Draytek VPN problem

Started by MisterW, Aug 27, 2010, 20:37:46

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

MisterW

Aug 27, 2010, 20:37:46
Ok guys Its not like me to be the helpee I'm normally the helper but this one's got me stumped.
I've posted this on the Draytek forum but I know there are quite a few good techies on here ( some even have Drayteks )
so I thought I'd post here to see if anyone had any thoughts...

QuoteI've got a LAN-LAN IPSec VPN using 2 Draytek 2820's

Site A
local subnet 192.168.1.0/24
2820 connected via WAN1 to BT ADSL line with Static IP

Site B
local subnet 192.168.0.0/24
2820 connected to existing network ( 8 Static IP's ) via WAN2 with spare Public Static IP

The VPN establishes, no problem.

From anywhere on site B local network I can ping anything on site A.
From Site A, I can ping as far as Site B router on 192.168.0.1 but can't ping anything connected to the local network 192.168.0.x.
From Site B router I can ping the local devices on 192.168.0.x

I've checked the routing tables on both 2820's when the VPN's up and they look ok to me.

It just looks like the 2820 that's connected via WAN2 can't route VPN traffic to the local subnet!!

Anyone any clues please?

A couple of responses already on the Draytek site

QuoteCheck whether the Route/NAT setting under section 4 TCP/IP settings is set to Route, otherwise you'll get a one way only route like you're seeing.

My response
Yep, TCP/IP settings both ends are set to Route.
From what I can see it's managing to route 192.168.0.x down the VPN ok from Site A since it can ping the internal IP of the 2820 at Site B ( 192.168.0.1 ) but then it's failing to route other 192.168.0.x addresses out to the Site B lan.

QuoteIs there more than one gateway at either end?
I.E. are all the machines you are pinging using the VPN router as their gateway?
If a machine at a far end has a different gateway the ping may get to it but it's reply will have no route back across the VPN.

My response
Yep, they're all ( well there are only 2 at the moment ) connected directly to the 2820 with it as the default gateway. I did consider that it could be the routing of the reply back through the VPN rather than the ping not getting to them, but that's sort of contradicted by the fact that machines on the 192.168.0.x subnet can ping those on 192.168.1.0 so it must be routing correctly through the VPN under those circumstances. Come to think of it then that also means that the replies are routing correctly back to the 0.x subnet. Also I can ping both of the 0.x machines from the 'ping diagnostics' on the local ( 192.168.0.1 ) 2820. So they must both be configured ok.
This is really strange.

Thanks in advance for any ideas...
Print
Go Up Pages1
User actions