Route to remote subnet via VPN dian in

Hello,

My network setup is ...

Laptop - MS VPN dial up to a Cisco Router - Assigned IP
192.168.120.200 / NM 255.255.255.255 / GW 192.168.120.200

With this I can access everything in the 192.168.120.x range

The Cisco at the above range also makes a Site to Site VPN connection
to a remote branch 192.168.121.x

I would like to be able to access 192.168.121.4 in that range from the
VPN dial in.

Could someone offer some advise as to the best way to do this?

Thanks,
Jon

Assuming the Cisco VPN setup correctly, you need to make sure the traffic to 192.168.120.x also go to gateway 192.168.120.200. These links may help,
routing issues on vpn
Resolution: When establishing VPN to the office A, the routing table changes. To fix this issue, disable the "Use default gateway on remote network"" on the ...
http://www.chicagotech.net/routingissuesonvpn.htm - Similar pages

Routing
Analysis 1: before changing the route table, any computers in 192.168.2.0 can access the resources on 10.0.0.0 network and the Internet because all traffic ...
http://www.chicagotech.net/routing.htm - Similar pages

routing - how to
For example, the Generic Routing Encapsulation (GRE) IP protocol (protocol number 47) is added to the table: set nat entry add 10.0.0.50 0 103.1.1.1 0 47. ...
http://www.chicagotech.net/routinghowto.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Jon" <(E-Mail Removed)> wrote in message news:(E-Mail Removed) oups.com...
Hello,

My network setup is ...

Laptop - MS VPN dial up to a Cisco Router - Assigned IP
192.168.120.200 / NM 255.255.255.255 / GW 192.168.120.200

With this I can access everything in the 192.168.120.x range

The Cisco at the above range also makes a Site to Site VPN connection
to a remote branch 192.168.121.x

I would like to be able to access 192.168.121.4 in that range from the
VPN dial in.

Could someone offer some advise as to the best way to do this?

Thanks,
Jon

Hi Bob,

Many thanks for the reply. I'm afraid I can see the answer in the
links that you posted. I assumed that it would be some sort of route
add statement that I'd need to put in the laptop?

Thanks,
Jon

On Aug 11, 5:25 pm, "Robert L [MVP - Networking]"
<nore...@hotmail.com> wrote:
> Assuming the Cisco VPN setup correctly, you need to make sure the traffic to 192.168.120.x also go to gateway 192.168.120.200. These links may help,
> routing issues on vpn
> Resolution: When establishing VPN to the office A, the routing table changes. To fix this issue, disable the "Use default gateway on remote network"" on the ...
> http://www.chicagotech.net/routingissuesonvpn.htm- Similar pages
>
> Routing
> Analysis 1: before changing the route table, any computers in 192.168.2.0 can access the resources on 10.0.0.0 network and the Internet because all traffic ...
> http://www.chicagotech.net/routing.htm- Similar pages
>
> routing - how to
> For example, the Generic Routing Encapsulation (GRE) IP protocol (protocol number 47) is added to the table: set nat entry add 10.0.0.50 0 103.1.1.1 0 47. ...
> http://www.chicagotech.net/routinghowto.htm
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting onhttp://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access onhttp://www.HowToNetworking.com
> "Jon" <googlegro...@jon-lamb.co.uk> wrote in messagenews:(E-Mail Removed) ooglegroups.com...
> Hello,
>
> My network setup is ...
>
> Laptop - MS VPN dial up to a Cisco Router - Assigned IP
> 192.168.120.200 / NM 255.255.255.255 / GW 192.168.120.200
>
> With this I can access everything in the 192.168.120.x range
>
> The Cisco at the above range also makes a Site to Site VPN connection
> to a remote branch 192.168.121.x
>
> I would like to be able to access 192.168.121.4 in that range from the
> VPN dial in.
>
> Could someone offer some advise as to the best way to do this?
>
> Thanks,
> Jon

