Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Who has a successful "Virtual" VPN address?

Status
Not open for further replies.
IfAtFirst

IfAtFirst

Technical User
Jan 27, 2004
18
US
Virtual addresses for Sentinel/SoftRemote clients are purportedly able to get you onto the same LAN segment as that implied by the virtual address.

E.g., my target is a faraway segment: 192.168.1.0 (with LAN gateway at 192.168.1.50).

I set my virtual address at 192.168.1.114 and these software clients were successful connecting to the remote segment - which is guarded by a Linksys BEFVP-41 VPN router.

But... I can only successfully ping 192.168.1.50 - the LAN segment's gateway.

I need access to other hosts on that LAN.

I am puzzled, since the Linky DID accept and open the VPN tunnel, and DID let me "inside" - at least as far as the gateway.

Having gotten that far, I have to believe there is another solution besides switching to ..2.114 (which works).
 
Sort by date Sort by votes
Think of the Wan (public) side and the Lan (trusted) side of the Linksys. Use NAT and set the Lan side as the target of the VPN. The Wan address is the gateway. The Wan side is going to pass through an IPSec packet to the port on the Lan side, so you need to target the final destination when you ping, once the VPN is up.

Sounds like you need to point to the lowest address in the range and use the correct netmask. That will allow access to the full range. The wrong netmask will block the final octet.

Beware of the 192.168.x.x range. Remember that it is open to anyone's use and many devices are default-configured to use it. If you are crossing the Internet, you have to follow the IP address(es) assigned, but, once you set up your firewall, NAT the addresses to hide your true network. Just be sure to calculate the correct netmask for the range you select.
 
Upvote 0 Downvote
wa1dar:

Thanks for comments. They spurred me to return to some experiments, where I paid close attention to routing tables on the machines hosting Sentinel and SoftRemote.

These yielded some results I discussed in a similar thread I started in the VPN forum.

I guess you picked up on some panic of mine - not wanting to run out of 192.168.x.x addresses.

It's true, I wanted each "local access point" (store or local office) to be in the same group, with only the last octet changing.

Of course, using only 192.168.x.x, this limits me to 255 such locations. Not good enough if you are trying to develop a scheme for 700 stores or 1200 field offices.

Your advice, if I understand it, is: Don't worry! Be happy! There's a universe of numbers to employ, if you're behind a NAT outermost router.

'Beelions and Beelions?'

Thanks. I'll give it a try.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sue Adams
  • Locked
  • Question
Setting up a VPN to print documents to work printer in one city from home
Replies
2
Views
183
goombawaho
goombawaho
Jakemil
  • Locked
  • Question
TeamViewer alternative
Replies
2
Views
332
sbcsu
sbcsu
stanlyn
  • Locked
  • Question
Remote Desktop Access with Secure HTML Browser
Replies
0
Views
167
stanlyn
stanlyn
andyc209
  • Locked
  • Question
VPN Puzzle
Replies
2
Views
207
SamirPD
SamirPD
hdaoudi
  • Locked
  • Question
VPN Secure Router avaya "nortel" SR 1001S Configuration?
Replies
0
Views
53
hdaoudi
hdaoudi

Part and Inventory Search

Sponsor

Back
Top