> When the VPN connects correctly, each RRAS router has a subnet route
>>>> to the "other" site through the VPN. If each RRAS router is the default
>>>> gateway for its local LAN, the site to site link now works. If the
>>>> default gateway is the Linksys, you still have work to do. You need to
>>>> get the private traffic to the RRAS router before it tries to cross the
>>>> Internet. If you don't it has not been encrypted and encapsulated. It
>>>> still has a private IP and is discarded.
>>>>
>>>> The way to fix that is to add a static route to the Linksys to
>>>> bounce the private subnet of the "other" site to the RRAS router. The
>>>> RRAS router will then encrypt and encapsulate the traffic before
>>>> sending it back to the gateway router. It now has a public IP header
>>>> and can be sent across the Internet to the other site.
>>>>
>>>> Site A
>>>>
>>>> 192.168.16.x dg 192.168.16.1
>>>> |
>>>> RRAS
>>>> 192.168.16.n dg 192.168.16.1
>>>> |
>>>> 192.168.16.1
>>>> Linksys (static route 192.168.33.0 255.255.255.0 192.168.16.n)
>>>> Public IP
>>>> |
>>>> Internet
>>>> |
>>>> Public IP
>>>> Linksys (static route 192.168.16.0 255.255.255.0 192.168.33.n)
>>>> 192.168.33.1
>>>> |
>>>> RRAS
>>>> 192.168.33.n dg 192.168.33.1
>>>> |
>>>> 192.168.33.x dg 192.168.33.1
>>>>
>>>> Site B
>>>>
>>>>
>>>> "msnews.microsoft.com" <(E-Mail Removed)> wrote in message
>>>> news:%(E-Mail Removed)...
>>>>> Hello, I was wondering if someone could help. I am trying to
>>>>> configure a demand dial interface using RRAS and not using ISA. I
>>>>> have a standard linksys on remote and local networks. The servers
>>>>> then sit behind the router as a standard client like all other
>>>>> computers. I then want to initiate a demand dial VPN to remote
>>>>> network (persistent) and allow the client to beable to use the RRAS
>>>>> demand dial connection as a router. I do not want the clients to be
>>>>> behind the server in a NAT environment as I think it just complicates
>>>>> things. I created the demand dial interface VPN and connects
>>>>> perfectly fine. The server locally can ping internally and externally
>>>>> on both networks. I then add a route add that tells the clients to
>>>>> use the server NIC when exiting to the remote network. I can ping the
>>>>> local server's IP assigned by the remote server, but my clients cannot
>>>>> ping beyond this point. Any help would be greatly appreciated.
>>>>> Thanks.
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Thnak you again for replying. What I would like to do is have multiple
NIC's on the VPN deman dial server. Then have each NIC dedicated to
different networks. Right now when I dial out with the VPN server, it
always goes out the NIC that the server is using to surf the internet. The
server right now has 3 NIC's each NIC with a static IP connected to the
Linksys firewall. Is it possible with my current setup? Thanks.

"Bill Grant" <not.available@online> wrote in message
news:e9B$C$(E-Mail Removed)...
> Glad to hear you got it working. What exactly do you mean by "use a
> specific NIC?"
>
> A VPN connection does not really connect to any NIC. The VPN connection
> terminates at the internal interface for a client-server or "dialup" type
> connection and at the demand-dial interface for a router to router
> connection.
>
> "msnews.microsoft.com" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> It was a Microsoft MVP suggestion. I finally got it working. Needless
>> to say the Microsoft MVP didn't know what he was talking about. Thanks
>> for all your help. Is there a way to force a VPN connection to use a
>> specific NIC, or am I stuck with the NIC that is the VPN server? Have a
>> great weekend.
>>
>> "Bill Grant" <not.available@online> wrote in message
>> news:ON%(E-Mail Removed)...
>>> Why would you add a second NIC or install NAT? That makes things
>>> worse, not better. Your Linksys is already doing all of that.
>>>
>>> Get rid of both of those then read my post again.
