PDA

View Full Version : Site to Site VPN Problems

Ryan B
08-22-2006, 05:31 AM
I'm having some major problems with a site to site vpn. I was able to
successfully set up demand dial connections in both sites and sucessfully
connected. For some reason I can't ping another workstation across sites. I
setup a child domain server on the main site and brought it to the branch
site to be used as the network bridgehead. If I ping from the rras server
itself, I can ping both the Internal address and both demand dial
connections, but it won't ping the internal address of the other router
across the connection. If I try to ping from a workstation, the only thing I
can ping is the ip address of the demand dial connection. Do you think it
could be something to do with the fact that I actually setup the network with
a class B ip addresses. In theory it should all be "one" network . I didn't
use any subnets. One network starts with 172.16.31.x and the other one
starts wtih 172.16.20.x both with a netmask of 255.255.0.0. Please help!!!
Gaylen Michael
08-22-2006, 02:22 PM
Are you using ISA? If so, I had this same problem until I setup an access
rule allowing for traffic to pass over the VPN.


"Ryan B" <RyanB@discussions.microsoft.com> wrote in message
news:0C843E5D-7B9F-4461-9C7F-B50F749290BD@microsoft.com...
> I'm having some major problems with a site to site vpn. I was able to
> successfully set up demand dial connections in both sites and sucessfully
> connected. For some reason I can't ping another workstation across sites.
> I
> setup a child domain server on the main site and brought it to the branch
> site to be used as the network bridgehead. If I ping from the rras server
> itself, I can ping both the Internal address and both demand dial
> connections, but it won't ping the internal address of the other router
> across the connection. If I try to ping from a workstation, the only
> thing I
> can ping is the ip address of the demand dial connection. Do you think it
> could be something to do with the fact that I actually setup the network
> with
> a class B ip addresses. In theory it should all be "one" network . I
> didn't
> use any subnets. One network starts with 172.16.31.x and the other one
> starts wtih 172.16.20.x both with a netmask of 255.255.0.0. Please
> help!!!
Ryan B
08-22-2006, 03:32 PM
No. I'm just using the standard routing and remote access that came with the
server.

Ryan

"Gaylen Michael" wrote:

> Are you using ISA? If so, I had this same problem until I setup an access
> rule allowing for traffic to pass over the VPN.
>
>
> "Ryan B" <RyanB@discussions.microsoft.com> wrote in message
> news:0C843E5D-7B9F-4461-9C7F-B50F749290BD@microsoft.com...
> > I'm having some major problems with a site to site vpn. I was able to
> > successfully set up demand dial connections in both sites and sucessfully
> > connected. For some reason I can't ping another workstation across sites.
> > I
> > setup a child domain server on the main site and brought it to the branch
> > site to be used as the network bridgehead. If I ping from the rras server
> > itself, I can ping both the Internal address and both demand dial
> > connections, but it won't ping the internal address of the other router
> > across the connection. If I try to ping from a workstation, the only
> > thing I
> > can ping is the ip address of the demand dial connection. Do you think it
> > could be something to do with the fact that I actually setup the network
> > with
> > a class B ip addresses. In theory it should all be "one" network . I
> > didn't
> > use any subnets. One network starts with 172.16.31.x and the other one
> > starts wtih 172.16.20.x both with a netmask of 255.255.0.0. Please
> > help!!!
>
>
>
Robert L [MS-MVP]
08-23-2006, 03:22 PM
Sounds like routing issue. Posting the results of both server routing tables here may help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Ryan B" <RyanB@discussions.microsoft.com> wrote in message news:0C843E5D-7B9F-4461-9C7F-B50F749290BD@microsoft.com...
I'm having some major problems with a site to site vpn. I was able to
successfully set up demand dial connections in both sites and sucessfully
connected. For some reason I can't ping another workstation across sites. I
setup a child domain server on the main site and brought it to the branch
site to be used as the network bridgehead. If I ping from the rras server
itself, I can ping both the Internal address and both demand dial
connections, but it won't ping the internal address of the other router
across the connection. If I try to ping from a workstation, the only thing I
can ping is the ip address of the demand dial connection. Do you think it
could be something to do with the fact that I actually setup the network with
a class B ip addresses. In theory it should all be "one" network . I didn't
use any subnets. One network starts with 172.16.31.x and the other one
starts wtih 172.16.20.x both with a netmask of 255.255.0.0. Please help!!!