static routing

I have a branch office of which I am setup a demand dial interfact for the
network to the corporate office. I can browse resources on the coporate
network from the branch server, but users on the branch lan cannot. They
can access the internet, but nothing on the corporate web. I have done a
million different combinations of static routes so the lan users can access
the corporate network, but nothing seems to be working. Can anyone help me
out here? I'm at a loss.

Robert

Hi,

Am I right in assuming that the Branch office server itself has the demand
dial interface?
Also, if that is the case, I assume the client PCs have their default
gateway set to the LAN IP Address of the Branch Office Server... is that the
case?

It may be worth doing a Tracert to ensure that the Client PCs are going the
correct route.

The Static route needs to specify the Demand Dial Interface as the
'Interface' for the Static Route. Specify destination IP Address and Subnet
Mask for the remote network.

If you can provide a little more info, I may be able to help more, sorry
this response is slightly vague.

Dan
MCSA MCSE 2000/2003



"Robert" wrote:

> I have a branch office of which I am setup a demand dial interfact for the
> network to the corporate office. I can browse resources on the coporate
> network from the branch server, but users on the branch lan cannot. They
> can access the internet, but nothing on the corporate web. I have done a
> million different combinations of static routes so the lan users can access
> the corporate network, but nothing seems to be working. Can anyone help me
> out here? I'm at a loss.
>
> Robert
>
>
>

Yes, your right. Here is the setup:

Branch Office
Server "WAN"
IP: 192.168.16.11
Subnet: 255.255.255.0
Gateway: 192.168.16.1

Server "LAN"
IP: 192.168.17.2
Subnet: 255.255.255.0
Gateway: "None"

Client IP Setup:
IP: 192.168.17.25
Subnet: 255.255.255.0
Gateway: 192.168.17.2

I used static ip addressing on the clients to make it easier. The clients
can connect to the internet just fine, but can't browse the remote network.
The server already has the demand dial interface connected and I can browse
the remote network from the server, but not from the clients. I can also
browse the branch office server from the corporate office network (clients
or servers). Hope this helps.

Robert

"DanJ" <(E-Mail Removed)> wrote in message
news:86B7F4B6-6171-4EC1-97F6-(E-Mail Removed)...
> Hi,
>
> Am I right in assuming that the Branch office server itself has the demand
> dial interface?
> Also, if that is the case, I assume the client PCs have their default
> gateway set to the LAN IP Address of the Branch Office Server... is that
> the
> case?
>
> It may be worth doing a Tracert to ensure that the Client PCs are going
> the
> correct route.
>
> The Static route needs to specify the Demand Dial Interface as the
> 'Interface' for the Static Route. Specify destination IP Address and
> Subnet
> Mask for the remote network.
>
> If you can provide a little more info, I may be able to help more, sorry
> this response is slightly vague.
>
> Dan
> MCSA MCSE 2000/2003
>
>
>
> "Robert" wrote:
>
>> I have a branch office of which I am setup a demand dial interfact for
>> the
>> network to the corporate office. I can browse resources on the coporate
>> network from the branch server, but users on the branch lan cannot. They
>> can access the internet, but nothing on the corporate web. I have done a
>> million different combinations of static routes so the lan users can
>> access
>> the corporate network, but nothing seems to be working. Can anyone help
>> me
>> out here? I'm at a loss.
>>
>> Robert
>>
>>
>>

To get routing working between the two sites you will need to set up a
site to site (also called router to router) connection. Routing is a two-way
process. You must have routes on the routers at both ends to be able to get
from a host in on site to a host in the other.

To do it using RRAS routers you need one in each site. The connection is
made between the routers. Each router has a static route to the other site
linked to a demand dial interface. The "calling" router connects to the dd
interface on the answering router. The static route thehn become effective,
routing traffic through the link.

"Robert" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Yes, your right. Here is the setup:
>
> Branch Office
> Server "WAN"
> IP: 192.168.16.11
> Subnet: 255.255.255.0
> Gateway: 192.168.16.1
>
> Server "LAN"
> IP: 192.168.17.2
> Subnet: 255.255.255.0
> Gateway: "None"
>
> Client IP Setup:
> IP: 192.168.17.25
> Subnet: 255.255.255.0
> Gateway: 192.168.17.2
>
> I used static ip addressing on the clients to make it easier. The clients
> can connect to the internet just fine, but can't browse the remote
> network. The server already has the demand dial interface connected and I
> can browse the remote network from the server, but not from the clients.
> I can also browse the branch office server from the corporate office
> network (clients or servers). Hope this helps.
>
> Robert
>
> "DanJ" <(E-Mail Removed)> wrote in message
> news:86B7F4B6-6171-4EC1-97F6-(E-Mail Removed)...
>> Hi,
>>
>> Am I right in assuming that the Branch office server itself has the
>> demand
>> dial interface?
>> Also, if that is the case, I assume the client PCs have their default
>> gateway set to the LAN IP Address of the Branch Office Server... is that
>> the
>> case?
>>
>> It may be worth doing a Tracert to ensure that the Client PCs are going
>> the
>> correct route.
>>
>> The Static route needs to specify the Demand Dial Interface as the
>> 'Interface' for the Static Route. Specify destination IP Address and
>> Subnet
>> Mask for the remote network.
>>
>> If you can provide a little more info, I may be able to help more, sorry
>> this response is slightly vague.
>>
>> Dan
>> MCSA MCSE 2000/2003
>>
>>
>>
>> "Robert" wrote:
>>
>>> I have a branch office of which I am setup a demand dial interfact for
>>> the
>>> network to the corporate office. I can browse resources on the coporate
>>> network from the branch server, but users on the branch lan cannot.
>>> They
>>> can access the internet, but nothing on the corporate web. I have done
>>> a
>>> million different combinations of static routes so the lan users can
>>> access
>>> the corporate network, but nothing seems to be working. Can anyone help
>>> me
>>> out here? I'm at a loss.
>>>
>>> Robert
>>>
>>>
>>>
>
>

