Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Winroute Pro with NAT and VPN

Status
Not open for further replies.
ratbs75

ratbs75

IS-IT--Management
Mar 8, 2001
147
BE
Hi all,

Here a short description of my network config:

I have a server installed running Winroute Pro (4.1.25).
On the server, I have 2 networkcards installed: 192.168.0.150 and 192.168.1.6

The whole local lan is connected through hubs on the 192.168.0.150.
The second card 192.168.1.6 is directly connected to a router, which has 192.168.1.5 as IP.

So far so good. Everyone from the LAN is able to connect to the internet, which goes through the winroute, then the router..... connected to ADSL.

My problem is following: I have to setup a VPN line from home to the office. Well, from home I can ping the Router, AND the 2nd server's nic, which is 192.168.1.6. So one thing is clear, I can access from home the router AND the Server. Now where the problems begin, is that I can't access the LAN on the office, in other words, I'm not able to simply ping the 1st card in the server which is the 192.168.0.150.

Any idea why?

On winroute, 192.168.1.6 is set to NAT, and 192.168.0.150 is not set to NAT. Also, no gateway defined for 192.168.0.150, but a gateway for the 192.168.1.6 is setup (gateway 192.168.1.5, which is the router).

So, internet from LAN works fine... but from home VPN i only can access through the router ONE ip: 192.168.1.6, and not the 2nd one freom the same server (192.168.0.150).

I'm getting really lost at the end... any one an idea?

Many thnx in advance
 
Sort by date Sort by votes
1 question: what is acting as the vpn server, the server running winroute or the router itself?

 
Upvote 0 Downvote
Hi, The configuration is not that clear to me. I asume the configuration above containing the hub and the 192.168.0.0 network is your WORK network. This is connected to the Winroute machine using IP 192.168.0.150. (we should call this your LAN interface).

On the other Winroute NIC, IP address 192.168.1.6 (we should call this your WAN interface) this is connected directly to a router IP 192.168.1.5 which then connects to the Internet.

When you say "connecting from home", you mean from a machine/Internet connection completely seperate from any of the above?

Is all this correct so far?

 
Upvote 0 Downvote
u understood the right way...

So in your words my problem would be: from the LAN i'm able to reach the WAN and the router.... but the other way around (ie: from home-complete seperate 'outside' pc or directly from the router) i can't reach the LAN, but I can reach the WAN.... the LAN and WAN cards remaining in the same winroute-server.. hope that makes it 100% understandable :) :)
 
Upvote 0 Downvote
Ok. Have you tried to do a trace route from the the router to a host on your LAN? Try tracing a route to something other than the firewall (192.168.0.150). i.e do you have something on 192.168.0.1 for example. Try tracing a route to that and tell me the results.


Regards,

Loz.
 
Upvote 0 Downvote
Hang on a second, you two.

You need to answer my question. I'll explain why.

Looking at the way you have configured everything, it looks as if everything is being translated twice. I'll tell you why. I noticed that your WAN IP is an IP address reserved for Internal networks. That means that packets from the internet al ready translated in your DSL modem/router, and sent on to winroute where a second translation is performed. If your dsl/router is also acting as the VPN server, then it is logical that nothing is getting through from outside, because even though the router/modem(vpn server) is decrypting packets and sending them through to the pc with winroute, winroute is blocking all the packets because they are strange packets to winroute.

the first thing you need to do is get rid of the double NAT that is being performed.

There are two solutions:

1. Reconfigure your modem/router to bridged mode, this way your WAN adapter in the winroute machine will get your actuall external(internet) IP address. One setback: if your router was doing the VPN serving, that won't be possible anymore, you'll need to set up a VPN server inside your internal network and map tcp port 1723 and protocol 50 to that machine. VPN serving DOES NOT WORK ON A WINROUTE MACHINE.

2. get rid of winroute and just plug your router/dsl modem into a hub or switch, Because the router modem is already a NAT firewall with vpn functionality (if this is your config).

all of this of course assuming that my assumption that double NAT is being performed, is correct.

contact me at pmf71@hotmail.com (messenger or email)if you want my help with this.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
283
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
301
Johnkite
Johnkite
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
325
intel233
intel233
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
297
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
128
gkittelson
gkittelson

Part and Inventory Search

Sponsor

Back
Top