route trafic from external to internal adapter

This is (simplified) setup:

10.1.1.1 default gateway
|
HUB ----- 10.1.1.X - subnet with workgroup clients
|
10.1.1.2 as "external IP of SBS server
|
192.168.30.10 as internal IP of SBS server
|
HUB
|
192.168.30.11 Terminal server IP address

I know that setup is not very clever, but that is what I inherited and can
not change.
The question is how to allow trafic originating from 10.1.1.X subnet to
reach 192.168.30.11 (terminal server)

Regards,
Alex

The first thing you have to do is enable IP routing on the server, so
that it can forward the traffic. The next thing you need to do is add extra
routing to get the traffic to the internal router.

The routing would look like this.

Internet
|
gateway
10.1.1.1
|
workstations
10.1.1.x dg 10.1.1.1
|
10.1.1.2 dg 10.1.1.1
server
192.168.30.10 dg blank
|
192.168.30.11 dg 192.168.30.10

To get the traffic from 10.1.1 to 192.168.30. you need to add a
static route to the gateway router.

192.168.30.0 255.255.255.0 10.1.1.2

If for some reason you can't add this to the gateway router you will
need to add it to every client in the 10.1.1 subnet which needs to access
the TS in 192.168.

"Alex" <(E-Mail Removed)> wrote in message
news:89CBEFEF-2499-49A7-B5F3-(E-Mail Removed)...
> This is (simplified) setup:
>
> 10.1.1.1 default gateway
> |
> HUB ----- 10.1.1.X - subnet with workgroup clients
> |
> 10.1.1.2 as "external IP of SBS server
> |
> 192.168.30.10 as internal IP of SBS server
> |
> HUB
> |
> 192.168.30.11 Terminal server IP address
>
> I know that setup is not very clever, but that is what I inherited and can
> not change.
> The question is how to allow trafic originating from 10.1.1.X subnet to
> reach 192.168.30.11 (terminal server)
>
> Regards,
> Alex

Hi Bill,
Thanks for your answer.
I have Cisco 877 router on that site and that one has static route to
192.168.30.X setup.
I have RRAS active on a SBS server and no firewall software I know of.
One of the concerns is the following:
When I traceroute from 10.1.1.1 cisco router to 192.168.30.10, I am geting
no IP addresses showing in path. I presume 10.1.1.2 is suppose to show as a
step in a path, but I can not see it. Is that because Cisco router is not
routing to the right gateway or because some block exists on SBS external
interface (10.1.1.2)?
Unfortunately, the site is far away and i do not have access to it. I also
have no remote access to 10.1.1.X workstations (no credentials to log on).

Regards,
Alex



"Bill Grant" wrote:

> The first thing you have to do is enable IP routing on the server, so
> that it can forward the traffic. The next thing you need to do is add extra
> routing to get the traffic to the internal router.
>
> The routing would look like this.
>
> Internet
> |
> gateway
> 10.1.1.1
> |
> workstations
> 10.1.1.x dg 10.1.1.1
> |
> 10.1.1.2 dg 10.1.1.1
> server
> 192.168.30.10 dg blank
> |
> 192.168.30.11 dg 192.168.30.10
>
> To get the traffic from 10.1.1 to 192.168.30. you need to add a
> static route to the gateway router.
>
> 192.168.30.0 255.255.255.0 10.1.1.2
>
> If for some reason you can't add this to the gateway router you will
> need to add it to every client in the 10.1.1 subnet which needs to access
> the TS in 192.168.
>
> "Alex" <(E-Mail Removed)> wrote in message
> news:89CBEFEF-2499-49A7-B5F3-(E-Mail Removed)...
> > This is (simplified) setup:
> >
> > 10.1.1.1 default gateway
> > |
> > HUB ----- 10.1.1.X - subnet with workgroup clients
> > |
> > 10.1.1.2 as "external IP of SBS server
> > |
> > 192.168.30.10 as internal IP of SBS server
> > |
> > HUB
> > |
> > 192.168.30.11 Terminal server IP address
> >
> > I know that setup is not very clever, but that is what I inherited and can
> > not change.
> > The question is how to allow trafic originating from 10.1.1.X subnet to
> > reach 192.168.30.11 (terminal server)
> >
> > Regards,
> > Alex
>
>
>

Sites? There was no mention of sites before. It was just two hubs. Exactly
how are these two LANs connected?

