Static Routes Etc
30 January 2005, 05:44 PM
#1
Static Routes Etc
This is begining to severely hack me off 
I have 3 PCs & a W2K server at home
Server runs:
DHCP
DNS
WINS
RAS
All computers are connected to the server by NIC1
NIC2 on the server is connected to my internet router
If I try & VPN to my office from either a PC or a server, it connects but can't access resources etc. I am unable to ping the servers in the office although connected
Wife has Symantec IPSEC VPN on her PC & that can connect & likewise not access any resources
IF I connect my PCs direct to the internet router, all is hunky dory
Obviously I want everything going via the server...
I'm sure its a case of entering a static route/dns **** but buggered if I can work it out
Any help? Route Add or smmat?
I have 3 PCs & a W2K server at home
Server runs:
DHCP
DNS
WINS
RAS
All computers are connected to the server by NIC1
NIC2 on the server is connected to my internet router
If I try & VPN to my office from either a PC or a server, it connects but can't access resources etc. I am unable to ping the servers in the office although connected
Wife has Symantec IPSEC VPN on her PC & that can connect & likewise not access any resources
IF I connect my PCs direct to the internet router, all is hunky dory
Obviously I want everything going via the server...
I'm sure its a case of entering a static route/dns **** but buggered if I can work it out
Any help? Route Add or smmat?
30 January 2005, 06:44 PM
#3
Originally Posted by Dood
Have you tried traceroutes and pings to see how far you are getting ?
How are you routing the PC traffic to the Internet ... default gateway etc ??
How are you routing the PC traffic to the Internet ... default gateway etc ??
Traceroutes get as far as the server
Default gateway is the IP of NIC1 for the clients
Likewise for NIC1 (??)
NIC2 its the internet router
30 January 2005, 09:55 PM
#6
Scooby Regular
In this situation you can only have 1 default gateway on the server (internet router on NIC2). Remove the default gateway entry for NIC1 and it will burst into life.....
30 January 2005, 10:14 PM
#7
Scooby Newbie
Join Date: Apr 2003
Posts: 17
Likes: 0
Received 0 Likes
on
0 Posts
Agree with Jeff ...
NIC1 doesn't actually need a default gateway as it will forward packets of unknown destination to NIC2 and see the PCs using ARP. However the PCs will need a default gateway entry of NIC1.
I have a similar setup to yours but use a single NIC on the Server and plug all of the hosts into a Netgear Integrated ADSL Modem/Router/Firewall/Wi-Fi ....
If Jeff's suggestion doesn't get you going, post up a print out of your routing tables using the "route print" command in DOS mode.
NIC1 doesn't actually need a default gateway as it will forward packets of unknown destination to NIC2 and see the PCs using ARP. However the PCs will need a default gateway entry of NIC1.
I have a similar setup to yours but use a single NIC on the Server and plug all of the hosts into a Netgear Integrated ADSL Modem/Router/Firewall/Wi-Fi ....
If Jeff's suggestion doesn't get you going, post up a print out of your routing tables using the "route print" command in DOS mode.
Trending Topics
31 January 2005, 01:34 PM
#10
Well...
From a client, I can VPN the office & (the really important bit) use our SQL client to connect to the office SQL server so as I can access our booking program
But
I cannot ping the 2 servers in the office by IP addy & netbios is not working for browsing & I can't locate/connect to the Exchange server as a client
&
IF
I do this from my server (VPN etc) it completely knackers ALL internet access for both clients and servers (ie no access) & it requires a re-boot to clear...
From a client, I can VPN the office & (the really important bit) use our SQL client to connect to the office SQL server so as I can access our booking program
But
I cannot ping the 2 servers in the office by IP addy & netbios is not working for browsing & I can't locate/connect to the Exchange server as a client
&
IF
I do this from my server (VPN etc) it completely knackers ALL internet access for both clients and servers (ie no access) & it requires a re-boot to clear...
31 January 2005, 03:49 PM
#11
Scooby Regular
Remember, when you ping a host it has to send the packet (reply) back. So not only does your routing have to be setup correctly, but the route back to your network has to be configured on your office LAN too.
DNS would need to be configured for you office servers in order to resolve internet names i.e. ping exchange.myworkdomain.com
WINS would need to be configured for you to resolve Netbios names e.g. ping exchange
OR you could use static Ip mappings from a hosts file.
can you ping your office network (lots of different servers) and internet servers using just the IP addresses. Use Tracert to see where the packets are being directed.
Stefan
DNS would need to be configured for you office servers in order to resolve internet names i.e. ping exchange.myworkdomain.com
WINS would need to be configured for you to resolve Netbios names e.g. ping exchange
OR you could use static Ip mappings from a hosts file.
can you ping your office network (lots of different servers) and internet servers using just the IP addresses. Use Tracert to see where the packets are being directed.
Stefan
01 February 2005, 08:52 AM
#14
Scooby Regular
Firstly the problems you describe are pretty much what I would expect...
