Re: VPN Routing Problem

Kadaitcha Man <nospam@xxxxxxxxxxxxxxxxxxxx> writes 
Bill Gribble, <BillG@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>, the errhine,
all-round howler monkey, and employee who makes items for sale from vacuum
cleaner dust-bag emptyings, moralised:

Been pulling my hair out trying to set up VPN access from a remote PC
to my company's LAN using Kerio Winroute Firewall 6 and the VPN
server and client that comes with it. The support people at Kerio are
doing their best to help out, but we're not getting anywhere
particularly fast, so I thought I'd ask here, as although it might be
a problem with the Kerio software, it could also be an issue with the
network setup on the two Windows XP Pro machines concerned....

I can connect the VPN client to the VPN server successfully, and
browse network resources on the server machine. I can resolve the
private IP addresses from machine names of machines on the LAN from
the client, but I can't ping them or connect to them to browse shares
and the like.
I think it's a routing problem.

From the client side, the VPN server name resolves to a 172.26.79.0
range ip address, which is part of the ip range allocated by the VPN
server to itself and its clients. Machines on the remote LAN correctly
resolve to 172.16.200.0 range ip addresses.

If, from the VPN client, I ping a 172.26.79.0 address, it routes
correctly through the VPN connection. If, however, I ping a
172.16.200.0 address, it (incorrectly, I believe) routes out through
the client machine's default gateway (ie. The local Internet
connection) and, of course, fails to reach it's destination (and my
ISP's routers are probably laughing at me for trying to ping a
private class ip address through the Internet).

Any ideas?

Talk to your network admins. You may need to setup LMHOSTS. 

I think it's a routing problem, not a name resolution problem.

As I understand it, LMHOSTS would, in the absence of a working DNS, resolve the machine names for me to their correct IP addresses, as does the existing HOSTS file on the VPN Server at present, and if that doesn't have the answer, the DHCP lease file.

But the problem is not resolving the ip addresses from their machine names but rather finding a route between the 172.26.79 addresses of the VPN client and server and the remote 172.16.200 network that the VPN is supposed to link the client machine to. Does LMHOSTS have a role to play in this?

--
Bill Gribble
http://www.scapegoatsanon.demon.co.uk
- Learn from the mistakes of others.
- You won't live long enough to make all of them yourself.
.

Relevant Pages

  • Re: ISA2004 kills VPN outbound
    ... Can you please tell me some information about the remote VPN Server? ... Do you have firewall client installed? ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA2004 kills VPN outbound
    ... I have the same problem connecting to several different VPN servers. ... > it use a hardware router or a windows-based computer to be its VPN Server? ... > connection will fail in some cases when a hardware firewall resides in the ... > |> FW client and configure the client as a SecureNAT client. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN server (hardware) and VPN client (Software) - both with changing IP. Can it be?
    ... How many clients will be using the VPN functionality simultanesously? ... >to have VPN server as a hardware box and client could be software. ... >For server we have registered with dyndns.org, so we have constant dns name ... what VPN server box would you recommend to buy? ...
    (comp.security.firewalls)
  • Re: RAS/VPN routing on client?
    ... I've set up a VPN Server and Client, ... On the client side the router has internal address 192.168.178.1 ... the client is that all internet traffic is routed over the VPN, ...
    (microsoft.public.windowsxp.network_web)
  • VPN usage
    ... I have recently set up a VPN server in a test environment, ... I have set up the VPN succesfully in a Server 2003 with SP2 ... direct me where to look to resolve this issue ...
    (comp.dcom.vpn)