>>>
>>> "msnews.microsoft.com" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>> Thank you very much for your response. I still am not able to get it
>>>> to work. I even made a couple changes to see if it will work. I added
>>>> a second NIC to the server. Then I configured NAT and VPN on the
>>>> server. I still am using the Linksys router as it is connected to the
>>>> public side of the NAT. Right now I don't care if the remote end can
>>>> communicate to my end. I created the demand dial interface on my
>>>> server. Here is the following diagram;
>>>>
>>>> 192.168.0.x dg 192.168.0.7
>>>> |
>>>> RRAS 192.168.0.7 Private Interface dg 192.168.0.7
>>>> Has a static route added by default by the New Demand Dial wizard
>>>> 10.10.0.0 mask 255.255.255.0 using the Demand Dial Interface
>>>> |
>>>> 10.100.0.2 Public Interface dg 10.100.0.1
>>>> |
>>>> 10.100.0.1 Linksys Firewall
>>>> |
>>>> Internet
>>>> |
>>>> 10.10.0.1 Firewall Linksys
>>>> |
>>>> RRAS 10.10.0.2 dg 10.10.0.1
>>>> |
>>>> 10.10.0.x dg 10.10.0.1
>>>>
>>>> The VPN connects successfully and only the server can ping all IP's on
>>>> remote end. The only IP the client can ping is the address that is
>>>> assigned to the server by the remote VPN server. Any ideas would be
>>>> greatly appreciated. Thank you very much.
>>>>
>>>> "Bill Grant" <not.available@online> wrote in message
>>>> news:(E-Mail Removed)...
>>>>> For a site to site VPN you need to have RRAS servers at both ends of
>>>>> the link. Each RRAS server has a demand-dial interface configured and
>>>>> there is a subnet route for the "other" site associated with each
>>>>> demand-dial interface. The "calling" router must use the name of the
>>>>> demand-dial interface on the "answering" router as its username when
>>>>> connecting. This binds the connection to the dd interface and
>>>>> activates the subnet route.
>>>>>
>>>>> When the VPN connects correctly, each RRAS router has a subnet
>>>>> route to the "other" site through the VPN. If each RRAS router is the
>>>>> default gateway for its local LAN, the site to site link now works. If
>>>>> the default gateway is the Linksys, you still have work to do. You
>>>>> need to get the private traffic to the RRAS router before it tries to
>>>>> cross the Internet. If you don't it has not been encrypted and
>>>>> encapsulated. It still has a private IP and is discarded.
>>>>>
>>>>> The way to fix that is to add a static route to the Linksys to
>>>>> bounce the private subnet of the "other" site to the RRAS router. The
>>>>> RRAS router will then encrypt and encapsulate the traffic before
>>>>> sending it back to the gateway router. It now has a public IP header
>>>>> and can be sent across the Internet to the other site.
>>>>>
>>>>> Site A
>>>>>
>>>>> 192.168.16.x dg 192.168.16.1
>>>>> |
>>>>> RRAS
>>>>> 192.168.16.n dg 192.168.16.1
>>>>> |
>>>>> 192.168.16.1
>>>>> Linksys (static route 192.168.33.0 255.255.255.0 192.168.16.n)
>>>>> Public IP
>>>>> |
>>>>> Internet
>>>>> |
>>>>> Public IP
>>>>> Linksys (static route 192.168.16.0 255.255.255.0 192.168.33.n)
>>>>> 192.168.33.1
>>>>> |
>>>>> RRAS
>>>>> 192.168.33.n dg 192.168.33.1
>>>>> |
>>>>> 192.168.33.x dg 192.168.33.1
>>>>>
>>>>> Site B
>>>>>
>>>>>
>>>>> "msnews.microsoft.com" <(E-Mail Removed)> wrote in message
>>>>> news:%(E-Mail Removed)...