Sorry, sunday morning typing ... that should be cant see the answer

On Aug 12, 9:40 am, Jon <googlegro...@jon-lamb.co.uk> wrote:
> Hi Bob,
>
> Many thanks for the reply. I'm afraid I can see the answer in the
> links that you posted. I assumed that it would be some sort of route
> add statement that I'd need to put in the laptop?
>
> Thanks,
> Jon
>
> On Aug 11, 5:25 pm, "Robert L [MVP - Networking]"
>
> <nore...@hotmail.com> wrote:
> > Assuming the Cisco VPN setup correctly, you need to make sure the traffic to 192.168.120.x also go to gateway 192.168.120.200. These links may help,
> > routing issues on vpn
> > Resolution: When establishing VPN to the office A, the routing table changes. To fix this issue, disable the "Use default gateway on remote network"" on the ...
> > http://www.chicagotech.net/routingis...pn.htm-Similar pages
>
> > Routing
> > Analysis 1: before changing the route table, any computers in 192.168.2.0 can access the resources on 10.0.0.0 network and the Internet because all traffic ...
> > http://www.chicagotech.net/routing.htm-Similar pages
>
> > routing - how to
> > For example, the Generic Routing Encapsulation (GRE) IP protocol (protocol number 47) is added to the table: set nat entry add 10.0.0.50 0 103.1.1.1 0 47. ...
> > http://www.chicagotech.net/routinghowto.htm
>
> > Bob Lin, MS-MVP, MCSE & CNE
> > Networking, Internet, Routing, VPN Troubleshooting onhttp://www.ChicagoTech.net
> > How to Setup Windows, Network, VPN & Remote Access onhttp://www.HowToNetworking.com
> > "Jon" <googlegro...@jon-lamb.co.uk> wrote in messagenews:(E-Mail Removed) ooglegroups.com...
> > Hello,
>
> > My network setup is ...
>
> > Laptop - MS VPN dial up to a Cisco Router - Assigned IP
> > 192.168.120.200 / NM 255.255.255.255 / GW 192.168.120.200
>
> > With this I can access everything in the 192.168.120.x range
>
> > The Cisco at the above range also makes a Site to Site VPN connection
> > to a remote branch 192.168.121.x
>
> > I would like to be able to access 192.168.121.4 in that range from the
> > VPN dial in.
>
> > Could someone offer some advise as to the best way to do this?
>
> > Thanks,
> > Jon

This link should give you some example,

RoutingAnalysis 1: before changing the route table, any computers in 192.168.2.0 can access the resources on 10.0.0.0 network and the Internet because all traffic ...
http://www.chicagotech.net/routing.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Jon" <(E-Mail Removed)> wrote in message news:(E-Mail Removed) ups.com...
Sorry, sunday morning typing ... that should be cant see the answer

On Aug 12, 9:40 am, Jon <googlegro...@jon-lamb.co.uk> wrote:
> Hi Bob,
>
> Many thanks for the reply. I'm afraid I can see the answer in the
> links that you posted. I assumed that it would be some sort of route
> add statement that I'd need to put in the laptop?
>
> Thanks,
> Jon
>
> On Aug 11, 5:25 pm, "Robert L [MVP - Networking]"
>
> <nore...@hotmail.com> wrote:
> > Assuming the Cisco VPN setup correctly, you need to make sure the traffic to 192.168.120.x also go to gateway 192.168.120.200. These links may help,
> > routing issues on vpn
> > Resolution: When establishing VPN to the office A, the routing table changes. To fix this issue, disable the "Use default gateway on remote network"" on the ...
> > http://www.chicagotech.net/routingis...pn.htm-Similar pages
>
> > Routing
> > Analysis 1: before changing the route table, any computers in 192.168.2.0 can access the resources on 10.0.0.0 network and the Internet because all traffic ...
> > http://www.chicagotech.net/routing.htm-Similar pages
>
> > routing - how to
> > For example, the Generic Routing Encapsulation (GRE) IP protocol (protocol number 47) is added to the table: set nat entry add 10.0.0.50 0 103.1.1.1 0 47. ...
> > http://www.chicagotech.net/routinghowto.htm
>
> > Bob Lin, MS-MVP, MCSE & CNE
> > Networking, Internet, Routing, VPN Troubleshooting onhttp://www.ChicagoTech.net
> > How to Setup Windows, Network, VPN & Remote Access onhttp://www.HowToNetworking.com
> > "Jon" <googlegro...@jon-lamb.co.uk> wrote in messagenews:(E-Mail Removed) ooglegroups.com...
> > Hello,
>
> > My network setup is ...
>
> > Laptop - MS VPN dial up to a Cisco Router - Assigned IP
> > 192.168.120.200 / NM 255.255.255.255 / GW 192.168.120.200
>
> > With this I can access everything in the 192.168.120.x range
>
> > The Cisco at the above range also makes a Site to Site VPN connection
> > to a remote branch 192.168.121.x
>
> > I would like to be able to access 192.168.121.4 in that range from the
> > VPN dial in.
>
> > Could someone offer some advise as to the best way to do this?
>
> > Thanks,
> > Jon