Routing is a two-way process. There must be a route (default or
specific) from A to B and also from B to A.

If the default gateway for 192.168.30.11 is to the RRAS router and the
default gateway for the RRAS router is the Cisco, routing in that direction
is fine. In the other direction, all you should need is the static route on
the Cisco to forward traffic for 192.168.30 to the RRAS router. Once it gets
to the RRAS router it will be delivered directly. If the static route on the
Cisco is correct you should be able to tracert from 10.1.1.x (including the
Cisco) to 192.168.30.11 (and yes, 10.1.1.2 should show up as a step in the
path).

"Alex" <(E-Mail Removed)> wrote in message
news:347E966A-F73E-4F2C-82BA-(E-Mail Removed)...
> Hi Bill,
> Thanks for your answer.
> I have Cisco 877 router on that site and that one has static route to
> 192.168.30.X setup.
> I have RRAS active on a SBS server and no firewall software I know of.
> One of the concerns is the following:
> When I traceroute from 10.1.1.1 cisco router to 192.168.30.10, I am geting
> no IP addresses showing in path. I presume 10.1.1.2 is suppose to show as
> a
> step in a path, but I can not see it. Is that because Cisco router is not
> routing to the right gateway or because some block exists on SBS external
> interface (10.1.1.2)?
> Unfortunately, the site is far away and i do not have access to it. I also
> have no remote access to 10.1.1.X workstations (no credentials to log on).
>
> Regards,
> Alex
>
>
>
> "Bill Grant" wrote:
>
>> The first thing you have to do is enable IP routing on the server, so
>> that it can forward the traffic. The next thing you need to do is add
>> extra
>> routing to get the traffic to the internal router.
>>
>> The routing would look like this.
>>
>> Internet
>> |
>> gateway
>> 10.1.1.1
>> |
>> workstations
>> 10.1.1.x dg 10.1.1.1
>> |
>> 10.1.1.2 dg 10.1.1.1
>> server
>> 192.168.30.10 dg blank
>> |
>> 192.168.30.11 dg 192.168.30.10
>>
>> To get the traffic from 10.1.1 to 192.168.30. you need to add a
>> static route to the gateway router.
>>
>> 192.168.30.0 255.255.255.0 10.1.1.2
>>
>> If for some reason you can't add this to the gateway router you will
>> need to add it to every client in the 10.1.1 subnet which needs to access
>> the TS in 192.168.
>>
>> "Alex" <(E-Mail Removed)> wrote in message
>> news:89CBEFEF-2499-49A7-B5F3-(E-Mail Removed)...
>> > This is (simplified) setup:
>> >
>> > 10.1.1.1 default gateway
>> > |
>> > HUB ----- 10.1.1.X - subnet with workgroup clients
>> > |
>> > 10.1.1.2 as "external IP of SBS server
>> > |
>> > 192.168.30.10 as internal IP of SBS server
>> > |
>> > HUB
>> > |
>> > 192.168.30.11 Terminal server IP address
>> >
>> > I know that setup is not very clever, but that is what I inherited and
>> > can
>> > not change.
>> > The question is how to allow trafic originating from 10.1.1.X subnet to
>> > reach 192.168.30.11 (terminal server)
>> >
>> > Regards,
>> > Alex
>>
>>
>>

Hi Bill,
Thanks for your continious help.
"Site" is the office where computers are. Both networks are in one location.
I am remoting into networks through PPTP and RDP and am on a subnet not
related to subnets in question.
It looks like routing through external adapter to internal adapter is not
possible, since external adapter is default gateway and NAT for subnet
connected to internal adapter.
Following is the replay I've got on MS Partners group:

************************************************** ******
According to your post, I understand that you have some concerns how to
make your clients from 10.1.1.x subnets connects to the terminal server in
192.168.30.0 subnet, behind o f SBS Server. If I am off-base on that,
please let me know.