>>>>>> Hello, I was wondering if someone could help. I am trying to
>>>>>> configure a demand dial interface using RRAS and not using ISA. I
>>>>>> have a standard linksys on remote and local networks. The servers
>>>>>> then sit behind the router as a standard client like all other
>>>>>> computers. I then want to initiate a demand dial VPN to remote
>>>>>> network (persistent) and allow the client to beable to use the RRAS
>>>>>> demand dial connection as a router. I do not want the clients to be
>>>>>> behind the server in a NAT environment as I think it just complicates
>>>>>> things. I created the demand dial interface VPN and connects
>>>>>> perfectly fine. The server locally can ping internally and
>>>>>> externally on both networks. I then add a route add that tells the
>>>>>> clients to use the server NIC when exiting to the remote network. I
>>>>>> can ping the local server's IP assigned by the remote server, but my
>>>>>> clients cannot ping beyond this point. Any help would be greatly
>>>>>> appreciated. Thanks.
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

No. The VPN traffic must go out through the default gateway. While it is
crossing the Internet, the VPN traffic is encrypted and encapsulated inside
a packet with a registered public IP. There is no point in having multiple
NICs in the server if they all connect to the Linksys. The system will only
use one of them. You can only have one default gateway, even if the NICs
were connected to different routers.

<(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Thnak you again for replying. What I would like to do is have multiple
> NIC's on the VPN deman dial server. Then have each NIC dedicated to
> different networks. Right now when I dial out with the VPN server, it
> always goes out the NIC that the server is using to surf the internet.
> The server right now has 3 NIC's each NIC with a static IP connected to
> the Linksys firewall. Is it possible with my current setup? Thanks.
>
> "Bill Grant" <not.available@online> wrote in message
> news:e9B$C$(E-Mail Removed)...
>> Glad to hear you got it working. What exactly do you mean by "use a
>> specific NIC?"
>>
>> A VPN connection does not really connect to any NIC. The VPN
>> connection terminates at the internal interface for a client-server or
>> "dialup" type connection and at the demand-dial interface for a router to
>> router connection.
>>
>> "msnews.microsoft.com" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> It was a Microsoft MVP suggestion. I finally got it working. Needless
>>> to say the Microsoft MVP didn't know what he was talking about. Thanks
>>> for all your help. Is there a way to force a VPN connection to use a
>>> specific NIC, or am I stuck with the NIC that is the VPN server? Have a
>>> great weekend.
>>>
>>> "Bill Grant" <not.available@online> wrote in message
>>> news:ON%(E-Mail Removed)...
>>>> Why would you add a second NIC or install NAT? That makes things
>>>> worse, not better. Your Linksys is already doing all of that.
>>>>
>>>> Get rid of both of those then read my post again.
>>>>
>>>> "msnews.microsoft.com" <(E-Mail Removed)> wrote in message
>>>> news:(E-Mail Removed)...
>>>>> Thank you very much for your response. I still am not able to get it
>>>>> to work. I even made a couple changes to see if it will work. I
>>>>> added a second NIC to the server. Then I configured NAT and VPN on
>>>>> the server. I still am using the Linksys router as it is connected to
>>>>> the public side of the NAT. Right now I don't care if the remote end
>>>>> can communicate to my end. I created the demand dial interface on my
>>>>> server. Here is the following diagram;
>>>>>
>>>>> 192.168.0.x dg 192.168.0.7
>>>>> |
>>>>> RRAS 192.168.0.7 Private Interface dg 192.168.0.7
>>>>> Has a static route added by default by the New Demand Dial wizard
>>>>> 10.10.0.0 mask 255.255.255.0 using the Demand Dial Interface
>>>>> |
>>>>> 10.100.0.2 Public Interface dg 10.100.0.1
>>>>> |
>>>>> 10.100.0.1 Linksys Firewall
>>>>> |
>>>>> Internet
>>>>> |
>>>>> 10.10.0.1 Firewall Linksys
>>>>> |
>>>>> RRAS 10.10.0.2 dg 10.10.0.1
>>>>> |
>>>>> 10.10.0.x dg 10.10.0.1
>>>>>
>>>>> The VPN connects successfully and only the server can ping all IP's on
>>>>> remote end. The only IP the client can ping is the address that is
>>>>> assigned to the server by the remote VPN server. Any ideas would be
>>>>> greatly appreciated. Thank you very much.
