... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

comp.dcom.vpn

VPN protocols, clients, awesomeness

2,349 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 1,377 of 2,349

Montgaillard to All

Re: tunnel established but can't ping re

07 Dec 04 00:25:04

   From: nospam@nospam.net   
      
   "Montgaillard"  a écrit dans le message de   
   news:co0hav$p43$1@apollon.grec.isp.9tel.net...   
   >   
   > "Helmut Gaishauser" <6ofeight@web.de> a écrit dans le message de   
   > news:Xns95A96D0988B426ofeight@ID-120281.user.dfncis.de...   
   > > "Montgaillard"  schrub am 17 Nov 2004:   
   > >   
   > > Hi,   
   > > >   
   > > > "Steve Hatch"  a écrit dans le message de   
   > > > news:419B00A3.7070901@vpn-guru.com...   
   > > >> > client : saferemote vpn client on win XP   
   > > >> > server : Zyxel Zywall 50   
   > > >> >   
   > > >> > Connexion goes up but i just can receive ping replies from the   
   > > >> > remote   
   > > > lan ip   
   > > >> > of the zyxel router.   
   > > >> >   
   > > >> > Pinging any pc on the remote network do not return any reply.   
   > > >> >   
   > > >   
   > > > It seems Phase 1 is OK. Phase 2 seems to go fine as well. The VPN   
   > > > client issues a pop-up to tell the connection has been established.   
   > > > Then i can ping 10.0.0.102 (the remote lan ip address of the zyxel)   
   > > > but any other ping to a 10.x.x.x PC fails.   
   > > > I must say that the remote lan PC do not have 10.0.0.102 as the   
   > > > default gateway.   
   > >   
   > > This is a ZyWall50 IIRC. I have the same setup. You need to define a   
   > > forward firewall-rule from WAN to LAN for your remote IP address. I   
   > > just tried it. No rule, no ping. With firewallrule I can access the   
   > > whole LAN (or whatever address I specify in the Firewallrule).   
   > >   
   > I have a dynamic IP address on the roaming PC so i don't know how to write   
   > this rule.   
   >   
   > Even disabling the zywall firewall does not solve that :-(   
   >   
      
   I finally solved my problem. It was a routing problem.   
   The PCs i tried to reach must have a default gateway pointing to the Zywall   
   to send the pings back to the vpn client. Kind of basic for most fo you i   
   guess   
   but you learn the hard way everyday.   
      
   The Zywall must also have a default route to send whatever he doesn't know   
   as destination address,   
   which is the case for a roaming pc, to the next router on the internet.   
      
   It wasn't firewall related but a routing problem.   
      
   The problem i have now is telling the PCs to direct the usual internet   
   (http, ftp and mail) traffic   
   to the former LAN gateway (a win2000/ISA server) and direct only VPN traffic   
   back to the second gateway (Zywall).   
      
   I just solve a problem to face a greater one it seems.   
      
   Could any one help ?   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]