routing VPN traffic into local net

Hi,

I have a win2k server that has CISCO vpn client and connects to a remote vpn
server. The LAN ip is 192.168.0.x. Once vpn is connected, it gets assigned a
dynamic IP, like 10.8.1.x.
I need to route the VPN traffic onto the LAN. I think I need to setup RRAS
on the win2k server and maybe add some routing entries to the routing table.
Can someone please tell me exactly. Thanks very much.

Yi

I am not sure why you don't setup the VPN server to assign the same LAN ip
192.168.0.x. If for the security reason or the LAN is out the ip address,
add route is your option. quoted from http://www.ChicagoTech.net

Route command and examples

PRINT Prints a route - route PRINT 157* .... Only prints those matching 157*
ADD Adds a route - route ADD 157.0.0.0 MASK 255.0.0.0 157.55.80.1 METRIC 3
IF 2
DELETE Deletes a route - route DELETE 157.0.0.0
CHANGE Modifies an existing route - route CHANGE 157.0.0.0 MASK 255.0.0.0
157.55.80.5 METRIC 2 IF 2


--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Robert Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.

"speakeasy" <aaa> wrote in message
news:1_2dndMwKo87VcvcRVn-(E-Mail Removed)...
> Hi,
>
> I have a win2k server that has CISCO vpn client and connects to a remote
> vpn
> server. The LAN ip is 192.168.0.x. Once vpn is connected, it gets assigned
> a
> dynamic IP, like 10.8.1.x.
> I need to route the VPN traffic onto the LAN. I think I need to setup RRAS
> on the win2k server and maybe add some routing entries to the routing
> table.
> Can someone please tell me exactly. Thanks very much.
>
> Yi
>
>

An ordinary client-server connection isn't designed to route traffic for
the LAN behind the client. Even if you set up the routing at your end, it
will still fail. The reason is that, at the VPN server, there will only be a
host route back to the VPN client. The server will not route traffic for the
subnet behind the client through the VPN link. It only knows about the
client itself.

To route between subnets you need to use a router to router VPN
connection, not a simple client-server connection.

"speakeasy" <aaa> wrote in message
news:1_2dndMwKo87VcvcRVn-(E-Mail Removed)...
> Hi,
>
> I have a win2k server that has CISCO vpn client and connects to a remote
> vpn
> server. The LAN ip is 192.168.0.x. Once vpn is connected, it gets assigned
> a
> dynamic IP, like 10.8.1.x.
> I need to route the VPN traffic onto the LAN. I think I need to setup RRAS
> on the win2k server and maybe add some routing entries to the routing
> table.
> Can someone please tell me exactly. Thanks very much.
>
> Yi
>
>

Robert,

Thanks for the reply.
The VPN server is not in my control, only the machine with the VPN client.
Thanks. I'll try the add route.

Yi

"Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message
news:uwt1Rr$(E-Mail Removed)...
> I am not sure why you don't setup the VPN server to assign the same LAN ip
> 192.168.0.x. If for the security reason or the LAN is out the ip address,
> add route is your option. quoted from http://www.ChicagoTech.net
>
> Route command and examples
>
> PRINT Prints a route - route PRINT 157* .... Only prints those matching
157*
> ADD Adds a route - route ADD 157.0.0.0 MASK 255.0.0.0 157.55.80.1 METRIC 3
> IF 2
> DELETE Deletes a route - route DELETE 157.0.0.0
> CHANGE Modifies an existing route - route CHANGE 157.0.0.0 MASK 255.0.0.0
> 157.55.80.5 METRIC 2 IF 2
>
>
> --
> For more and other information, go to http://www.ChicagoTech.net
>
> Don't send e-mail or reply to me except you need consulting services.
> Posting on MS newsgroup will benefit all readers and you may get more
help.
>
> Robert Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
> http://www.ChicagoTech.net
> This posting is provided "AS IS" with no warranties.
>
> "speakeasy" <aaa> wrote in message
> news:1_2dndMwKo87VcvcRVn-(E-Mail Removed)...
> > Hi,
> >
> > I have a win2k server that has CISCO vpn client and connects to a remote
> > vpn
> > server. The LAN ip is 192.168.0.x. Once vpn is connected, it gets
assigned
> > a
> > dynamic IP, like 10.8.1.x.
> > I need to route the VPN traffic onto the LAN. I think I need to setup
RRAS
> > on the win2k server and maybe add some routing entries to the routing
> > table.
> > Can someone please tell me exactly. Thanks very much.
> >
> > Yi
> >
> >
>
>

Thanks for the reply, Bill.

Is there a way I can add in NAT with the routing so that to the VPN server,
they all come from the client?

Yi

"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
> An ordinary client-server connection isn't designed to route traffic
for
> the LAN behind the client. Even if you set up the routing at your end, it
> will still fail. The reason is that, at the VPN server, there will only be
a
> host route back to the VPN client. The server will not route traffic for
the
> subnet behind the client through the VPN link. It only knows about the
> client itself.
>
> To route between subnets you need to use a router to router VPN
> connection, not a simple client-server connection.
>
> "speakeasy" <aaa> wrote in message
> news:1_2dndMwKo87VcvcRVn-(E-Mail Removed)...
> > Hi,
> >
> > I have a win2k server that has CISCO vpn client and connects to a remote
> > vpn
> > server. The LAN ip is 192.168.0.x. Once vpn is connected, it gets
assigned
> > a
> > dynamic IP, like 10.8.1.x.
> > I need to route the VPN traffic onto the LAN. I think I need to setup
RRAS
> > on the win2k server and maybe add some routing entries to the routing
> > table.
> > Can someone please tell me exactly. Thanks very much.
> >
> > Yi
> >
> >
>
>

You should be able to do that. The VPN link is just a connection, and you
should be able to NAT it (unless you are already using NAT for Internet
access). That would solve the problem, because all traffic going over the
link would be using the server's VPN IP.

"speakeasy" <aaa> wrote in message
news:1pWdnfZi185-l8HcRVn-(E-Mail Removed)...
> Thanks for the reply, Bill.
>
> Is there a way I can add in NAT with the routing so that to the VPN
> server,
> they all come from the client?
>
> Yi
>
> "Bill Grant" <not.available@online> wrote in message
> news:(E-Mail Removed)...
>> An ordinary client-server connection isn't designed to route traffic
> for
>> the LAN behind the client. Even if you set up the routing at your end, it
>> will still fail. The reason is that, at the VPN server, there will only
>> be
> a
>> host route back to the VPN client. The server will not route traffic for
> the
>> subnet behind the client through the VPN link. It only knows about the
>> client itself.
>>
>> To route between subnets you need to use a router to router VPN
>> connection, not a simple client-server connection.
>>
>> "speakeasy" <aaa> wrote in message
>> news:1_2dndMwKo87VcvcRVn-(E-Mail Removed)...
>> > Hi,
>> >
>> > I have a win2k server that has CISCO vpn client and connects to a
>> > remote
>> > vpn
>> > server. The LAN ip is 192.168.0.x. Once vpn is connected, it gets
> assigned
>> > a
>> > dynamic IP, like 10.8.1.x.
>> > I need to route the VPN traffic onto the LAN. I think I need to setup
> RRAS
>> > on the win2k server and maybe add some routing entries to the routing
>> > table.
>> > Can someone please tell me exactly. Thanks very much.
>> >
>> > Yi
>> >
>> >
>>
>>
>
>