site to site vpn issue

skiv71 · 06-25-2008, 03:52 PM

hi

i have 1 site running 2k3 server with RAS vpn running, listening on 1723.

i have another site that i want to link via a vpn tunnel.

at first there was only one user and they did this on there pc.

due to the increase i users, i have dedicated a seperate pc at the remote site in an attempt to setup a vpn link that the remote site users can share,

problem one - if the dedicated pc connects via a vpn to the main site (2k3 vpn) then i cant get other users at the remote site to reach (share the tunnel) the 2k3 at the main site.

problem two - if i reverse the process, and the vpn instigated from the non remote site end, i can setup up a vpn listening connection ok, which other remote users can share etc. thing is i cant do this on the 2k3 box at the main site, because i cant vpn out of it, which i assume is to do with the facts its already listening via remote access & routing.

so i'm not sure where to go from here..

3rd party pptp client?

instigate pptp from another pc on the main site?

i cannot change the remote sites router.

any ideas?

thanks

neil

tannerjohn · 07-01-2008, 05:49 AM

I think, from what you described, you need to go back to problem 1 setup. Where remote site has a new dedicated server that can connect vpn into your main site. It would appear the reason your clients at that location can't use the tunnel is that they are set with a default gateway that points to their internet connection point, or the like; therefore, they have no idea where to go to find your tunnel.

Lets assume that your main network is 192.168.1.x
Lets assume your branch/remote network is 10.10.1.x
Lets assume your remote dedicated machine has a network card set to 10.10.1.22

Each of your clients at the branch/remote location most likely would be have default gateways currently that point to 10.10.1.1 (your assumed ISP router/modem); therefore, ALL traffic they produce will always go to 10.10.1.1

You need to go to one of your remote clients, open up a command prompt, and type

route add 192.168.1.0 mask 255.255.255.0 10.10.1.22 -p

and hit enter.

What you have done here is told this client.....communicate just like you always have with internet and other branch/remote clients; however......if you need to get to my 192.168.1.x main office network, then you need to send all traffic over to my VPN connected machine 10.10.1.22

That "sounds" like it is your issue.

Now, if you can't get this working, why not have each user at branch/remote site connect vpn independtly? Your main office VPN server should be setup to allow multiple VPN connections unless you have RRAS set to static defined IP's and only allowing 1 or 2 to be given out.

06-25-2008, 03:52 PM	#1 (permalink)
skiv71 Registered User Join Date: Jun 2008 Posts: 1 OS: server 2003	site to site vpn issue hi i have 1 site running 2k3 server with RAS vpn running, listening on 1723. i have another site that i want to link via a vpn tunnel. at first there was only one user and they did this on there pc. due to the increase i users, i have dedicated a seperate pc at the remote site in an attempt to setup a vpn link that the remote site users can share, problem one - if the dedicated pc connects via a vpn to the main site (2k3 vpn) then i cant get other users at the remote site to reach (share the tunnel) the 2k3 at the main site. problem two - if i reverse the process, and the vpn instigated from the non remote site end, i can setup up a vpn listening connection ok, which other remote users can share etc. thing is i cant do this on the 2k3 box at the main site, because i cant vpn out of it, which i assume is to do with the facts its already listening via remote access & routing. so i'm not sure where to go from here.. 3rd party pptp client? instigate pptp from another pc on the main site? i cannot change the remote sites router. any ideas? thanks neil

07-01-2008, 05:49 AM	#2 (permalink)
tannerjohn Registered User Join Date: Jun 2008 Posts: 43 OS: vista 64bit	Re: site to site vpn issue I think, from what you described, you need to go back to problem 1 setup. Where remote site has a new dedicated server that can connect vpn into your main site. It would appear the reason your clients at that location can't use the tunnel is that they are set with a default gateway that points to their internet connection point, or the like; therefore, they have no idea where to go to find your tunnel. Lets assume that your main network is 192.168.1.x Lets assume your branch/remote network is 10.10.1.x Lets assume your remote dedicated machine has a network card set to 10.10.1.22 Each of your clients at the branch/remote location most likely would be have default gateways currently that point to 10.10.1.1 (your assumed ISP router/modem); therefore, ALL traffic they produce will always go to 10.10.1.1 You need to go to one of your remote clients, open up a command prompt, and type route add 192.168.1.0 mask 255.255.255.0 10.10.1.22 -p and hit enter. What you have done here is told this client.....communicate just like you always have with internet and other branch/remote clients; however......if you need to get to my 192.168.1.x main office network, then you need to send all traffic over to my VPN connected machine 10.10.1.22 That "sounds" like it is your issue. Now, if you can't get this working, why not have each user at branch/remote site connect vpn independtly? Your main office VPN server should be setup to allow multiple VPN connections unless you have RRAS set to static defined IP's and only allowing 1 or 2 to be given out. __________________ Hope it helps. My notes: headtreez.com/site/JohnsHeadTree