First of all, based on your configuration, the SBS server act as the
gateway and proxy server for 192.168.30.x client computers. As this is a
proxy server, it cannot work as a router to route packets from 10.1.1.x to
192.168.30.x.

************************************************** ******

I still have to confirm whart was the meaning of "Proxy Server" term he
used, but if he was refering to NAT, then routing to inside is not possible.
Just to confirm here, I am not aware of SBS acting as a proxy server at
present. It is Gateway and NAT for 192.168.30.X, but no proxy.

What do you think of this answer?

Will keep you posted if more replays from MS Partner group.

Regards,
Alex




"Bill Grant" wrote:

> Sites? There was no mention of sites before. It was just two hubs. Exactly
> how are these two LANs connected?
>
> Routing is a two-way process. There must be a route (default or
> specific) from A to B and also from B to A.
>
> If the default gateway for 192.168.30.11 is to the RRAS router and the
> default gateway for the RRAS router is the Cisco, routing in that direction
> is fine. In the other direction, all you should need is the static route on
> the Cisco to forward traffic for 192.168.30 to the RRAS router. Once it gets
> to the RRAS router it will be delivered directly. If the static route on the
> Cisco is correct you should be able to tracert from 10.1.1.x (including the
> Cisco) to 192.168.30.11 (and yes, 10.1.1.2 should show up as a step in the
> path).
>
> "Alex" <(E-Mail Removed)> wrote in message
> news:347E966A-F73E-4F2C-82BA-(E-Mail Removed)...
> > Hi Bill,
> > Thanks for your answer.
> > I have Cisco 877 router on that site and that one has static route to
> > 192.168.30.X setup.
> > I have RRAS active on a SBS server and no firewall software I know of.
> > One of the concerns is the following:
> > When I traceroute from 10.1.1.1 cisco router to 192.168.30.10, I am geting
> > no IP addresses showing in path. I presume 10.1.1.2 is suppose to show as
> > a
> > step in a path, but I can not see it. Is that because Cisco router is not
> > routing to the right gateway or because some block exists on SBS external
> > interface (10.1.1.2)?
> > Unfortunately, the site is far away and i do not have access to it. I also
> > have no remote access to 10.1.1.X workstations (no credentials to log on).
> >
> > Regards,
> > Alex
> >
> >
> >
> > "Bill Grant" wrote:
> >
> >> The first thing you have to do is enable IP routing on the server, so
> >> that it can forward the traffic. The next thing you need to do is add
> >> extra
> >> routing to get the traffic to the internal router.
> >>
> >> The routing would look like this.
> >>
> >> Internet
> >> |
> >> gateway
> >> 10.1.1.1
> >> |
> >> workstations
> >> 10.1.1.x dg 10.1.1.1
> >> |
> >> 10.1.1.2 dg 10.1.1.1
> >> server
> >> 192.168.30.10 dg blank
> >> |
> >> 192.168.30.11 dg 192.168.30.10
> >>
> >> To get the traffic from 10.1.1 to 192.168.30. you need to add a
> >> static route to the gateway router.
> >>
> >> 192.168.30.0 255.255.255.0 10.1.1.2
> >>
> >> If for some reason you can't add this to the gateway router you will
> >> need to add it to every client in the 10.1.1 subnet which needs to access
> >> the TS in 192.168.
> >>
> >> "Alex" <(E-Mail Removed)> wrote in message
> >> news:89CBEFEF-2499-49A7-B5F3-(E-Mail Removed)...
> >> > This is (simplified) setup:
> >> >
> >> > 10.1.1.1 default gateway
> >> > |
> >> > HUB ----- 10.1.1.X - subnet with workgroup clients
> >> > |
> >> > 10.1.1.2 as "external IP of SBS server
> >> > |
> >> > 192.168.30.10 as internal IP of SBS server
> >> > |
> >> > HUB
> >> > |
> >> > 192.168.30.11 Terminal server IP address
> >> >
> >> > I know that setup is not very clever, but that is what I inherited and
> >> > can
> >> > not change.
> >> > The question is how to allow trafic originating from 10.1.1.X subnet to
> >> > reach 192.168.30.11 (terminal server)
> >> >
> >> > Regards,
> >> > Alex
> >>
> >>
> >>
>
>
>