>>>>>
>>>>> "Bill Grant" <not.available@online> wrote in message
>>>>> news:(E-Mail Removed)...
>>>>>> For a site to site VPN you need to have RRAS servers at both ends
>>>>>> of the link. Each RRAS server has a demand-dial interface configured
>>>>>> and there is a subnet route for the "other" site associated with each
>>>>>> demand-dial interface. The "calling" router must use the name of the
>>>>>> demand-dial interface on the "answering" router as its username when
>>>>>> connecting. This binds the connection to the dd interface and
>>>>>> activates the subnet route.
>>>>>>
>>>>>> When the VPN connects correctly, each RRAS router has a subnet
>>>>>> route to the "other" site through the VPN. If each RRAS router is the
>>>>>> default gateway for its local LAN, the site to site link now works.
>>>>>> If the default gateway is the Linksys, you still have work to do. You
>>>>>> need to get the private traffic to the RRAS router before it tries to
>>>>>> cross the Internet. If you don't it has not been encrypted and
>>>>>> encapsulated. It still has a private IP and is discarded.
>>>>>>
>>>>>> The way to fix that is to add a static route to the Linksys to
>>>>>> bounce the private subnet of the "other" site to the RRAS router. The
>>>>>> RRAS router will then encrypt and encapsulate the traffic before
>>>>>> sending it back to the gateway router. It now has a public IP header
>>>>>> and can be sent across the Internet to the other site.
>>>>>>
>>>>>> Site A
>>>>>>
>>>>>> 192.168.16.x dg 192.168.16.1
>>>>>> |
>>>>>> RRAS
>>>>>> 192.168.16.n dg 192.168.16.1
>>>>>> |
>>>>>> 192.168.16.1
>>>>>> Linksys (static route 192.168.33.0 255.255.255.0 192.168.16.n)
>>>>>> Public IP
>>>>>> |
>>>>>> Internet
>>>>>> |
>>>>>> Public IP
>>>>>> Linksys (static route 192.168.16.0 255.255.255.0 192.168.33.n)
>>>>>> 192.168.33.1
>>>>>> |
>>>>>> RRAS
>>>>>> 192.168.33.n dg 192.168.33.1
>>>>>> |
>>>>>> 192.168.33.x dg 192.168.33.1
>>>>>>
>>>>>> Site B
>>>>>>
>>>>>>
>>>>>> "msnews.microsoft.com" <(E-Mail Removed)> wrote in message
>>>>>> news:%(E-Mail Removed)...
>>>>>>> Hello, I was wondering if someone could help. I am trying to
>>>>>>> configure a demand dial interface using RRAS and not using ISA. I
>>>>>>> have a standard linksys on remote and local networks. The servers
>>>>>>> then sit behind the router as a standard client like all other
>>>>>>> computers. I then want to initiate a demand dial VPN to remote
>>>>>>> network (persistent) and allow the client to beable to use the RRAS
>>>>>>> demand dial connection as a router. I do not want the clients to be
>>>>>>> behind the server in a NAT environment as I think it just
>>>>>>> complicates things. I created the demand dial interface VPN and
>>>>>>> connects perfectly fine. The server locally can ping internally and
>>>>>>> externally on both networks. I then add a route add that tells the
>>>>>>> clients to use the server NIC when exiting to the remote network. I
>>>>>>> can ping the local server's IP assigned by the remote server, but my
>>>>>>> clients cannot ping beyond this point. Any help would be greatly
>>>>>>> appreciated. Thanks.
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

What other networks do you need to connect to? Do you want to reach them
by VPN?