Your using your Win2K machine as a router which doesn't have any NAT facility. The office network doesn't (probable) know how to get to your new network as it isn't in it's (the office servers) route table. The name resolution issue is probable down to the wrong WINS/DNS information on your clients.
When you use the VPN software on the server it will (probable !) stop any access from any other source for security reasons...
The easy solution is to put a broadband router on your network (assuming you have broadband !) and connect all your devices into that rather than into the Win2k machine. If memory serves you have a SonicWALL device at your main office...if that's the case buying a TZ150 for your home network (£230) will do away with the requirement to use VPN clients.....
Your using your Win2K machine as a router which doesn't have any NAT facility. The office network doesn't (probable) know how to get to your new network as it isn't in it's (the office servers) route table. The name resolution issue is probable down to the wrong WINS/DNS information on your clients.
When you use the VPN software on the server it will (probable !) stop any access from any other source for security reasons...
The easy solution is to put a broadband router on your network (assuming you have broadband !) and connect all your devices into that rather than into the Win2k machine. If memory serves you have a SonicWALL device at your main office...if that's the case buying a TZ150 for your home network (£230) will do away with the requirement to use VPN clients.....
01 February 2005, 01:37 PM
#16
Scooby Regular
Join Date: Nov 2001
Location: Leeds - It was 562.4bhp@28psi on Optimax, How much closer to 600 with race fuel and a bigger turbo?
Posts: 15,239
Likes: 0
Received 1 Like
on
1 Post
Deffo the VPN Client will kill the other network connections, the nortel contivity one definitely does.
Also Is your firewall allowing ICMP for the Ping to return?
Use a virtual machine to run your VPN client, or accept that you will have no access to networks other than the VPN allowswhilst using the VPN client.
If you do a route add whilst using our VPN client.. it disconnects you.
So if I want to surf whilst using VPN I configure my IE to go via works firewall.
Another thing worth checking if you cant access resources is that the VPN client is configuring the WINS and DNS settings.
If you really need to do it, use VMWARE / MS Virtual PC and run the VPN client within that..
David
Also Is your firewall allowing ICMP for the Ping to return?
Use a virtual machine to run your VPN client, or accept that you will have no access to networks other than the VPN allowswhilst using the VPN client.
If you do a route add whilst using our VPN client.. it disconnects you.
So if I want to surf whilst using VPN I configure my IE to go via works firewall.
Another thing worth checking if you cant access resources is that the VPN client is configuring the WINS and DNS settings.
If you really need to do it, use VMWARE / MS Virtual PC and run the VPN client within that..
David
01 February 2005, 10:37 PM
#17
Thanks for all the help guys
I have access to 1 network via VPN that I can authenticate to, browse, attach to the exchange server, ping any other machine on the network or ping any other machine over their extended network & browse/access all my local resources...
From the same machine @ home, I can just VPN & use the sql client & not browse the internet when I'm connected... to the office one (thats with the use remote gateway option either checked or unchecked) & then it hangs the local machine on disconnect
I do have Broadband ( & at long bloody last ) & my router is connected to a SoHo3 Firewall which I purchased from eBay but no VPN clients. I also have the luxury of a block of real IP addys. I want to run Exchange, IIS & ISA on either W2K or WS2003. I want to be able to remotely access my server & w/stations for files, admin & OWA. I want to remotely access my office & wifey needs to remotely access hers via IPSEC VPN client.
How would you set this up to be simple, secure & effective?
I have access to 1 network via VPN that I can authenticate to, browse, attach to the exchange server, ping any other machine on the network or ping any other machine over their extended network & browse/access all my local resources...
From the same machine @ home, I can just VPN & use the sql client & not browse the internet when I'm connected... to the office one (thats with the use remote gateway option either checked or unchecked) & then it hangs the local machine on disconnect
I do have Broadband (
& at long bloody last ) & my router is connected to a SoHo3 Firewall which I purchased from eBay but no VPN clients. I also have the luxury of a block of real IP addys. I want to run Exchange, IIS & ISA on either W2K or WS2003. I want to be able to remotely access my server & w/stations for files, admin & OWA. I want to remotely access my office & wifey needs to remotely access hers via IPSEC VPN client.How would you set this up to be simple, secure & effective?
02 February 2005, 07:08 AM
#18
Scooby Regular
Sell the Soho3 on ebay (it's no good to you without the site to site VPN). Buy a TZ150 and set up a site to site VPN with your office.
Create a flat network (no dual homed servers) behind the firewall. Set up your Exchange & IIS boxes with one to one NAT rules restricted to specific ports. Buy a 1 concurrent Global VPN client for the TZ150 so you can use the GVC from anywhere other than your work office to access your system.
Create a flat network (no dual homed servers) behind the firewall. Set up your Exchange & IIS boxes with one to one NAT rules restricted to specific ports. Buy a 1 concurrent Global VPN client for the TZ150 so you can use the GVC from anywhere other than your work office to access your system.
Thread
Thread Starter
Forum
Replies
Last Post