Hi,

Im trying to use VPN to connect to my private network. When I print my
routing table, the VPN Gateway is equal to Interface:

0.0.0.0 0.0.0.0 172.16.1.5 172.16.1.5 1

This is right?
I cannot see my network clients using VPN.

How can I configure my VPN to use the right route?

Thanks
Daniel

That is correct. What you see is a default route to the "received" IP. All
it really means is that your default gateway is now the VPN connection.

"Daniel Correa" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> Im trying to use VPN to connect to my private network. When I print my
> routing table, the VPN Gateway is equal to Interface:
>
> 0.0.0.0 0.0.0.0 172.16.1.5 172.16.1.5 1
>
> This is right?
> I cannot see my network clients using VPN.
>
> How can I configure my VPN to use the right route?
>
> Thanks
> Daniel

Yes, proxy server is quite different from NAT. It is possible to run sbs
as a proxy server using ISA server (I think it only comes with sbs premium).

The comments on NAT are correct. You cannot access a machine on the
"private" side of a NAT from the "public" side. NAT is a one-way address
translation to allow machines on a private network to access machines on a
public network.

To access machines on the 192.168.30 subnet from 10.1.1 you need to use
normal IP routing, not NAT. You should still be able to access the Internet
from the 192.168.30 subnet. Whatever does NAT for the 10. addresses should
do it for the 192.168. addresses as well.