This is a tricky problem and you will not necessarily be able to fix it
by making changes at your end.

In theory it should just work. If the client is set to send all traffic
over the VPN (ie the VPN link is the default gateway, which is the case),
there is nothing else you can do on the client machine.

The problems arise at the VPN server end. The Ciscos know how to handle
routing between the two sites. Traffic coming from the LAN is routed through
the site to site link correctly. But traffic coming from your dialup-type
VPN client may not be handled in the same way as normal LAN traffic. On
subnet addressing (ie giving the remote client an IP address in the same IP
subnet as the LAN) works fine on the LAN but can cause problems with routing
beyond that.

The Cisco at the 192.168.121 site will be able to handle it OK. It will
send traffic for you back over the site to site link because of the
192.168.120 IP address. It is the Cisco at the 192.168.120 end which may
have problems sorting out the remote client traffic from the LAN client
traffic.

You may need to put your dialup VPN in its own subnet (ie use off subnet
addresses) and specifically route this subnet through the site to site link.

"Robert L [MVP - Networking]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
This link should give you some example,

RoutingAnalysis 1: before changing the route table, any computers in
192.168.2.0 can access the resources on 10.0.0.0 network and the Internet
because all traffic ...
http://www.chicagotech.net/routing.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"Jon" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
Sorry, sunday morning typing ... that should be cant see the answer

On Aug 12, 9:40 am, Jon <googlegro...@jon-lamb.co.uk> wrote:
> Hi Bob,
>
> Many thanks for the reply. I'm afraid I can see the answer in the
> links that you posted. I assumed that it would be some sort of route
> add statement that I'd need to put in the laptop?
>
> Thanks,
> Jon
>
> On Aug 11, 5:25 pm, "Robert L [MVP - Networking]"
>
> <nore...@hotmail.com> wrote:
> > Assuming the Cisco VPN setup correctly, you need to make sure the
traffic to 192.168.120.x also go to gateway 192.168.120.200. These links may
help,
> > routing issues on vpn
> > Resolution: When establishing VPN to the office A, the routing
table changes. To fix this issue, disable the "Use default gateway on remote
network"" on the ...
> > http://www.chicagotech.net/routingis...pn.htm-Similar pages
>
> > Routing
> > Analysis 1: before changing the route table, any computers in
192.168.2.0 can access the resources on 10.0.0.0 network and the Internet
because all traffic ...
> > http://www.chicagotech.net/routing.htm-Similar pages
>
> > routing - how to
> > For example, the Generic Routing Encapsulation (GRE) IP protocol
(protocol number 47) is added to the table: set nat entry add 10.0.0.50 0
103.1.1.1 0 47. ...
> > http://www.chicagotech.net/routinghowto.htm
>
> > Bob Lin, MS-MVP, MCSE & CNE
> > Networking, Internet, Routing, VPN Troubleshooting
onhttp://www.ChicagoTech.net
> > How to Setup Windows, Network, VPN & Remote Access
onhttp://www.HowToNetworking.com
> > "Jon" <googlegro...@jon-lamb.co.uk> wrote in
messagenews:(E-Mail Removed) ooglegroups.com...
> > Hello,
>
> > My network setup is ...
>
> > Laptop - MS VPN dial up to a Cisco Router - Assigned IP
> > 192.168.120.200 / NM 255.255.255.255 / GW 192.168.120.200
>
> > With this I can access everything in the 192.168.120.x range
>
> > The Cisco at the above range also makes a Site to Site VPN
connection
> > to a remote branch 192.168.121.x
>
> > I would like to be able to access 192.168.121.4 in that range from
the
> > VPN dial in.
>
> > Could someone offer some advise as to the best way to do this?
>
> > Thanks,
> > Jon

Sorry, Bob. I should have linked this to Jon's posting, not yours.

