Hi,
Can anybody here seem to figure this one out…
I have recently setup a VPN that connects my home office network in Japan to our network in the U.S. Our office uses Windows 2003 machine as the center of the network. It has two NICs, with one NIC we use RRAS and a demand-dial setup to connect to our ISP with PPPoE (our connection is a 100mbps fiber connection). The other NIC is used for our private network. The two clients in that network can access the Windows 2003 with no problems, as well as having internet connection through the Windows 2003 box.
Our network in the U.S is two machines at a datacenter, both running Windows 2003 Enterprise Edition. These machines also have two NICs, one NIC is for their connection to the datacenter (Internet) and the other NIC is for the private network between the two machines.
How I made the connection is use RRAS on our Windows 2003 machine and made a demand-dial connection to one of the machines on our U.S network (only one machine has RRAS setup), I also made the demad-dial interface for the answering end as well. I can make the connection without any problems, authenticate and assign valid IPs. However not all the machines can talk to each other.
More Details:
Our office network uses the 10.1.4.0 network ID with a subnet mask of 255.255.255.0; our U.S private network is on 192.168.0.0 with a subnet mask of 255.255.255.0, so both on their own subnet. In RRAS on the Windows 2003 box in the office we have added the static route to the demand dial interface (that connects to the VPN server in the U.S) a destination of 192.168.0.0 and on the VPN server in the U.S we added the static route of 10.1.4.0 to the demand-dial interface connecting to our Windows 2003 machine.
If you take a look at our network map at the computer ‘nagoya’ dials in to ‘lionsgate’ again the connection is not a problem. From ‘nagoya’ I can ping both ‘lionsgate’ and ‘burnaby’ (again you will need to look at the map to see which machine I am talking about). However from either ‘littleboy’ or ‘kits’ I can ping ‘lionsgate’ only but not ‘burnaby’. I tried to ping from ‘lionsgate’ to ‘littleboy’ or ‘kits’ and there was no problem there (only problems is when trying to connect to a share on ‘littleboy’ or ‘kits’ I only lets me choose the guest account to access the shares with).
Any ideas as to why the machine making the connection can access all clients on the remote network, but the clients on our local network can only make connections to the VPN server on the remote network?
I hope this is clear enough… makes my head spin myself.
Thanks,
Chris Hawkins
Can anybody here seem to figure this one out…
I have recently setup a VPN that connects my home office network in Japan to our network in the U.S. Our office uses Windows 2003 machine as the center of the network. It has two NICs, with one NIC we use RRAS and a demand-dial setup to connect to our ISP with PPPoE (our connection is a 100mbps fiber connection). The other NIC is used for our private network. The two clients in that network can access the Windows 2003 with no problems, as well as having internet connection through the Windows 2003 box.
Our network in the U.S is two machines at a datacenter, both running Windows 2003 Enterprise Edition. These machines also have two NICs, one NIC is for their connection to the datacenter (Internet) and the other NIC is for the private network between the two machines.
How I made the connection is use RRAS on our Windows 2003 machine and made a demand-dial connection to one of the machines on our U.S network (only one machine has RRAS setup), I also made the demad-dial interface for the answering end as well. I can make the connection without any problems, authenticate and assign valid IPs. However not all the machines can talk to each other.
More Details:
Our office network uses the 10.1.4.0 network ID with a subnet mask of 255.255.255.0; our U.S private network is on 192.168.0.0 with a subnet mask of 255.255.255.0, so both on their own subnet. In RRAS on the Windows 2003 box in the office we have added the static route to the demand dial interface (that connects to the VPN server in the U.S) a destination of 192.168.0.0 and on the VPN server in the U.S we added the static route of 10.1.4.0 to the demand-dial interface connecting to our Windows 2003 machine.
If you take a look at our network map at the computer ‘nagoya’ dials in to ‘lionsgate’ again the connection is not a problem. From ‘nagoya’ I can ping both ‘lionsgate’ and ‘burnaby’ (again you will need to look at the map to see which machine I am talking about). However from either ‘littleboy’ or ‘kits’ I can ping ‘lionsgate’ only but not ‘burnaby’. I tried to ping from ‘lionsgate’ to ‘littleboy’ or ‘kits’ and there was no problem there (only problems is when trying to connect to a share on ‘littleboy’ or ‘kits’ I only lets me choose the guest account to access the shares with).
Any ideas as to why the machine making the connection can access all clients on the remote network, but the clients on our local network can only make connections to the VPN server on the remote network?
I hope this is clear enough… makes my head spin myself.
Thanks,
Chris Hawkins