gateway to gateway vpn clients can connect

Discussion in 'Windows Networking' started by Nick, Nov 10, 2004.

  1. Nick

    Nick Guest

    Hi

    I have set up a gateway to gateway vpn over 2 DSL lines between a win 2000
    server/ ISA 2000 server at site 1 and win2003 SBS / ISA2000 at site 2.

    I have got the vpn connecting and working and both the servers can ping each
    other. The problem i have is the client pc's in site 2 need to be able to
    connect to site 1.

    The client pc's have there default gateway as the sbs server internal IP
    address (its main ip not the IP assigned to it by RRAS), I though RRAS would
    have set up the routing automatically as part of the wizard when i created
    it.

    Anyone got any ideas.

    Thanks

    Nick
     
    Nick, Nov 10, 2004
    #1
    1. Advertisements

  2. this may help. quoted from http://www.ChicagoTech.net
    Routing issues on site to site VPN

    You may have three ways to configure route: 1. Manually configure static
    routes on both sites.
    2. Perform auto-static updates on both sites.
    3. If the site to site VPN connection is persistent, you can also configure
    IP routing protocols such as RIP or OSPF to operate over the demand-dial
    connection.


    --
    For more and other information, go to http://www.ChicagoTech.net

    Don't send e-mail or reply to me except you need consulting services.
    Posting on MS newsgroup will benefit all readers and you may get more help.

    Bob Lin, MS-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
    http://www.ChicagoTech.net
    Networking Solutions, http://www.chicagotech.net/networksolutions.htm
    VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
    VPN Process and Error Analysis, http://www.chicagotech.net/VPN process.htm
    VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
    This posting is provided "AS IS" with no warranties.
     
    Robert L [MS-MVP], Nov 10, 2004
    #2
    1. Advertisements

  3. Nick

    Bill Grant Guest

    If both sites are on a single subnet and each ISA server is the default
    gateway for the local LAN, I would expect this to work by default. There
    should be static routes set up on the servers to send traffic for the
    "other" subnet through the VPN link.

    The ISA wizard is different from the RRAS wizard, so you might do better
    to post in the ISA newsgroup.
     
    Bill Grant, Nov 11, 2004
    #3
  4. Nick

    Nick Guest

    Hi Bill

    The one at the main site server is win 2000 and was done using the ISA 2000
    wizzard, the remote server is running windows 2003 so the ISA wizzards dont
    work so was done manually. Not sure if this would have any effect.

    Thanks

    Nick
     
    Nick, Nov 11, 2004
    #4
  5. Nick

    Bill Grant Guest

    That sounds pretty dicey to me. The ISA wizard automates the setup and
    creates a file to use on the "other" server. The wizard in RRAS isn't aware
    of how this works.

    For the routing to work, the "calling" router must use the name of the
    demand-dial interface on the answering router as its username (read that a
    few times slowly!). This is essential for routing to work.

    Here's why. The static routes are associated with the demand-dial
    interfaces. They only become active when the dd interfaces connect. When a
    router receives an incoming call, it checks the username against its list of
    demand dial interfaces. If there is a match, it connects to the interface.
    The interface becomes active and any routes associated with it also become
    active and are added to the routing table.

    If there is no match, the router assumes it is a client-server
    connection (not a router to router) and connects to the default internal
    interface. In this case only a host route to the calling machine is set up.
    Intersite routing then doesn't work.
     
    Bill Grant, Nov 11, 2004
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.