"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
> This is a tricky problem and you will not necessarily be able to fix it
> by making changes at your end.
>
> In theory it should just work. If the client is set to send all traffic
> over the VPN (ie the VPN link is the default gateway, which is the case),
> there is nothing else you can do on the client machine.
>
> The problems arise at the VPN server end. The Ciscos know how to handle
> routing between the two sites. Traffic coming from the LAN is routed
> through the site to site link correctly. But traffic coming from your
> dialup-type VPN client may not be handled in the same way as normal LAN
> traffic. On subnet addressing (ie giving the remote client an IP address
> in the same IP subnet as the LAN) works fine on the LAN but can cause
> problems with routing beyond that.
>
> The Cisco at the 192.168.121 site will be able to handle it OK. It will
> send traffic for you back over the site to site link because of the
> 192.168.120 IP address. It is the Cisco at the 192.168.120 end which may
> have problems sorting out the remote client traffic from the LAN client
> traffic.
>
> You may need to put your dialup VPN in its own subnet (ie use off
> subnet addresses) and specifically route this subnet through the site to
> site link.
>
> "Robert L [MVP - Networking]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> This link should give you some example,
>
> RoutingAnalysis 1: before changing the route table, any computers in
> 192.168.2.0 can access the resources on 10.0.0.0 network and the Internet
> because all traffic ...
> http://www.chicagotech.net/routing.htm
>
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
> "Jon" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ups.com...
> Sorry, sunday morning typing ... that should be cant see the answer
>
> On Aug 12, 9:40 am, Jon <googlegro...@jon-lamb.co.uk> wrote:
> > Hi Bob,
> >
> > Many thanks for the reply. I'm afraid I can see the answer in the
> > links that you posted. I assumed that it would be some sort of route
> > add statement that I'd need to put in the laptop?
> >
> > Thanks,
> > Jon
> >
> > On Aug 11, 5:25 pm, "Robert L [MVP - Networking]"
> >
> > <nore...@hotmail.com> wrote:
> > > Assuming the Cisco VPN setup correctly, you need to make sure the
> traffic to 192.168.120.x also go to gateway 192.168.120.200. These links
> may help,
> > > routing issues on vpn
> > > Resolution: When establishing VPN to the office A, the routing
> table changes. To fix this issue, disable the "Use default gateway on
> remote network"" on the ...
> > > http://www.chicagotech.net/routingis...pn.htm-Similar pages
> >
> > > Routing
> > > Analysis 1: before changing the route table, any computers in
> 192.168.2.0 can access the resources on 10.0.0.0 network and the Internet
> because all traffic ...
> > > http://www.chicagotech.net/routing.htm-Similar pages
> >
> > > routing - how to
> > > For example, the Generic Routing Encapsulation (GRE) IP
> protocol (protocol number 47) is added to the table: set nat entry add
> 10.0.0.50 0 103.1.1.1 0 47. ...
> > > http://www.chicagotech.net/routinghowto.htm
> >
> > > Bob Lin, MS-MVP, MCSE & CNE
> > > Networking, Internet, Routing, VPN Troubleshooting
> onhttp://www.ChicagoTech.net
> > > How to Setup Windows, Network, VPN & Remote Access
> onhttp://www.HowToNetworking.com
> > > "Jon" <googlegro...@jon-lamb.co.uk> wrote in
> messagenews:(E-Mail Removed) ooglegroups.com...
> > > Hello,
> >
> > > My network setup is ...
> >
> > > Laptop - MS VPN dial up to a Cisco Router - Assigned IP
> > > 192.168.120.200 / NM 255.255.255.255 / GW 192.168.120.200
> >
> > > With this I can access everything in the 192.168.120.x range
> >
> > > The Cisco at the above range also makes a Site to Site VPN
> connection
> > > to a remote branch 192.168.121.x
> >
> > > I would like to be able to access 192.168.121.4 in that range from
> the
> > > VPN dial in.
> >
> > > Could someone offer some advise as to the best way to do this?
> >
> > > Thanks,
> > > Jon
>
>
>

Bill,

That is OK. All we want to do is help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Bill Grant" <not.available@online> wrote in message news:(E-Mail Removed)...
Sorry, Bob. I should have linked this to Jon's posting, not yours.

