Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Greg Zartman on October 23, 2003, 04:31:48 AM
-
I have a IPSec VPN setup between two of our offices and am having trouble with machines that are setup with static ip addresses. Specifically, I've setup the IPSec VPN and all is well with overall comunications. I added my remote LAN IP subnet to the "Local Networks" and can ping all machines at my main office with DHCP assigned IPs from the remote LAN. However, I cannot ping machines in my main office with static ip addresses from the remote office. I know this is some sort of a routing issue, but can't figure out exactly what it is. Why is it that only machines with DHCP assigned IPs seem to be routing correctly, and static IPs not routing correctly?
Many thanks.
Greg Zartman
-
What is the default gateway set to on the pcs. ? Same as that of the DHCP clients ?
Bill
-
> What is the default gateway set to on the pcs. ? Same as that
> of the DHCP clients ?
Yes, that is correct. In my main office, I have an SME server that serves as the gateway for the main office LAN. Among other things, SME also provides DHCP for my main office LAN. To this LAN, I added an IPSec VPN router that serves as a gateway for VPN traffic. To get VPN traffic from the remote LAN routing correctly, I added the IP subnet of my remote office to the "Local Networks" in server-manager of my SME 6 machine at my main office. After doing this, I can ping all machines in my main office, from the remote office, with DHCP assigned IP addresses. When I try to ping machines with static ip addresses from my remote office, I get IP unreachable. When I SSH into my SME 6 main office server from my remote office, I can ping the static IPs just fine. This has to be a routing issue, but not sure how to fix it.
THanks
Greg
-
Take a look at a previous post http://www.e-smith.org/bboard//read.php?f=3&i=37988&t=37988. You need to gather the routing tables of all the servers and examples on routing tables of both sides of the lans. Also what are the LOCAL network settings on each SME ?
Bill
-
Bill,
I figured my problem out. :)
In a nutshell, my remote pings where hitting their intended targets on my main office LAN, but were being returned across the wrong gateway; thereby being lost. My situation differs slightly from the example thread you pointed me to. I'm not using SME to establish the VPN connection, but two SOHO IPSec VPN routers. In my main office, I have an SME server setup as the primary gateway, DHCP server, DNS, etc,etc. This server is on a dedicated, external static IP address and is the primary gateway for my main office LAN. To this network, I added one of the SOHO routers on it's own, external, static ip address and with a static internal IP address that was within the subnet of my main office LAN. The problem was that clients were trying to send ping reponses over the SME gateway, but not the SOHO IPSec gateway. In essense, my remote pings were being lost on the main office side.
The problem was partialy fixed by adding my remote subnet as a LOCAL NETWORK in main office SME server-manager. This local network setting created a static route entry on my main office SME server that correctly routed packets orginating from my remote lan back over the IPSec router. Problem is, this only worked from main office clients that received their IP addresses from the SME server via DHCP. Machines that I setup with internal static IPs did not have the appropriate routing information to know that it needed to send packes orgininated from my remote subnet over the IPSEC gateway. I fixed the problem by adding static route information to each of the clients with static ip addresses. Now, all is well!!! :-)
Greg Zartman