| Author |
tunnel established but can't ping remote network apart vpn router
|
|
| Philippe Torres 2004-11-13, 5:45 pm |
| client : saferemote vpn client on win XP
server : Zyxel Zywall 50
Connexion goes up but i just can receive ping replies from the remote lan ip
of the zyxel router.
Pinging any pc on the remote network do not return any reply.
Adding a static route on the remote lan PCs don't change anything :
route add <vpn client wan ip> mask 255.255.255.255 <vpn router lan ip>
Anyone met this kind of trouble ?
| |
| Mike Drechsler - SPAM PROTECTED EMAIL 2004-11-13, 8:45 pm |
| Philippe Torres wrote:
> client : saferemote vpn client on win XP
> server : Zyxel Zywall 50
>
> Connexion goes up but i just can receive ping replies from the remote lan ip
> of the zyxel router.
>
> Pinging any pc on the remote network do not return any reply.
>
> Adding a static route on the remote lan PCs don't change anything :
> route add <vpn client wan ip> mask 255.255.255.255 <vpn router lan ip>
>
> Anyone met this kind of trouble ?
Try from another PC.
--
WARNING! Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)
| |
| Helmut Gaishauser 2004-11-16, 7:45 am |
| "Philippe Torres" <djeunk@club-internet.fr> schrub am 13 Nov 2004:
> client : saferemote vpn client on win XP
> server : Zyxel Zywall 50
>
> Connexion goes up but i just can receive ping replies from the
> remote lan ip of the zyxel router.
>
> Pinging any pc on the remote network do not return any reply.
>
> Adding a static route on the remote lan PCs don't change anything :
> route add <vpn client wan ip> mask 255.255.255.255 <vpn router lan
> ip>
>
> Anyone met this kind of trouble ?
>
>
Yep. Just up to a few minutes back, I had the same problem. But I think
I found the solution:
* the remote address has to be a subnet which is not in the
addressrange of the destination network.
* NAT Traversal has to be enabled, if there are some other routers in
between (e.g. You are behind a cable/DSL-Modem with router)
* both networks may not share the same address-range. (e.g.
192.168.1.0) unless NAT is setup properly. (This I am investigating
further)
HTH
--
cheers /"\ ASCII Ribbon Campaign
hELMUT \ /
X No HTML in
/ \ email & news
| |
| Montgaillard 2004-11-16, 5:45 pm |
| Thanks for responding, Helmut.
I am aware about the different subnet addresses condition. But on the
client side, i just have a public address given by the ISP, no LAN.
I guess it's more to do with NAT traversal even if my broadband modem is
supposed to be just that, a modem and not a router (it's a "blackbox"
leased by the ISP) and in that case, no NAT is needed.
The Zyxel supports it but i am not sure about the VPN client NAT-T support.
My VPN client version is exactly "IPSEC Dialup client" Safenet SoftRemote
9.2.1 (build 2)
I didn't find any parameter to tweak NAT-T on this client unlike in SSH
sentinel.
"Helmut Gaishauser" <6ofeight@web.de> a écrit dans le message de
news:Xns95A37A5D516206ofeight@ID-120281.user.dfncis.de...
> "Philippe Torres" <djeunk@club-internet.fr> schrub am 13 Nov 2004:
>
> Yep. Just up to a few minutes back, I had the same problem. But I think
> I found the solution:
>
> * the remote address has to be a subnet which is not in the
> addressrange of the destination network.
> * NAT Traversal has to be enabled, if there are some other routers in
> between (e.g. You are behind a cable/DSL-Modem with router)
> * both networks may not share the same address-range. (e.g.
> 192.168.1.0) unless NAT is setup properly. (This I am investigating
> further)
>
> HTH
>
> --
> cheers /"\ ASCII Ribbon Campaign
> hELMUT \ /
> X No HTML in
> / \ email & news
|
|
|
|