Home | Site Map | How To | Windows Vista | Case Studies | Articles | Forums | Services | Donations | Careers | About Us | Contact Us|

Web ChicagoTech
 

 

Workstation cannot access remote resources via demand-dial VPN   

Q1: I have a hardware router, it is IP is 192.168.71.1, and I have two computers, one is 192.168.71.100, another is 192.168.71.101, both access Internet by the router, so they have gateway set to 192.168.71.1. I setup RRAS on the 100 server, and Demand-Dial VPN interface. It works fine on 100, I can access remote network. (IP range is 192.168.0.?)

What I want to achieve now is make 101 machine access the remote network by VPN on RRAS.  It seems I just need redirect traffic on 101 to
100 and then go out by the VPN interface. But I have no clue how to set it.

Any suggestion?

A1: It depends on your router, you may be able to point all traffic from the router to 192.168.0.0 via the RRAS. If not, you need to modify the routing table on 192.168.71.101, for example, route add 192.168.0.0 mask 255.255.255.0 192.168.71.100.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com

Q2: I did that, but it doesn't work.  someone said I need add NAT on my
RRAS.

A2: The reason it doesn't work is this. When you make a VPN connection, the VPN "server" which you connect to sets up a host route back to the "client" machine. So the calling machine can route traffic through the VPN connection. Other machines cannot use the connection, because the server does not have a route for them - it only has a route through the tunnel for the one machine. The second machine would need to make its own VPN connection to the remote site.

The proper way to link one subnet to another is to use a LAN to
LAN (or router to router) VPN connection. This allows you to specify
subnet routes through the VPN connection on both routers. But you
need to set it up on both the "calling" and "answering" routers.

You could try NAT, but it would mean rearranging your network.
The "private" side of NAT would need to be in a different IP subnet
from the LAN's 192.168.71.0 . Your router is already doing NAT for
192.168.71.0 .

Bill

Q3: I want to use a RRAS because when I call in same remote network from
more than one of my machines, they kind conflict with each other. And I thought RRAS is a more neat solution.

 Are you suggesting people are really using it?

I think I am doing LAN to LAN,  the remote is 192.168.0.?, the
private side is 192.168.71.? , are you saying I need another IP range
that differents from the above two for NAT? How should I do that?

Thanks!

A3: To use a LAN to LAN VPN, both servers must be configured with
demand-dial interfaces, and subnet routes must be linked to these interfaces
to route subnet traffic through the tunnel.

Bill

Post your questions, comments, feedbacks and suggestions

Related Topics

 

 

 

  This web is provided "AS IS" with no warranties.
Copyright © 2002-2007 ChicagoTech.net, All rights reserved. Unauthorized reproduction forbidden.