OK, so if I understand you, I need to create a demand dial connection on
both sides and connect them? I still don't understand how the lan users on
the side that already has the dd connection made can't access the network,
but the machine that made the connection can.

Robert

"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
> To get routing working between the two sites you will need to set up a
> site to site (also called router to router) connection. Routing is a
> two-way process. You must have routes on the routers at both ends to be
> able to get from a host in on site to a host in the other.
>
> To do it using RRAS routers you need one in each site. The connection
> is made between the routers. Each router has a static route to the other
> site linked to a demand dial interface. The "calling" router connects to
> the dd interface on the answering router. The static route thehn become
> effective, routing traffic through the link.
>
> "Robert" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Yes, your right. Here is the setup:
>>
>> Branch Office
>> Server "WAN"
>> IP: 192.168.16.11
>> Subnet: 255.255.255.0
>> Gateway: 192.168.16.1
>>
>> Server "LAN"
>> IP: 192.168.17.2
>> Subnet: 255.255.255.0
>> Gateway: "None"
>>
>> Client IP Setup:
>> IP: 192.168.17.25
>> Subnet: 255.255.255.0
>> Gateway: 192.168.17.2
>>
>> I used static ip addressing on the clients to make it easier. The
>> clients can connect to the internet just fine, but can't browse the
>> remote network. The server already has the demand dial interface
>> connected and I can browse the remote network from the server, but not
>> from the clients. I can also browse the branch office server from the
>> corporate office network (clients or servers). Hope this helps.
>>
>> Robert
>>
>> "DanJ" <(E-Mail Removed)> wrote in message
>> news:86B7F4B6-6171-4EC1-97F6-(E-Mail Removed)...
>>> Hi,
>>>
>>> Am I right in assuming that the Branch office server itself has the
>>> demand
>>> dial interface?
>>> Also, if that is the case, I assume the client PCs have their default
>>> gateway set to the LAN IP Address of the Branch Office Server... is that
>>> the
>>> case?
>>>
>>> It may be worth doing a Tracert to ensure that the Client PCs are going
>>> the
>>> correct route.
>>>
>>> The Static route needs to specify the Demand Dial Interface as the
>>> 'Interface' for the Static Route. Specify destination IP Address and
>>> Subnet
>>> Mask for the remote network.
>>>
>>> If you can provide a little more info, I may be able to help more, sorry
>>> this response is slightly vague.
>>>
>>> Dan
>>> MCSA MCSE 2000/2003
>>>
>>>
>>>
>>> "Robert" wrote:
>>>
>>>> I have a branch office of which I am setup a demand dial interfact for
>>>> the
>>>> network to the corporate office. I can browse resources on the
>>>> coporate
>>>> network from the branch server, but users on the branch lan cannot.
>>>> They
>>>> can access the internet, but nothing on the corporate web. I have done
>>>> a
>>>> million different combinations of static routes so the lan users can
>>>> access
>>>> the corporate network, but nothing seems to be working. Can anyone
>>>> help me
>>>> out here? I'm at a loss.
>>>>
>>>> Robert
>>>>
>>>>
>>>>
>>
>>
>
>

The reson it doesn't work is, as I said previously, routing is a two-way
process. A static route will get the traffic from one site to the other, but
what happens to the traffic in the other direction?

As an example, assume that a workstation in one site tries to ping a
workstsation at the other site. The packet goes to the default router which
has a static route pointing to the "other" site via the point to point link.
Everything is fine. What happens when the target machine tries to reply? As
before, the packet goes to the default router for that site. This router
does not have a route for the private IP subnet of the first site. It tries
to send a reply using its default route (which is probably out to the
Internet). The packet is discarded because private IPs cannot cross the
Internet.