"Alex" <(E-Mail Removed)> wrote in message
news6D5459C-3966-4DE2-9975-(E-Mail Removed)...
> Hi Bill,
> Thanks for your continious help.
> "Site" is the office where computers are. Both networks are in one
> location.
> I am remoting into networks through PPTP and RDP and am on a subnet not
> related to subnets in question.
> It looks like routing through external adapter to internal adapter is not
> possible, since external adapter is default gateway and NAT for subnet
> connected to internal adapter.
> Following is the replay I've got on MS Partners group:
>
> ************************************************** ******
> According to your post, I understand that you have some concerns how to
> make your clients from 10.1.1.x subnets connects to the terminal server in
> 192.168.30.0 subnet, behind o f SBS Server. If I am off-base on that,
> please let me know.
>
> First of all, based on your configuration, the SBS server act as the
> gateway and proxy server for 192.168.30.x client computers. As this is a
> proxy server, it cannot work as a router to route packets from 10.1.1.x to
> 192.168.30.x.
>
> ************************************************** ******
>
> I still have to confirm whart was the meaning of "Proxy Server" term he
> used, but if he was refering to NAT, then routing to inside is not
> possible.
> Just to confirm here, I am not aware of SBS acting as a proxy server at
> present. It is Gateway and NAT for 192.168.30.X, but no proxy.
>
> What do you think of this answer?
>
> Will keep you posted if more replays from MS Partner group.
>
> Regards,
> Alex
>
>
>
>
> "Bill Grant" wrote:
>
>> Sites? There was no mention of sites before. It was just two hubs.
>> Exactly
>> how are these two LANs connected?
>>
>> Routing is a two-way process. There must be a route (default or
>> specific) from A to B and also from B to A.
>>
>> If the default gateway for 192.168.30.11 is to the RRAS router and
>> the
>> default gateway for the RRAS router is the Cisco, routing in that
>> direction
>> is fine. In the other direction, all you should need is the static route
>> on
>> the Cisco to forward traffic for 192.168.30 to the RRAS router. Once it
>> gets
>> to the RRAS router it will be delivered directly. If the static route on
>> the
>> Cisco is correct you should be able to tracert from 10.1.1.x (including
>> the
>> Cisco) to 192.168.30.11 (and yes, 10.1.1.2 should show up as a step in
>> the
>> path).
>>
>> "Alex" <(E-Mail Removed)> wrote in message
>> news:347E966A-F73E-4F2C-82BA-(E-Mail Removed)...
>> > Hi Bill,
>> > Thanks for your answer.
>> > I have Cisco 877 router on that site and that one has static route to
>> > 192.168.30.X setup.
>> > I have RRAS active on a SBS server and no firewall software I know of.
>> > One of the concerns is the following:
>> > When I traceroute from 10.1.1.1 cisco router to 192.168.30.10, I am
>> > geting
>> > no IP addresses showing in path. I presume 10.1.1.2 is suppose to show
>> > as
>> > a
>> > step in a path, but I can not see it. Is that because Cisco router is
>> > not
>> > routing to the right gateway or because some block exists on SBS
>> > external
>> > interface (10.1.1.2)?
>> > Unfortunately, the site is far away and i do not have access to it. I
>> > also
>> > have no remote access to 10.1.1.X workstations (no credentials to log
>> > on).
>> >
>> > Regards,
>> > Alex
>> >
>> >
>> >
>> > "Bill Grant" wrote:
>> >
>> >> The first thing you have to do is enable IP routing on the server,
>> >> so
>> >> that it can forward the traffic. The next thing you need to do is add
>> >> extra
>> >> routing to get the traffic to the internal router.
>> >>
>> >> The routing would look like this.
>> >>
>> >> Internet
>> >> |
>> >> gateway
>> >> 10.1.1.1
>> >> |
>> >> workstations
>> >> 10.1.1.x dg 10.1.1.1
>> >> |
>> >> 10.1.1.2 dg 10.1.1.1
>> >> server
>> >> 192.168.30.10 dg blank
>> >> |
>> >> 192.168.30.11 dg 192.168.30.10
>> >>
>> >> To get the traffic from 10.1.1 to 192.168.30. you need to add a
>> >> static route to the gateway router.
>> >>
>> >> 192.168.30.0 255.255.255.0 10.1.1.2
>> >>
>> >> If for some reason you can't add this to the gateway router you
>> >> will
>> >> need to add it to every client in the 10.1.1 subnet which needs to
>> >> access
>> >> the TS in 192.168.
>> >>
>> >> "Alex" <(E-Mail Removed)> wrote in message
>> >> news:89CBEFEF-2499-49A7-B5F3-(E-Mail Removed)...
>> >> > This is (simplified) setup:
>> >> >
>> >> > 10.1.1.1 default gateway
>> >> > |
>> >> > HUB ----- 10.1.1.X - subnet with workgroup clients
>> >> > |
>> >> > 10.1.1.2 as "external IP of SBS server
>> >> > |
>> >> > 192.168.30.10 as internal IP of SBS server
>> >> > |
>> >> > HUB
>> >> > |
>> >> > 192.168.30.11 Terminal server IP address
>> >> >
>> >> > I know that setup is not very clever, but that is what I inherited
>> >> > and
>> >> > can
>> >> > not change.
>> >> > The question is how to allow trafic originating from 10.1.1.X subnet
>> >> > to
>> >> > reach 192.168.30.11 (terminal server)
>> >> >
>> >> > Regards,
>> >> > Alex
>> >>
>> >>
>> >>
>>
>>
>>

Hi Bill,
Thanks for your support.

By MS experts on MS partner portal, SBS is not able to do what I want and
"Address Mapping" is not what they would suggest. They said the following:

************************************************** *******
The Proxy Server I mean here is the NAT. In SBS Server, once we run the
"Connect to the Internet", the SBS Server will be the NAT Server for
internal client computers. In SBS Server, you do not need the address
mapping, using the Remote Desktop feature on Remote Web Workspace is the
best option. Address Mapping in SBS Server involves more configuration and
changes on system configuration, these are not recommended option and once
we run the "Connect to the Internet" again, the settings will be removed.

