| Home | Register | Members | Search | Links |
 |
| Thread Tools | Display Modes |
|
Guest
Posts: n/a
|
|
|
|
||
|
|
| |
|
Guest
Posts: n/a
|
That is what I would expect. Although you initially connect to a public
IP, the VPN connection is effectively to your private LAN, because the private traffic is tunnelled through the Internet and the DMZ. (In other words, the traffic is encrypted and encapsulated until it reaches the VPN server.) Can you access machines on the DMZ from your private LAN? "Henry" <(E-Mail Removed)> wrote in message news  332FDA0-3B06-421C-A00D-(E-Mail Removed)...> I'm having problems accessing DMZ addresses when I'm connected to our > Windows > PPTP VPN. Machines on the LAN can be accessed w/o any problems and I also > have internet connectivity. I assume that it might be a routing issue. > Here's the current setup: > > - VPN Server has 2 NICs (LAN 10.0.3../DMZ 192.168.4..) > - Clients connect to a publlic address which resolves to the DMZ address > for > the VPN Server. > - VPN clients gets assigned an IP address from a DHCP server on our LAN > (10.0.3..) > > Here's a copy of the routing table when I'm connected to to the VPN: > > ================================================== ========================= > Interface List > 14 ........................... VPN Connection > 8 ...00 30 1b ba 3e a5 ...... Broadcom NetLink (TM) Gigabit Ethernet > 1 ........................... Software Loopback Interface 1 > 9 ...00 00 00 00 00 00 00 e0 isatap.hsd1.ma.comcast.net. > 10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface > 15 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 > ================================================== ========================= > > IPv4 Route Table > ================================================== ========================= > Active Routes: > Network Destination Netmask Gateway Interface > Metric > 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 4245 > 0.0.0.0 0.0.0.0 On-link 10.0.3.37 21 > 10.0.3.37 255.255.255.255 On-link 10.0.3.37 276 > 127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531 > 127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531 > 127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531 > 192.168.1.0 255.255.255.0 On-link 192.168.1.100 4501 > 192.168.1.100 255.255.255.255 On-link 192.168.1.100 4501 > 192.168.1.255 255.255.255.255 On-link 192.168.1.100 4501 > 209.31.138.54 255.255.255.255 192.168.1.1 192.168.1.100 4246 > 224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531 > 224.0.0.0 240.0.0.0 On-link 192.168.1.100 4502 > 224.0.0.0 240.0.0.0 On-link 10.0.3.37 21 > 255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531 > 255.255.255.255 255.255.255.255 On-link 192.168.1.100 4501 > 255.255.255.255 255.255.255.255 On-link 10.0.3.37 276 > ================================================== ========================= > Persistent Routes: > None > > IPv6 Route Table > ================================================== ========================= > Active Routes: > If Metric Network Destination Gateway > 1 306 ::1/128 On-link > 8 276 fe80::/64 On-link > 15 281 fe80::5efe:10.0.3.37/128 On-link > 9 281 fe80::5efe:192.168.1.100/128 > On-link > 8 276 fe80::ad0b:7b74:ddc7:be67/128 > On-link > 1 306 ff00::/8 On-link > 8 276 ff00::/8 On-link > ================================================== ========================= > Persistent Routes: > None > > Thanks in advance. > |
|
|
|
|
|||
|
Guest
Posts: n/a
|
Yes, I can hit the DMZ from the private lan... the only problem is that I