Routing between sites will only work if each router has a static route
for the subnet of the "other" site via the point to point connection. In
this case, the privately addressed packet is encrypted and encapsulated
before it is sent out to the Internet. (That is, the private traffic between
the two private subnets is tunnelled through the public Internet). The
traffic in both directions must use the tunnel.

"Robert" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> OK, so if I understand you, I need to create a demand dial connection on
> both sides and connect them? I still don't understand how the lan users
> on the side that already has the dd connection made can't access the
> network, but the machine that made the connection can.
>
> Robert
>
> "Bill Grant" <not.available@online> wrote in message
> news:(E-Mail Removed)...
>> To get routing working between the two sites you will need to set up
>> a site to site (also called router to router) connection. Routing is a
>> two-way process. You must have routes on the routers at both ends to be
>> able to get from a host in on site to a host in the other.
>>
>> To do it using RRAS routers you need one in each site. The connection
>> is made between the routers. Each router has a static route to the other
>> site linked to a demand dial interface. The "calling" router connects to
>> the dd interface on the answering router. The static route thehn become
>> effective, routing traffic through the link.
>>
>> "Robert" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Yes, your right. Here is the setup:
>>>
>>> Branch Office
>>> Server "WAN"
>>> IP: 192.168.16.11
>>> Subnet: 255.255.255.0
>>> Gateway: 192.168.16.1
>>>
>>> Server "LAN"
>>> IP: 192.168.17.2
>>> Subnet: 255.255.255.0
>>> Gateway: "None"
>>>
>>> Client IP Setup:
>>> IP: 192.168.17.25
>>> Subnet: 255.255.255.0
>>> Gateway: 192.168.17.2
>>>
>>> I used static ip addressing on the clients to make it easier. The
>>> clients can connect to the internet just fine, but can't browse the
>>> remote network. The server already has the demand dial interface
>>> connected and I can browse the remote network from the server, but not
>>> from the clients. I can also browse the branch office server from the
>>> corporate office network (clients or servers). Hope this helps.
>>>
>>> Robert
>>>
>>> "DanJ" <(E-Mail Removed)> wrote in message
>>> news:86B7F4B6-6171-4EC1-97F6-(E-Mail Removed)...
>>>> Hi,
>>>>
>>>> Am I right in assuming that the Branch office server itself has the
>>>> demand
>>>> dial interface?
>>>> Also, if that is the case, I assume the client PCs have their default
>>>> gateway set to the LAN IP Address of the Branch Office Server... is
>>>> that the
>>>> case?
>>>>
>>>> It may be worth doing a Tracert to ensure that the Client PCs are going
>>>> the
>>>> correct route.
>>>>
>>>> The Static route needs to specify the Demand Dial Interface as the
>>>> 'Interface' for the Static Route. Specify destination IP Address and
>>>> Subnet
>>>> Mask for the remote network.
>>>>
>>>> If you can provide a little more info, I may be able to help more,
>>>> sorry
>>>> this response is slightly vague.
>>>>
>>>> Dan
>>>> MCSA MCSE 2000/2003
>>>>
>>>>
>>>>
>>>> "Robert" wrote:
>>>>
>>>>> I have a branch office of which I am setup a demand dial interfact for
>>>>> the
>>>>> network to the corporate office. I can browse resources on the
>>>>> coporate
>>>>> network from the branch server, but users on the branch lan cannot.
>>>>> They
>>>>> can access the internet, but nothing on the corporate web. I have
>>>>> done a
>>>>> million different combinations of static routes so the lan users can
>>>>> access
>>>>> the corporate network, but nothing seems to be working. Can anyone
>>>>> help me
>>>>> out here? I'm at a loss.
>>>>>
>>>>> Robert
>>>>>
>>>>>
>>>>>
>>>
>>>
>>
>>
>
>

OK, I understand, for the most part. On the corporate server, what do I put
in for the gateway on the static route? Here is what I have so far:

Static Route:
Interface (Local Area Connection 2) --this is the only interface available
on the corporate server
Destination: 192.168.17.0
Subnet: 255.255.255.0
Gateway: ?????