"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
> This is a tricky problem and you will not necessarily be able to fix it
> by making changes at your end.
>
> In theory it should just work. If the client is set to send all traffic
> over the VPN (ie the VPN link is the default gateway, which is the case),
> there is nothing else you can do on the client machine.
>
> The problems arise at the VPN server end. The Ciscos know how to handle
> routing between the two sites. Traffic coming from the LAN is routed
> through the site to site link correctly. But traffic coming from your
> dialup-type VPN client may not be handled in the same way as normal LAN
> traffic. On subnet addressing (ie giving the remote client an IP address
> in the same IP subnet as the LAN) works fine on the LAN but can cause
> problems with routing beyond that.
>
> The Cisco at the 192.168.121 site will be able to handle it OK. It will
> send traffic for you back over the site to site link because of the
> 192.168.120 IP address. It is the Cisco at the 192.168.120 end which may
> have problems sorting out the remote client traffic from the LAN client
> traffic.
>
> You may need to put your dialup VPN in its own subnet (ie use off
> subnet addresses) and specifically route this subnet through the site to
> site link.
>
> "Robert L [MVP - Networking]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> This link should give you some example,
>
> RoutingAnalysis 1: before changing the route table, any computers in
> 192.168.2.0 can access the resources on 10.0.0.0 network and the Internet
> because all traffic ...
> http://www.chicagotech.net/routing.htm
>
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
> "Jon" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ups.com...
> Sorry, sunday morning typing ... that should be cant see the answer
>
> On Aug 12, 9:40 am, Jon <googlegro...@jon-lamb.co.uk> wrote:
> > Hi Bob,
> >
> > Many thanks for the reply. I'm afraid I can see the answer in the
> > links that you posted. I assumed that it would be some sort of route
> > add statement that I'd need to put in the laptop?
> >
> > Thanks,
> > Jon
> >
> > On Aug 11, 5:25 pm, "Robert L [MVP - Networking]"
> >
> > <nore...@hotmail.com> wrote:
> > > Assuming the Cisco VPN setup correctly, you need to make sure the
> traffic to 192.168.120.x also go to gateway 192.168.120.200. These links
> may help,
> > > routing issues on vpn
> > > Resolution: When establishing VPN to the office A, the routing
> table changes. To fix this issue, disable the "Use default gateway on
> remote network"" on the ...
> > > http://www.chicagotech.net/routingis...pn.htm-Similar pages
> >
> > > Routing
> > > Analysis 1: before changing the route table, any computers in
> 192.168.2.0 can access the resources on 10.0.0.0 network and the Internet
> because all traffic ...
> > > http://www.chicagotech.net/routing.htm-Similar pages
> >
> > > routing - how to
> > > For example, the Generic Routing Encapsulation (GRE) IP
> protocol (protocol number 47) is added to the table: set nat entry add
> 10.0.0.50 0 103.1.1.1 0 47. ...
> > > http://www.chicagotech.net/routinghowto.htm
> >
> > > Bob Lin, MS-MVP, MCSE & CNE
> > > Networking, Internet, Routing, VPN Troubleshooting
> onhttp://www.ChicagoTech.net
> > > How to Setup Windows, Network, VPN & Remote Access
> onhttp://www.HowToNetworking.com
> > > "Jon" <googlegro...@jon-lamb.co.uk> wrote in
> messagenews:(E-Mail Removed) ooglegroups.com...
> > > Hello,
> >
> > > My network setup is ...
> >
> > > Laptop - MS VPN dial up to a Cisco Router - Assigned IP
> > > 192.168.120.200 / NM 255.255.255.255 / GW 192.168.120.200
> >
> > > With this I can access everything in the 192.168.120.x range
> >
> > > The Cisco at the above range also makes a Site to Site VPN
> connection
> > > to a remote branch 192.168.121.x
> >
> > > I would like to be able to access 192.168.121.4 in that range from
> the
> > > VPN dial in.
> >
> > > Could someone offer some advise as to the best way to do this?
> >
> > > Thanks,
> > > Jon
>
>
>