can't hit it when I'm connected to the vpn. Any ideas how I can go about fixing this issue? "Bill Grant" wrote: > That is what I would expect. Although you initially connect to a public > IP, the VPN connection is effectively to your private LAN, because the > private traffic is tunnelled through the Internet and the DMZ. (In other > words, the traffic is encrypted and encapsulated until it reaches the VPN > server.) > > Can you access machines on the DMZ from your private LAN? > > "Henry" <(E-Mail Removed)> wrote in message > news 332FDA0-3B06-421C-A00D-(E-Mail Removed)...> > I'm having problems accessing DMZ addresses when I'm connected to our > > Windows > > PPTP VPN. Machines on the LAN can be accessed w/o any problems and I also > > have internet connectivity. I assume that it might be a routing issue. > > Here's the current setup: > > > > - VPN Server has 2 NICs (LAN 10.0.3../DMZ 192.168.4..) > > - Clients connect to a publlic address which resolves to the DMZ address > > for > > the VPN Server. > > - VPN clients gets assigned an IP address from a DHCP server on our LAN > > (10.0.3..) > > > > Here's a copy of the routing table when I'm connected to to the VPN: > > > > ================================================== ========================= > > Interface List > > 14 ........................... VPN Connection > > 8 ...00 30 1b ba 3e a5 ...... Broadcom NetLink (TM) Gigabit Ethernet > > 1 ........................... Software Loopback Interface 1 > > 9 ...00 00 00 00 00 00 00 e0 isatap.hsd1.ma.comcast.net. > > 10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface > > 15 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 > > ================================================== ========================= > > > > IPv4 Route Table > > ================================================== ========================= > > Active Routes: > > Network Destination Netmask Gateway Interface > > Metric > > 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 4245 > > 0.0.0.0 0.0.0.0 On-link 10.0.3.37 21 > > 10.0.3.37 255.255.255.255 On-link 10.0.3.37 276 > > 127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531 > > 127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531 > > 127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531 > > 192.168.1.0 255.255.255.0 On-link 192.168.1.100 4501 > > 192.168.1.100 255.255.255.255 On-link 192.168.1.100 4501 > > 192.168.1.255 255.255.255.255 On-link 192.168.1.100 4501 > > 209.31.138.54 255.255.255.255 192.168.1.1 192.168.1.100 4246 > > 224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531 > > 224.0.0.0 240.0.0.0 On-link 192.168.1.100 4502 > > 224.0.0.0 240.0.0.0 On-link 10.0.3.37 21 > > 255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531 > > 255.255.255.255 255.255.255.255 On-link 192.168.1.100 4501 > > 255.255.255.255 255.255.255.255 On-link 10.0.3.37 276 > > ================================================== ========================= > > Persistent Routes: > > None > > > > IPv6 Route Table > > ================================================== ========================= > > Active Routes: > > If Metric Network Destination Gateway > > 1 306 ::1/128 On-link > > 8 276 fe80::/64 On-link > > 15 281 fe80::5efe:10.0.3.37/128 On-link > > 9 281 fe80::5efe:192.168.1.100/128 > > On-link > > 8 276 fe80::ad0b:7b74:ddc7:be67/128 > > On-link > > 1 306 ff00::/8 On-link > > 8 276 ff00::/8 On-link > > ================================================== ========================= > > Persistent Routes: > > None > > > > Thanks in advance. > > > > > |
|
|
|
|
|||
|
Guest
Posts: n/a
|
My guess is that it is related to your use of on-subnet addressing (ie the
remote user gets an IP in the same IP subnet as the LAN machines). What happens when you use that is that the VPN server acts as a proxy for the remote and does proxy ARP on the LAN. This usually works OK, but it is not a good idea in a routed network. (Also some switches don't handle proxy ARP too well). It was really intended to allow remote access to a simple LAN (so that the sysadmin didn't have to know how routing worked). I would use off-subnet addressing for the remotes. That is, put the remotes in their own IP subnet (using a static pool rather than DHCP) and route that subnet through the VPN server. You can then add specific routing to get that subnet to/from the DMZ. "Bill Grant" <not.available@online> wrote in message news:%(E-Mail Removed)... > That is what I would expect. Although you initially connect to a public > IP, the VPN connection is effectively to your private LAN, because the > private traffic is tunnelled through the Internet and the DMZ. (In other > words, the traffic is encrypted and encapsulated until it reaches the VPN > server.) > > Can you access machines on the DMZ from your private LAN? > > "Henry" <(E-Mail Removed)> wrote in message > news 332FDA0-3B06-421C-A00D-(E-Mail Removed)...