Robert

"Bill Grant" <not.available@online> wrote in message
news:OM%(E-Mail Removed)...
> The reson it doesn't work is, as I said previously, routing is a two-way
> process. A static route will get the traffic from one site to the other,
> but what happens to the traffic in the other direction?
>
> As an example, assume that a workstation in one site tries to ping a
> workstsation at the other site. The packet goes to the default router
> which has a static route pointing to the "other" site via the point to
> point link. Everything is fine. What happens when the target machine tries
> to reply? As before, the packet goes to the default router for that site.
> This router does not have a route for the private IP subnet of the first
> site. It tries to send a reply using its default route (which is probably
> out to the Internet). The packet is discarded because private IPs cannot
> cross the Internet.
>
> Routing between sites will only work if each router has a static route
> for the subnet of the "other" site via the point to point connection. In
> this case, the privately addressed packet is encrypted and encapsulated
> before it is sent out to the Internet. (That is, the private traffic
> between the two private subnets is tunnelled through the public Internet).
> The traffic in both directions must use the tunnel.
>
> "Robert" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> OK, so if I understand you, I need to create a demand dial connection on
>> both sides and connect them? I still don't understand how the lan users
>> on the side that already has the dd connection made can't access the
>> network, but the machine that made the connection can.
>>
>> Robert
>>
>> "Bill Grant" <not.available@online> wrote in message
>> news:(E-Mail Removed)...
>>> To get routing working between the two sites you will need to set up
>>> a site to site (also called router to router) connection. Routing is a
>>> two-way process. You must have routes on the routers at both ends to be
>>> able to get from a host in on site to a host in the other.
>>>
>>> To do it using RRAS routers you need one in each site. The connection
>>> is made between the routers. Each router has a static route to the other
>>> site linked to a demand dial interface. The "calling" router connects to
>>> the dd interface on the answering router. The static route thehn become
>>> effective, routing traffic through the link.
>>>
>>> "Robert" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>> Yes, your right. Here is the setup:
>>>>
>>>> Branch Office
>>>> Server "WAN"
>>>> IP: 192.168.16.11
>>>> Subnet: 255.255.255.0
>>>> Gateway: 192.168.16.1
>>>>
>>>> Server "LAN"
>>>> IP: 192.168.17.2
>>>> Subnet: 255.255.255.0
>>>> Gateway: "None"
>>>>
>>>> Client IP Setup:
>>>> IP: 192.168.17.25
>>>> Subnet: 255.255.255.0
>>>> Gateway: 192.168.17.2
>>>>
>>>> I used static ip addressing on the clients to make it easier. The
>>>> clients can connect to the internet just fine, but can't browse the
>>>> remote network. The server already has the demand dial interface
>>>> connected and I can browse the remote network from the server, but not
>>>> from the clients. I can also browse the branch office server from the
>>>> corporate office network (clients or servers). Hope this helps.
>>>>
>>>> Robert
>>>>
>>>> "DanJ" <(E-Mail Removed)> wrote in message
>>>> news:86B7F4B6-6171-4EC1-97F6-(E-Mail Removed)...
>>>>> Hi,
>>>>>
>>>>> Am I right in assuming that the Branch office server itself has the
>>>>> demand
>>>>> dial interface?
>>>>> Also, if that is the case, I assume the client PCs have their default
>>>>> gateway set to the LAN IP Address of the Branch Office Server... is
>>>>> that the
>>>>> case?
>>>>>
>>>>> It may be worth doing a Tracert to ensure that the Client PCs are
>>>>> going the
>>>>> correct route.
>>>>>
>>>>> The Static route needs to specify the Demand Dial Interface as the
>>>>> 'Interface' for the Static Route. Specify destination IP Address and
>>>>> Subnet
>>>>> Mask for the remote network.
>>>>>
>>>>> If you can provide a little more info, I may be able to help more,
>>>>> sorry
>>>>> this response is slightly vague.
>>>>>
>>>>> Dan
>>>>> MCSA MCSE 2000/2003
>>>>>
>>>>>
>>>>>
>>>>> "Robert" wrote:
>>>>>
>>>>>> I have a branch office of which I am setup a demand dial interfact
>>>>>> for the
>>>>>> network to the corporate office. I can browse resources on the
>>>>>> coporate
>>>>>> network from the branch server, but users on the branch lan cannot.
>>>>>> They
>>>>>> can access the internet, but nothing on the corporate web. I have
>>>>>> done a
>>>>>> million different combinations of static routes so the lan users can
>>>>>> access
>>>>>> the corporate network, but nothing seems to be working. Can anyone
>>>>>> help me
>>>>>> out here? I'm at a loss.
>>>>>>
>>>>>> Robert
>>>>>>
>>>>>>
>>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

You can't do it manually because the interface doesn't exist until the
connection is made.Is this server running RRAS? If so, you configure a
demand dial interface. You then use the static route wizard to configure a
static route for the subnet of the remote site and select the demand dial
interface from the dropdown list as the interface.

When you make a connction to the server you use the name of the
demand-dial interface as the username. RRAS then connects you to the correct
interface for the calling site (so that you get the correct subnet for the
site. Multiple sites can connect using different dd interfaces and creating
different tunnels.) When the dd interface becomes active, RRAS adds the
static route (which has been stored in the registry) to the routing table.