************************************************** *******

Good to know this for the future reference.

At the end i've decided to make workaround with another router connected to
both, internal (192.168.30.X) and external (10.1.1.X) subnets.
The whole pictuire of the problem was as the following diagram:
http://www.sourcenet.co.nz/CSIproblem.gif
The resolution was like this:
http://www.sourcenet.co.nz/CSIresolution.gif
Router C has NAT enabled and router A has static route 192.168.30.0
255.255.255.0 10.1.1.5, so all trafic going to 192.168.30.0 comming to router
A is to be forwarded to router C.

I hope this will help someone to resolve simmilar issue.

Regards,
Alex






"Bill Grant" wrote:

> Yes, proxy server is quite different from NAT. It is possible to run sbs
> as a proxy server using ISA server (I think it only comes with sbs premium).
>
> The comments on NAT are correct. You cannot access a machine on the
> "private" side of a NAT from the "public" side. NAT is a one-way address
> translation to allow machines on a private network to access machines on a
> public network.
>
> To access machines on the 192.168.30 subnet from 10.1.1 you need to use
> normal IP routing, not NAT. You should still be able to access the Internet
> from the 192.168.30 subnet. Whatever does NAT for the 10. addresses should
> do it for the 192.168. addresses as well.
>
> "Alex" <(E-Mail Removed)> wrote in message
> news6D5459C-3966-4DE2-9975-(E-Mail Removed)...
> > Hi Bill,
> > Thanks for your continious help.
> > "Site" is the office where computers are. Both networks are in one
> > location.
> > I am remoting into networks through PPTP and RDP and am on a subnet not
> > related to subnets in question.
> > It looks like routing through external adapter to internal adapter is not
> > possible, since external adapter is default gateway and NAT for subnet
> > connected to internal adapter.
> > Following is the replay I've got on MS Partners group:
> >
> > ************************************************** ******
> > According to your post, I understand that you have some concerns how to
> > make your clients from 10.1.1.x subnets connects to the terminal server in
> > 192.168.30.0 subnet, behind o f SBS Server. If I am off-base on that,
> > please let me know.
> >
> > First of all, based on your configuration, the SBS server act as the
> > gateway and proxy server for 192.168.30.x client computers. As this is a
> > proxy server, it cannot work as a router to route packets from 10.1.1.x to
> > 192.168.30.x.
> >
> > ************************************************** ******
> >
> > I still have to confirm whart was the meaning of "Proxy Server" term he
> > used, but if he was refering to NAT, then routing to inside is not
> > possible.
> > Just to confirm here, I am not aware of SBS acting as a proxy server at
> > present. It is Gateway and NAT for 192.168.30.X, but no proxy.
> >
> > What do you think of this answer?
> >
> > Will keep you posted if more replays from MS Partner group.
> >
> > Regards,
> > Alex
> >
> >
> >
> >
> > "Bill Grant" wrote:
> >
> >> Sites? There was no mention of sites before. It was just two hubs.
> >> Exactly
> >> how are these two LANs connected?
> >>
> >> Routing is a two-way process. There must be a route (default or
> >> specific) from A to B and also from B to A.
> >>
> >> If the default gateway for 192.168.30.11 is to the RRAS router and
> >> the
> >> default gateway for the RRAS router is the Cisco, routing in that
> >> direction
> >> is fine. In the other direction, all you should need is the static route
> >> on
> >> the Cisco to forward traffic for 192.168.30 to the RRAS router. Once it
> >> gets
> >> to the RRAS router it will be delivered directly. If the static route on