You can configure more than one site to site VPN connection on the
server. You set up a new demand-dial interface and configure a new site to
site connection using a different subnet route. The traffic still all goes
out through the default gateway. But the encapsulated packets now have the
public IP of the VPN server at the second site on the front.

"Bill Grant" <not.available@online> wrote in message
news:%(E-Mail Removed)...
> No. The VPN traffic must go out through the default gateway. While it is
> crossing the Internet, the VPN traffic is encrypted and encapsulated
> inside a packet with a registered public IP. There is no point in having
> multiple NICs in the server if they all connect to the Linksys. The system
> will only use one of them. You can only have one default gateway, even if
> the NICs were connected to different routers.
>
> <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Thnak you again for replying. What I would like to do is have multiple
>> NIC's on the VPN deman dial server. Then have each NIC dedicated to
>> different networks. Right now when I dial out with the VPN server, it
>> always goes out the NIC that the server is using to surf the internet.
>> The server right now has 3 NIC's each NIC with a static IP connected to
>> the Linksys firewall. Is it possible with my current setup? Thanks.
>>
>> "Bill Grant" <not.available@online> wrote in message
>> news:e9B$C$(E-Mail Removed)...
>>> Glad to hear you got it working. What exactly do you mean by "use a
>>> specific NIC?"
>>>
>>> A VPN connection does not really connect to any NIC. The VPN
>>> connection terminates at the internal interface for a client-server or
>>> "dialup" type connection and at the demand-dial interface for a router
>>> to router connection.
>>>
>>> "msnews.microsoft.com" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>> It was a Microsoft MVP suggestion. I finally got it working. Needless
>>>> to say the Microsoft MVP didn't know what he was talking about. Thanks
>>>> for all your help. Is there a way to force a VPN connection to use a
>>>> specific NIC, or am I stuck with the NIC that is the VPN server? Have
>>>> a great weekend.
>>>>
>>>> "Bill Grant" <not.available@online> wrote in message
>>>> news:ON%(E-Mail Removed)...
>>>>> Why would you add a second NIC or install NAT? That makes things
>>>>> worse, not better. Your Linksys is already doing all of that.
>>>>>
>>>>> Get rid of both of those then read my post again.
>>>>>
>>>>> "msnews.microsoft.com" <(E-Mail Removed)> wrote in message
>>>>> news:(E-Mail Removed)...
>>>>>> Thank you very much for your response. I still am not able to get it
>>>>>> to work. I even made a couple changes to see if it will work. I
>>>>>> added a second NIC to the server. Then I configured NAT and VPN on
>>>>>> the server. I still am using the Linksys router as it is connected to
>>>>>> the public side of the NAT. Right now I don't care if the remote end
>>>>>> can communicate to my end. I created the demand dial interface on my
>>>>>> server. Here is the following diagram;
>>>>>>
>>>>>> 192.168.0.x dg 192.168.0.7
>>>>>> |
>>>>>> RRAS 192.168.0.7 Private Interface dg 192.168.0.7
>>>>>> Has a static route added by default by the New Demand Dial wizard
>>>>>> 10.10.0.0 mask 255.255.255.0 using the Demand Dial Interface
>>>>>> |
>>>>>> 10.100.0.2 Public Interface dg 10.100.0.1
>>>>>> |
>>>>>> 10.100.0.1 Linksys Firewall
>>>>>> |
>>>>>> Internet
>>>>>> |
>>>>>> 10.10.0.1 Firewall Linksys
>>>>>> |
>>>>>> RRAS 10.10.0.2 dg 10.10.0.1
>>>>>> |
>>>>>> 10.10.0.x dg 10.10.0.1
>>>>>>
>>>>>> The VPN connects successfully and only the server can ping all IP's
>>>>>> on remote end. The only IP the client can ping is the address that
>>>>>> is assigned to the server by the remote VPN server. Any ideas would
>>>>>> be greatly appreciated. Thank you very much.
>>>>>>
>>>>>> "Bill Grant" <not.available@online> wrote in message
>>>>>> news:(E-Mail Removed)...