"Robert" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> OK, I understand, for the most part. On the corporate server, what do I
> put in for the gateway on the static route? Here is what I have so far:
>
> Static Route:
> Interface (Local Area Connection 2) --this is the only interface
> available on the corporate server
> Destination: 192.168.17.0
> Subnet: 255.255.255.0
> Gateway: ?????
>
> Robert
>
> "Bill Grant" <not.available@online> wrote in message
> news:OM%(E-Mail Removed)...
>> The reson it doesn't work is, as I said previously, routing is a two-way
>> process. A static route will get the traffic from one site to the other,
>> but what happens to the traffic in the other direction?
>>
>> As an example, assume that a workstation in one site tries to ping a
>> workstsation at the other site. The packet goes to the default router
>> which has a static route pointing to the "other" site via the point to
>> point link. Everything is fine. What happens when the target machine
>> tries to reply? As before, the packet goes to the default router for that
>> site. This router does not have a route for the private IP subnet of the
>> first site. It tries to send a reply using its default route (which is
>> probably out to the Internet). The packet is discarded because private
>> IPs cannot cross the Internet.
>>
>> Routing between sites will only work if each router has a static route
>> for the subnet of the "other" site via the point to point connection. In
>> this case, the privately addressed packet is encrypted and encapsulated
>> before it is sent out to the Internet. (That is, the private traffic
>> between the two private subnets is tunnelled through the public
>> Internet). The traffic in both directions must use the tunnel.
>>
>> "Robert" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>>> OK, so if I understand you, I need to create a demand dial connection on
>>> both sides and connect them? I still don't understand how the lan users
>>> on the side that already has the dd connection made can't access the
>>> network, but the machine that made the connection can.
>>>
>>> Robert
>>>
>>> "Bill Grant" <not.available@online> wrote in message
>>> news:(E-Mail Removed)...
>>>> To get routing working between the two sites you will need to set
>>>> up a site to site (also called router to router) connection. Routing is
>>>> a two-way process. You must have routes on the routers at both ends to
>>>> be able to get from a host in on site to a host in the other.
>>>>
>>>> To do it using RRAS routers you need one in each site. The
>>>> connection is made between the routers. Each router has a static route
>>>> to the other site linked to a demand dial interface. The "calling"
>>>> router connects to the dd interface on the answering router. The static
>>>> route thehn become effective, routing traffic through the link.
>>>>
>>>> "Robert" <(E-Mail Removed)> wrote in message
>>>> news:(E-Mail Removed)...
>>>>> Yes, your right. Here is the setup:
>>>>>
>>>>> Branch Office
>>>>> Server "WAN"
>>>>> IP: 192.168.16.11
>>>>> Subnet: 255.255.255.0
>>>>> Gateway: 192.168.16.1
>>>>>
>>>>> Server "LAN"
>>>>> IP: 192.168.17.2
>>>>> Subnet: 255.255.255.0
>>>>> Gateway: "None"
>>>>>
>>>>> Client IP Setup:
>>>>> IP: 192.168.17.25
>>>>> Subnet: 255.255.255.0
>>>>> Gateway: 192.168.17.2
>>>>>
>>>>> I used static ip addressing on the clients to make it easier. The
>>>>> clients can connect to the internet just fine, but can't browse the
>>>>> remote network. The server already has the demand dial interface
>>>>> connected and I can browse the remote network from the server, but not
>>>>> from the clients. I can also browse the branch office server from the
>>>>> corporate office network (clients or servers). Hope this helps.
>>>>>
>>>>> Robert
>>>>>
>>>>> "DanJ" <(E-Mail Removed)> wrote in message
>>>>> news:86B7F4B6-6171-4EC1-97F6-(E-Mail Removed)...
>>>>>> Hi,
>>>>>>
>>>>>> Am I right in assuming that the Branch office server itself has the
>>>>>> demand
>>>>>> dial interface?
>>>>>> Also, if that is the case, I assume the client PCs have their default
>>>>>> gateway set to the LAN IP Address of the Branch Office Server... is
>>>>>> that the
>>>>>> case?
>>>>>>
>>>>>> It may be worth doing a Tracert to ensure that the Client PCs are
>>>>>> going the
>>>>>> correct route.
>>>>>>
>>>>>> The Static route needs to specify the Demand Dial Interface as the
>>>>>> 'Interface' for the Static Route. Specify destination IP Address and
>>>>>> Subnet
>>>>>> Mask for the remote network.
>>>>>>
>>>>>> If you can provide a little more info, I may be able to help more,
>>>>>> sorry
>>>>>> this response is slightly vague.
>>>>>>
>>>>>> Dan
>>>>>> MCSA MCSE 2000/2003
>>>>>>
>>>>>>
>>>>>>
>>>>>> "Robert" wrote:
>>>>>>
>>>>>>> I have a branch office of which I am setup a demand dial interfact
>>>>>>> for the
>>>>>>> network to the corporate office. I can browse resources on the
>>>>>>> coporate
>>>>>>> network from the branch server, but users on the branch lan cannot.
>>>>>>> They
>>>>>>> can access the internet, but nothing on the corporate web. I have
>>>>>>> done a
>>>>>>> million different combinations of static routes so the lan users can
>>>>>>> access
>>>>>>> the corporate network, but nothing seems to be working. Can anyone
>>>>>>> help me
>>>>>>> out here? I'm at a loss.
>>>>>>>
>>>>>>> Robert
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Ok, thats already been done on the remote branch side. On the remote branch
server, the deman dial connection is already made and is connected 24/7. A
static route has been added that matches the subnet of the corporate
network. My problem is, users on the remote branch office network can't
access the corporate network (ie; use the tunnel that has been made), but
the server that has made the connection can. There is a missing link there.
The server that made the connection can use the tunnel, but the users on the
same network of this server can't? The users on this network (were talking
about the remote site here) use RRAS (same server and software that has
established the tunnel) to access the internet. There is something I
missed.