> >> the
> >> Cisco is correct you should be able to tracert from 10.1.1.x (including
> >> the
> >> Cisco) to 192.168.30.11 (and yes, 10.1.1.2 should show up as a step in
> >> the
> >> path).
> >>
> >> "Alex" <(E-Mail Removed)> wrote in message
> >> news:347E966A-F73E-4F2C-82BA-(E-Mail Removed)...
> >> > Hi Bill,
> >> > Thanks for your answer.
> >> > I have Cisco 877 router on that site and that one has static route to
> >> > 192.168.30.X setup.
> >> > I have RRAS active on a SBS server and no firewall software I know of.
> >> > One of the concerns is the following:
> >> > When I traceroute from 10.1.1.1 cisco router to 192.168.30.10, I am
> >> > geting
> >> > no IP addresses showing in path. I presume 10.1.1.2 is suppose to show
> >> > as
> >> > a
> >> > step in a path, but I can not see it. Is that because Cisco router is
> >> > not
> >> > routing to the right gateway or because some block exists on SBS
> >> > external
> >> > interface (10.1.1.2)?
> >> > Unfortunately, the site is far away and i do not have access to it. I
> >> > also
> >> > have no remote access to 10.1.1.X workstations (no credentials to log
> >> > on).
> >> >
> >> > Regards,
> >> > Alex
> >> >
> >> >
> >> >
> >> > "Bill Grant" wrote:
> >> >
> >> >> The first thing you have to do is enable IP routing on the server,
> >> >> so
> >> >> that it can forward the traffic. The next thing you need to do is add
> >> >> extra
> >> >> routing to get the traffic to the internal router.
> >> >>
> >> >> The routing would look like this.
> >> >>
> >> >> Internet
> >> >> |
> >> >> gateway
> >> >> 10.1.1.1
> >> >> |
> >> >> workstations
> >> >> 10.1.1.x dg 10.1.1.1
> >> >> |
> >> >> 10.1.1.2 dg 10.1.1.1
> >> >> server
> >> >> 192.168.30.10 dg blank
> >> >> |
> >> >> 192.168.30.11 dg 192.168.30.10
> >> >>
> >> >> To get the traffic from 10.1.1 to 192.168.30. you need to add a
> >> >> static route to the gateway router.
> >> >>
> >> >> 192.168.30.0 255.255.255.0 10.1.1.2
> >> >>
> >> >> If for some reason you can't add this to the gateway router you
> >> >> will
> >> >> need to add it to every client in the 10.1.1 subnet which needs to
> >> >> access
> >> >> the TS in 192.168.
> >> >>
> >> >> "Alex" <(E-Mail Removed)> wrote in message
> >> >> news:89CBEFEF-2499-49A7-B5F3-(E-Mail Removed)...
> >> >> > This is (simplified) setup:
> >> >> >
> >> >> > 10.1.1.1 default gateway
> >> >> > |
> >> >> > HUB ----- 10.1.1.X - subnet with workgroup clients
> >> >> > |
> >> >> > 10.1.1.2 as "external IP of SBS server
> >> >> > |
> >> >> > 192.168.30.10 as internal IP of SBS server
> >> >> > |
> >> >> > HUB
> >> >> > |
> >> >> > 192.168.30.11 Terminal server IP address
> >> >> >
> >> >> > I know that setup is not very clever, but that is what I inherited
> >> >> > and
> >> >> > can
> >> >> > not change.
> >> >> > The question is how to allow trafic originating from 10.1.1.X subnet
> >> >> > to
> >> >> > reach 192.168.30.11 (terminal server)
> >> >> >
> >> >> > Regards,
> >> >> > Alex
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>

Bill, thanks for your reply.
So, why I can't access the network resources?
The only client that I can see is my machine.


Bill Grant escreveu:
> That is correct. What you see is a default route to the "received" IP. All
> it really means is that your default gateway is now the VPN connection.
>
> "Daniel Correa" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi,
>>
>> Im trying to use VPN to connect to my private network. When I print my
>> routing table, the VPN Gateway is equal to Interface:
>>
>> 0.0.0.0 0.0.0.0 172.16.1.5 172.16.1.5 1
>>
>> This is right?
>> I cannot see my network clients using VPN.
>>
>> How can I configure my VPN to use the right route?
>>
>> Thanks
>> Daniel
>
>