>>>>>>> For a site to site VPN you need to have RRAS servers at both ends
>>>>>>> of the link. Each RRAS server has a demand-dial interface configured
>>>>>>> and there is a subnet route for the "other" site associated with
>>>>>>> each demand-dial interface. The "calling" router must use the name
>>>>>>> of the demand-dial interface on the "answering" router as its
>>>>>>> username when connecting. This binds the connection to the dd
>>>>>>> interface and activates the subnet route.
>>>>>>>
>>>>>>> When the VPN connects correctly, each RRAS router has a subnet
>>>>>>> route to the "other" site through the VPN. If each RRAS router is
>>>>>>> the default gateway for its local LAN, the site to site link now
>>>>>>> works. If the default gateway is the Linksys, you still have work to
>>>>>>> do. You need to get the private traffic to the RRAS router before it
>>>>>>> tries to cross the Internet. If you don't it has not been encrypted
>>>>>>> and encapsulated. It still has a private IP and is discarded.
>>>>>>>
>>>>>>> The way to fix that is to add a static route to the Linksys to
>>>>>>> bounce the private subnet of the "other" site to the RRAS router.
>>>>>>> The RRAS router will then encrypt and encapsulate the traffic before
>>>>>>> sending it back to the gateway router. It now has a public IP header
>>>>>>> and can be sent across the Internet to the other site.
>>>>>>>
>>>>>>> Site A
>>>>>>>
>>>>>>> 192.168.16.x dg 192.168.16.1
>>>>>>> |
>>>>>>> RRAS
>>>>>>> 192.168.16.n dg 192.168.16.1
>>>>>>> |
>>>>>>> 192.168.16.1
>>>>>>> Linksys (static route 192.168.33.0 255.255.255.0 192.168.16.n)
>>>>>>> Public IP
>>>>>>> |
>>>>>>> Internet
>>>>>>> |
>>>>>>> Public IP
>>>>>>> Linksys (static route 192.168.16.0 255.255.255.0 192.168.33.n)
>>>>>>> 192.168.33.1
>>>>>>> |
>>>>>>> RRAS
>>>>>>> 192.168.33.n dg 192.168.33.1
>>>>>>> |
>>>>>>> 192.168.33.x dg 192.168.33.1
>>>>>>>
>>>>>>> Site B
>>>>>>>
>>>>>>>
>>>>>>> "msnews.microsoft.com" <(E-Mail Removed)> wrote in message
>>>>>>> news:%(E-Mail Removed)...
>>>>>>>> Hello, I was wondering if someone could help. I am trying to
>>>>>>>> configure a demand dial interface using RRAS and not using ISA. I
>>>>>>>> have a standard linksys on remote and local networks. The servers
>>>>>>>> then sit behind the router as a standard client like all other
>>>>>>>> computers. I then want to initiate a demand dial VPN to remote
>>>>>>>> network (persistent) and allow the client to beable to use the RRAS
>>>>>>>> demand dial connection as a router. I do not want the clients to
>>>>>>>> be behind the server in a NAT environment as I think it just
>>>>>>>> complicates things. I created the demand dial interface VPN and
>>>>>>>> connects perfectly fine. The server locally can ping internally
>>>>>>>> and externally on both networks. I then add a route add that tells
>>>>>>>> the clients to use the server NIC when exiting to the remote
>>>>>>>> network. I can ping the local server's IP assigned by the remote
>>>>>>>> server, but my clients cannot ping beyond this point. Any help
>>>>>>>> would be greatly appreciated. Thanks.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Thank for all the information. It answers all my questions. I sort of
wanted to keep it clean, and have different VPN's using different NIC's.
But I guess I can't as it is going to use different gateways. Thank you
very much and have a great week.

"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
> What other networks do you need to connect to? Do you want to reach them
> by VPN?
>
> You can configure more than one site to site VPN connection on the
> server. You set up a new demand-dial interface and configure a new site to
> site connection using a different subnet route. The traffic still all goes
> out through the default gateway. But the encapsulated packets now have the
> public IP of the VPN server at the second site on the front.