Robert

"Bill Grant" <not.available@online> wrote in message
news:OxvVI%(E-Mail Removed)...
> You can't do it manually because the interface doesn't exist until the
> connection is made.Is this server running RRAS? If so, you configure a
> demand dial interface. You then use the static route wizard to configure a
> static route for the subnet of the remote site and select the demand dial
> interface from the dropdown list as the interface.
>
> When you make a connction to the server you use the name of the
> demand-dial interface as the username. RRAS then connects you to the
> correct interface for the calling site (so that you get the correct subnet
> for the site. Multiple sites can connect using different dd interfaces and
> creating different tunnels.) When the dd interface becomes active, RRAS
> adds the static route (which has been stored in the registry) to the
> routing table.
>
> "Robert" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> OK, I understand, for the most part. On the corporate server, what do I
>> put in for the gateway on the static route? Here is what I have so far:
>>
>> Static Route:
>> Interface (Local Area Connection 2) --this is the only interface
>> available on the corporate server
>> Destination: 192.168.17.0
>> Subnet: 255.255.255.0
>> Gateway: ?????
>>
>> Robert
>>
>> "Bill Grant" <not.available@online> wrote in message
>> news:OM%(E-Mail Removed)...
>>> The reson it doesn't work is, as I said previously, routing is a
>>> two-way process. A static route will get the traffic from one site to
>>> the other, but what happens to the traffic in the other direction?
>>>
>>> As an example, assume that a workstation in one site tries to ping a
>>> workstsation at the other site. The packet goes to the default router
>>> which has a static route pointing to the "other" site via the point to
>>> point link. Everything is fine. What happens when the target machine
>>> tries to reply? As before, the packet goes to the default router for
>>> that site. This router does not have a route for the private IP subnet
>>> of the first site. It tries to send a reply using its default route
>>> (which is probably out to the Internet). The packet is discarded because
>>> private IPs cannot cross the Internet.
>>>
>>> Routing between sites will only work if each router has a static
>>> route for the subnet of the "other" site via the point to point
>>> connection. In this case, the privately addressed packet is encrypted
>>> and encapsulated before it is sent out to the Internet. (That is, the
>>> private traffic between the two private subnets is tunnelled through the
>>> public Internet). The traffic in both directions must use the tunnel.
>>>
>>> "Robert" <(E-Mail Removed)> wrote in message
>>> news:%(E-Mail Removed)...
>>>> OK, so if I understand you, I need to create a demand dial connection
>>>> on both sides and connect them? I still don't understand how the lan
>>>> users on the side that already has the dd connection made can't access
>>>> the network, but the machine that made the connection can.
>>>>
>>>> Robert
>>>>
>>>> "Bill Grant" <not.available@online> wrote in message
>>>> news:(E-Mail Removed)...
>>>>> To get routing working between the two sites you will need to set
>>>>> up a site to site (also called router to router) connection. Routing
>>>>> is a two-way process. You must have routes on the routers at both ends
>>>>> to be able to get from a host in on site to a host in the other.
>>>>>
>>>>> To do it using RRAS routers you need one in each site. The
>>>>> connection is made between the routers. Each router has a static route
>>>>> to the other site linked to a demand dial interface. The "calling"
>>>>> router connects to the dd interface on the answering router. The
>>>>> static route thehn become effective, routing traffic through the link.
>>>>>
>>>>> "Robert" <(E-Mail Removed)> wrote in message
>>>>> news:(E-Mail Removed)...
>>>>>> Yes, your right. Here is the setup:
>>>>>>
>>>>>> Branch Office
>>>>>> Server "WAN"
>>>>>> IP: 192.168.16.11
>>>>>> Subnet: 255.255.255.0
>>>>>> Gateway: 192.168.16.1
>>>>>>
>>>>>> Server "LAN"
>>>>>> IP: 192.168.17.2
>>>>>> Subnet: 255.255.255.0
>>>>>> Gateway: "None"
>>>>>>
>>>>>> Client IP Setup:
>>>>>> IP: 192.168.17.25
>>>>>> Subnet: 255.255.255.0
>>>>>> Gateway: 192.168.17.2
>>>>>>
>>>>>> I used static ip addressing on the clients to make it easier. The
>>>>>> clients can connect to the internet just fine, but can't browse the
>>>>>> remote network. The server already has the demand dial interface
>>>>>> connected and I can browse the remote network from the server, but
>>>>>> not from the clients. I can also browse the branch office server from
>>>>>> the corporate office network (clients or servers). Hope this helps.
>>>>>>
>>>>>> Robert
>>>>>>
>>>>>> "DanJ" <(E-Mail Removed)> wrote in message
>>>>>> news:86B7F4B6-6171-4EC1-97F6-(E-Mail Removed)...
>>>>>>> Hi,
>>>>>>>
>>>>>>> Am I right in assuming that the Branch office server itself has the
>>>>>>> demand
>>>>>>> dial interface?
>>>>>>> Also, if that is the case, I assume the client PCs have their
>>>>>>> default
>>>>>>> gateway set to the LAN IP Address of the Branch Office Server... is
>>>>>>> that the
>>>>>>> case?
>>>>>>>
>>>>>>> It may be worth doing a Tracert to ensure that the Client PCs are
>>>>>>> going the
>>>>>>> correct route.
>>>>>>>
>>>>>>> The Static route needs to specify the Demand Dial Interface as the
>>>>>>> 'Interface' for the Static Route. Specify destination IP Address
>>>>>>> and Subnet
>>>>>>> Mask for the remote network.
>>>>>>>
>>>>>>> If you can provide a little more info, I may be able to help more,
>>>>>>> sorry
>>>>>>> this response is slightly vague.
>>>>>>>
>>>>>>> Dan
>>>>>>> MCSA MCSE 2000/2003
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "Robert" wrote:
>>>>>>>
>>>>>>>> I have a branch office of which I am setup a demand dial interfact
>>>>>>>> for the
>>>>>>>> network to the corporate office. I can browse resources on the
>>>>>>>> coporate
>>>>>>>> network from the branch server, but users on the branch lan cannot.
>>>>>>>> They
>>>>>>>> can access the internet, but nothing on the corporate web. I have
>>>>>>>> done a
>>>>>>>> million different combinations of static routes so the lan users
>>>>>>>> can access
>>>>>>>> the corporate network, but nothing seems to be working. Can anyone
>>>>>>>> help me
>>>>>>>> out here? I'm at a loss.
>>>>>>>>
>>>>>>>> Robert
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