>> I'm having problems accessing DMZ addresses when I'm connected to our >> Windows >> PPTP VPN. Machines on the LAN can be accessed w/o any problems and I >> also >> have internet connectivity. I assume that it might be a routing issue. >> Here's the current setup: >> >> - VPN Server has 2 NICs (LAN 10.0.3../DMZ 192.168.4..) >> - Clients connect to a publlic address which resolves to the DMZ address >> for >> the VPN Server. >> - VPN clients gets assigned an IP address from a DHCP server on our LAN >> (10.0.3..) >> >> Here's a copy of the routing table when I'm connected to to the VPN: >> >> ================================================== ========================= >> Interface List >> 14 ........................... VPN Connection >> 8 ...00 30 1b ba 3e a5 ...... Broadcom NetLink (TM) Gigabit Ethernet >> 1 ........................... Software Loopback Interface 1 >> 9 ...00 00 00 00 00 00 00 e0 isatap.hsd1.ma.comcast.net. >> 10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface >> 15 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 >> ================================================== ========================= >> >> IPv4 Route Table >> ================================================== ========================= >> Active Routes: >> Network Destination Netmask Gateway Interface >> Metric >> 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 >> 4245 >> 0.0.0.0 0.0.0.0 On-link 10.0.3.37 >> 21 >> 10.0.3.37 255.255.255.255 On-link 10.0.3.37 >> 276 >> 127.0.0.0 255.0.0.0 On-link 127.0.0.1 >> 4531 >> 127.0.0.1 255.255.255.255 On-link 127.0.0.1 >> 4531 >> 127.255.255.255 255.255.255.255 On-link 127.0.0.1 >> 4531 >> 192.168.1.0 255.255.255.0 On-link 192.168.1.100 >> 4501 >> 192.168.1.100 255.255.255.255 On-link 192.168.1.100 >> 4501 >> 192.168.1.255 255.255.255.255 On-link 192.168.1.100 >> 4501 >> 209.31.138.54 255.255.255.255 192.168.1.1 192.168.1.100 >> 4246 >> 224.0.0.0 240.0.0.0 On-link 127.0.0.1 >> 4531 >> 224.0.0.0 240.0.0.0 On-link 192.168.1.100 >> 4502 >> 224.0.0.0 240.0.0.0 On-link 10.0.3.37 >> 21 >> 255.255.255.255 255.255.255.255 On-link 127.0.0.1 >> 4531 >> 255.255.255.255 255.255.255.255 On-link 192.168.1.100 >> 4501 >> 255.255.255.255 255.255.255.255 On-link 10.0.3.37 >> 276 >> ================================================== ========================= >> Persistent Routes: >> None >> >> IPv6 Route Table >> ================================================== ========================= >> Active Routes: >> If Metric Network Destination Gateway >> 1 306 ::1/128 On-link >> 8 276 fe80::/64 On-link >> 15 281 fe80::5efe:10.0.3.37/128 On-link >> 9 281 fe80::5efe:192.168.1.100/128 >> On-link >> 8 276 fe80::ad0b:7b74:ddc7:be67/128 >> On-link >> 1 306 ff00::/8 On-link >> 8 276 ff00::/8 On-link >> ================================================== ========================= >> Persistent Routes: >> None >> >> Thanks in advance. >> > > |
|
|
|
|
|||
|
|
| |
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Routing - Computers on either subnet have problems finding PCs on the other subnet | ZZYZX | Windows Networking | 2 | 03-26-2011 01:01 AM |
| Detecting unused IP addresses in a subnet using ping? | dkarthik@gmail.com | Linux Networking | 5 | 07-10-2008 06:48 AM |
| Prevent users from accessing local subnet while VPN'ed in? | Trevor | Windows Networking | 2 | 03-16-2006 11:00 PM |
| Accessing another subnet | Schipp01 | Broadband Hardware | 0 | 07-08-2004 02:32 PM |
| accessing VPN PPTP ADSL via the Linksys BEFW11S4 | Steve H | Wireless Internet | 0 | 10-04-2003 01:21 PM |
Linear Mode