>
> "Bill Grant" <not.available@online> wrote in message
> news:%(E-Mail Removed)...
>> No. The VPN traffic must go out through the default gateway. While it
>> is crossing the Internet, the VPN traffic is encrypted and encapsulated
>> inside a packet with a registered public IP. There is no point in having
>> multiple NICs in the server if they all connect to the Linksys. The
>> system will only use one of them. You can only have one default gateway,
>> even if the NICs were connected to different routers.
>>
>> <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>>> Thnak you again for replying. What I would like to do is have multiple
>>> NIC's on the VPN deman dial server. Then have each NIC dedicated to
>>> different networks. Right now when I dial out with the VPN server, it
>>> always goes out the NIC that the server is using to surf the internet.
>>> The server right now has 3 NIC's each NIC with a static IP connected to
>>> the Linksys firewall. Is it possible with my current setup? Thanks.
>>>
>>> "Bill Grant" <not.available@online> wrote in message
>>> news:e9B$C$(E-Mail Removed)...
>>>> Glad to hear you got it working. What exactly do you mean by "use a
>>>> specific NIC?"
>>>>
>>>> A VPN connection does not really connect to any NIC. The VPN
>>>> connection terminates at the internal interface for a client-server or
>>>> "dialup" type connection and at the demand-dial interface for a router
>>>> to router connection.
>>>>
>>>> "msnews.microsoft.com" <(E-Mail Removed)> wrote in message
>>>> news:(E-Mail Removed)...
>>>>> It was a Microsoft MVP suggestion. I finally got it working.
>>>>> Needless to say the Microsoft MVP didn't know what he was talking
>>>>> about. Thanks for all your help. Is there a way to force a VPN
>>>>> connection to use a specific NIC, or am I stuck with the NIC that is
>>>>> the VPN server? Have a great weekend.
>>>>>
>>>>> "Bill Grant" <not.available@online> wrote in message
>>>>> news:ON%(E-Mail Removed)...
>>>>>> Why would you add a second NIC or install NAT? That makes things
>>>>>> worse, not better. Your Linksys is already doing all of that.
>>>>>>
>>>>>> Get rid of both of those then read my post again.
>>>>>>
>>>>>> "msnews.microsoft.com" <(E-Mail Removed)> wrote in message
>>>>>> news:(E-Mail Removed)...
>>>>>>> Thank you very much for your response. I still am not able to get
>>>>>>> it to work. I even made a couple changes to see if it will work. I
>>>>>>> added a second NIC to the server. Then I configured NAT and VPN on
>>>>>>> the server. I still am using the Linksys router as it is connected
>>>>>>> to the public side of the NAT. Right now I don't care if the remote
>>>>>>> end can communicate to my end. I created the demand dial interface
>>>>>>> on my server. Here is the following diagram;
>>>>>>>
>>>>>>> 192.168.0.x dg 192.168.0.7
>>>>>>> |
>>>>>>> RRAS 192.168.0.7 Private Interface dg 192.168.0.7
>>>>>>> Has a static route added by default by the New Demand Dial wizard
>>>>>>> 10.10.0.0 mask 255.255.255.0 using the Demand Dial Interface
>>>>>>> |
>>>>>>> 10.100.0.2 Public Interface dg 10.100.0.1
>>>>>>> |
>>>>>>> 10.100.0.1 Linksys Firewall
>>>>>>> |
>>>>>>> Internet
>>>>>>> |
>>>>>>> 10.10.0.1 Firewall Linksys
>>>>>>> |
>>>>>>> RRAS 10.10.0.2 dg 10.10.0.1
>>>>>>> |
>>>>>>> 10.10.0.x dg 10.10.0.1
>>>>>>>
>>>>>>> The VPN connects successfully and only the server can ping all IP's
>>>>>>> on remote end. The only IP the client can ping is the address that
>>>>>>> is assigned to the server by the remote VPN server. Any ideas would
>>>>>>> be greatly appreciated. Thank you very much.