I wasn't talking about the remote branch router. I was talking about the
corporate router. Both routers must have a demand-dial interface and a
corresponding static route. If the branch office makes a connection without
connecting to a demand-dial interface, routing will not work. Instead of
connecting as a router it connects as a simple remote access client. Instead
of a subnet route, you just get a host route back to the client. So the
server can route to the corporate LAN but machines behind it cannot.

"Robert" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Ok, thats already been done on the remote branch side. On the remote
> branch server, the deman dial connection is already made and is connected
> 24/7. A static route has been added that matches the subnet of the
> corporate network. My problem is, users on the remote branch office
> network can't access the corporate network (ie; use the tunnel that has
> been made), but the server that has made the connection can. There is a
> missing link there. The server that made the connection can use the
> tunnel, but the users on the same network of this server can't? The users
> on this network (were talking about the remote site here) use RRAS (same
> server and software that has established the tunnel) to access the
> internet. There is something I missed.
>
> Robert
>
> "Bill Grant" <not.available@online> wrote in message
> news:OxvVI%(E-Mail Removed)...
>> You can't do it manually because the interface doesn't exist until the
>> connection is made.Is this server running RRAS? If so, you configure a
>> demand dial interface. You then use the static route wizard to configure
>> a static route for the subnet of the remote site and select the demand
>> dial interface from the dropdown list as the interface.
>>
>> When you make a connction to the server you use the name of the
>> demand-dial interface as the username. RRAS then connects you to the
>> correct interface for the calling site (so that you get the correct
>> subnet for the site. Multiple sites can connect using different dd
>> interfaces and creating different tunnels.) When the dd interface becomes
>> active, RRAS adds the static route (which has been stored in the
>> registry) to the routing table.
>>
>> "Robert" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> OK, I understand, for the most part. On the corporate server, what do I
>>> put in for the gateway on the static route? Here is what I have so far:
>>>
>>> Static Route:
>>> Interface (Local Area Connection 2) --this is the only interface
>>> available on the corporate server
>>> Destination: 192.168.17.0
>>> Subnet: 255.255.255.0
>>> Gateway: ?????
>>>
>>> Robert
>>>
>>> "Bill Grant" <not.available@online> wrote in message
>>> news:OM%(E-Mail Removed)...
>>>> The reson it doesn't work is, as I said previously, routing is a
>>>> two-way process. A static route will get the traffic from one site to
>>>> the other, but what happens to the traffic in the other direction?
>>>>
>>>> As an example, assume that a workstation in one site tries to ping a
>>>> workstsation at the other site. The packet goes to the default router
>>>> which has a static route pointing to the "other" site via the point to
>>>> point link. Everything is fine. What happens when the target machine
>>>> tries to reply? As before, the packet goes to the default router for
>>>> that site. This router does not have a route for the private IP subnet
>>>> of the first site. It tries to send a reply using its default route
>>>> (which is probably out to the Internet). The packet is discarded
>>>> because private IPs cannot cross the Internet.
>>>>
>>>> Routing between sites will only work if each router has a static
>>>> route for the subnet of the "other" site via the point to point
>>>> connection. In this case, the privately addressed packet is encrypted
>>>> and encapsulated before it is sent out to the Internet. (That is, the
>>>> private traffic between the two private subnets is tunnelled through
