RE: VPN routing

2001-09-25 Thread Miley, Dan 

does the VPN/firewall device have routes in it to the other subnets. (route
print under NT, or show ip route under IOS)

under 2000 there's a check box under tcpip properties-advanced-networking

that says use default gateway on remote network or somesuch. is that
checked?

-Original Message-
From: Jason Gauthier [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 25, 2001 10:09 AM
To: NT System Admin Issues
Subject: VPN routing



  This is a somewhat involved problem, so I'll try to give as much detail as
possible to help paint a picture.
  
We've got several internal subnets. (i.e., 192.168.1.x, 192.168.2.x,
192.168.3.x and so forth)
We have a firewall device terminating the VPN connections.  The pool of IP
addresses assigned for this are  in our primary subnet. (192.168.1.x).
By default, the W2k PPTP client adds a route to the network your VPN device
is assigned.  So, now all traffic destined for 192.168.1.x via the VPN
connection works great.

However, any communications to the other subnets will try and find their way
using my default route. My ISP.. and they won't get anywhere.

I can remedy this problem manually pretty easily:

ipconfig /all
get IP address of VPN interface
route add 192.168.0.0 MASK 255.255.0.0 [ip address of VPN interface]

However, This is not a sufficient task to ask my remote end users.
I'm looking for a way to automatically execute this command after the VPN
connection is established.
Even a batch file they can run manually would be acceptable. 
The problem I've run into, is that Windows does not have very advanced text
handling routines as commands. So stripping the IP address from ipconfig to
save into a variable is nearly impossible.

Thoughts, ideas, suggestions?

Jason





Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mod
e=0lang=english
This e-mail may be privileged and/or confidential, and the sender does not
waive any related rights and obligations. Any distribution, use or copying
of this e-mail or the information it contains by other than an intended
recipient is unauthorized. If you received this e-mail in error, please
advise me (by return e-mail or otherwise) immediately. 

Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english

Re: VPN routing

2001-09-25 Thread GMasters 


Jason,

This sounds a lot like a problem we had here with our VPN - users in
Munich/Paris not being able to get to thier servers when they connected to
the London office via VPN.  So, can you tell me...:

What kind of device do you have in between all the subnets?
What are the IP addresses of said router?
What is the IP address and mask of the VPN device? (and what kind of device
is it?)

Cheers
Gerald
= = =
Gerald Masters
Senior Network Administrator
Kingston Technology Europe Ltd
Sunbury-on-Thames
UK
= = =
e: [EMAIL PROTECTED]
w: www.kingston.com/europe



   
  
Jason Gauthier 
  
jgauthier@las   To: NT System Admin Issues  
  
tar.com  [EMAIL PROTECTED]  
  
 cc:   
  
25/09/2001   Subject: VPN routing  
  
15:08  
  
Please respond 
  
to NT System  
  
Admin Issues  
  
   
  
   
  





  This is a somewhat involved problem, so I'll try to give as much detail
as
possible to help paint a picture.

We've got several internal subnets. (i.e., 192.168.1.x, 192.168.2.x,
192.168.3.x and so forth)
We have a firewall device terminating the VPN connections.  The pool of IP
addresses assigned for this are  in our primary subnet. (192.168.1.x).
By default, the W2k PPTP client adds a route to the network your VPN device
is assigned.  So, now all traffic destined for 192.168.1.x via the VPN
connection works great.

However, any communications to the other subnets will try and find their
way
using my default route. My ISP.. and they won't get anywhere.

I can remedy this problem manually pretty easily:

ipconfig /all
get IP address of VPN interface
route add 192.168.0.0 MASK 255.255.0.0 [ip address of VPN interface]

However, This is not a sufficient task to ask my remote end users.
I'm looking for a way to automatically execute this command after the VPN
connection is established.
Even a batch file they can run manually would be acceptable.
The problem I've run into, is that Windows does not have very advanced text
handling routines as commands. So stripping the IP address from ipconfig to
save into a variable is nearly impossible.

Thoughts, ideas, suggestions?

Jason





Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english







Want to unsub? Do that here:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=ntsysadmintext_mode=0lang=english