>>>>>>>
>>>>>>> "Bill Grant" <not.available@online> wrote in message
>>>>>>> news:(E-Mail Removed)...
>>>>>>>> For a site to site VPN you need to have RRAS servers at both ends
>>>>>>>> of the link. Each RRAS server has a demand-dial interface
>>>>>>>> configured and there is a subnet route for the "other" site
>>>>>>>> associated with each demand-dial interface. The "calling" router
>>>>>>>> must use the name of the demand-dial interface on the "answering"
>>>>>>>> router as its username when connecting. This binds the connection
>>>>>>>> to the dd interface and activates the subnet route.
>>>>>>>>
>>>>>>>> When the VPN connects correctly, each RRAS router has a subnet
>>>>>>>> route to the "other" site through the VPN. If each RRAS router is
>>>>>>>> the default gateway for its local LAN, the site to site link now
>>>>>>>> works. If the default gateway is the Linksys, you still have work
>>>>>>>> to do. You need to get the private traffic to the RRAS router
>>>>>>>> before it tries to cross the Internet. If you don't it has not been
>>>>>>>> encrypted and encapsulated. It still has a private IP and is
>>>>>>>> discarded.
>>>>>>>>
>>>>>>>> The way to fix that is to add a static route to the Linksys to
>>>>>>>> bounce the private subnet of the "other" site to the RRAS router.
>>>>>>>> The RRAS router will then encrypt and encapsulate the traffic
>>>>>>>> before sending it back to the gateway router. It now has a public
>>>>>>>> IP header and can be sent across the Internet to the other site.
>>>>>>>>
>>>>>>>> Site A
>>>>>>>>
>>>>>>>> 192.168.16.x dg 192.168.16.1
>>>>>>>> |
>>>>>>>> RRAS
>>>>>>>> 192.168.16.n dg 192.168.16.1
>>>>>>>> |
>>>>>>>> 192.168.16.1
>>>>>>>> Linksys (static route 192.168.33.0 255.255.255.0
>>>>>>>> 192.168.16.n)
>>>>>>>> Public IP
>>>>>>>> |
>>>>>>>> Internet
>>>>>>>> |
>>>>>>>> Public IP
>>>>>>>> Linksys (static route 192.168.16.0 255.255.255.0
>>>>>>>> 192.168.33.n)
>>>>>>>> 192.168.33.1
>>>>>>>> |
>>>>>>>> RRAS
>>>>>>>> 192.168.33.n dg 192.168.33.1
>>>>>>>> |
>>>>>>>> 192.168.33.x dg 192.168.33.1
>>>>>>>>
>>>>>>>> Site B
>>>>>>>>
>>>>>>>>
>>>>>>>> "msnews.microsoft.com" <(E-Mail Removed)> wrote in message
>>>>>>>> news:%(E-Mail Removed)...
>>>>>>>>> Hello, I was wondering if someone could help. I am trying to
>>>>>>>>> configure a demand dial interface using RRAS and not using ISA. I
>>>>>>>>> have a standard linksys on remote and local networks. The servers
>>>>>>>>> then sit behind the router as a standard client like all other
>>>>>>>>> computers. I then want to initiate a demand dial VPN to remote
>>>>>>>>> network (persistent) and allow the client to beable to use the
>>>>>>>>> RRAS demand dial connection as a router. I do not want the
>>>>>>>>> clients to be behind the server in a NAT environment as I think it
>>>>>>>>> just complicates things. I created the demand dial interface VPN
>>>>>>>>> and connects perfectly fine. The server locally can ping
>>>>>>>>> internally and externally on both networks. I then add a route
>>>>>>>>> add that tells the clients to use the server NIC when exiting to
>>>>>>>>> the remote network. I can ping the local server's IP assigned by
>>>>>>>>> the remote server, but my clients cannot ping beyond this point.
>>>>>>>>> Any help would be greatly appreciated. Thanks.
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>