>>>> the public Internet). The traffic in both directions must use the
>>>> tunnel.
>>>>
>>>> "Robert" <(E-Mail Removed)> wrote in message
>>>> news:%(E-Mail Removed)...
>>>>> OK, so if I understand you, I need to create a demand dial connection
>>>>> on both sides and connect them? I still don't understand how the lan
>>>>> users on the side that already has the dd connection made can't access
>>>>> the network, but the machine that made the connection can.
>>>>>
>>>>> Robert
>>>>>
>>>>> "Bill Grant" <not.available@online> wrote in message
>>>>> news:(E-Mail Removed)...
>>>>>> To get routing working between the two sites you will need to set
>>>>>> up a site to site (also called router to router) connection. Routing
>>>>>> is a two-way process. You must have routes on the routers at both
>>>>>> ends to be able to get from a host in on site to a host in the other.
>>>>>>
>>>>>> To do it using RRAS routers you need one in each site. The
>>>>>> connection is made between the routers. Each router has a static
>>>>>> route to the other site linked to a demand dial interface. The
>>>>>> "calling" router connects to the dd interface on the answering
>>>>>> router. The static route thehn become effective, routing traffic
>>>>>> through the link.
>>>>>>
>>>>>> "Robert" <(E-Mail Removed)> wrote in message
>>>>>> news:(E-Mail Removed)...
>>>>>>> Yes, your right. Here is the setup:
>>>>>>>
>>>>>>> Branch Office
>>>>>>> Server "WAN"
>>>>>>> IP: 192.168.16.11
>>>>>>> Subnet: 255.255.255.0
>>>>>>> Gateway: 192.168.16.1
>>>>>>>
>>>>>>> Server "LAN"
>>>>>>> IP: 192.168.17.2
>>>>>>> Subnet: 255.255.255.0
>>>>>>> Gateway: "None"
>>>>>>>
>>>>>>> Client IP Setup:
>>>>>>> IP: 192.168.17.25
>>>>>>> Subnet: 255.255.255.0
>>>>>>> Gateway: 192.168.17.2
>>>>>>>
>>>>>>> I used static ip addressing on the clients to make it easier. The
>>>>>>> clients can connect to the internet just fine, but can't browse the
>>>>>>> remote network. The server already has the demand dial interface
>>>>>>> connected and I can browse the remote network from the server, but
>>>>>>> not from the clients. I can also browse the branch office server
>>>>>>> from the corporate office network (clients or servers). Hope this
>>>>>>> helps.
>>>>>>>
>>>>>>> Robert
>>>>>>>
>>>>>>> "DanJ" <(E-Mail Removed)> wrote in message
>>>>>>> news:86B7F4B6-6171-4EC1-97F6-(E-Mail Removed)...
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> Am I right in assuming that the Branch office server itself has the
>>>>>>>> demand
>>>>>>>> dial interface?
>>>>>>>> Also, if that is the case, I assume the client PCs have their
>>>>>>>> default
>>>>>>>> gateway set to the LAN IP Address of the Branch Office Server... is
>>>>>>>> that the
>>>>>>>> case?
>>>>>>>>
>>>>>>>> It may be worth doing a Tracert to ensure that the Client PCs are
>>>>>>>> going the
>>>>>>>> correct route.
>>>>>>>>
>>>>>>>> The Static route needs to specify the Demand Dial Interface as the
>>>>>>>> 'Interface' for the Static Route. Specify destination IP Address
>>>>>>>> and Subnet
>>>>>>>> Mask for the remote network.
>>>>>>>>
>>>>>>>> If you can provide a little more info, I may be able to help more,
>>>>>>>> sorry
>>>>>>>> this response is slightly vague.
>>>>>>>>
>>>>>>>> Dan
>>>>>>>> MCSA MCSE 2000/2003
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> "Robert" wrote:
>>>>>>>>
>>>>>>>>> I have a branch office of which I am setup a demand dial interfact
>>>>>>>>> for the
>>>>>>>>> network to the corporate office. I can browse resources on the
>>>>>>>>> coporate
>>>>>>>>> network from the branch server, but users on the branch lan
>>>>>>>>> cannot. They
>>>>>>>>> can access the internet, but nothing on the corporate web. I have
>>>>>>>>> done a
>>>>>>>>> million different combinations of static routes so the lan users
>>>>>>>>> can access
>>>>>>>>> the corporate network, but nothing seems to be working. Can
>>>>>>>>> anyone help me
>>>>>>>>> out here? I'm at a loss.
>>>>>>>>>
>>>>>>>>> Robert
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>