This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Roadwarriors to access to both internal networks. How?

Hi,
I have an ASL box setup like this:

code:

internet
 |
eth2
 |                     / 192.168.2.2
ASL--eth1--192.168.2.0 - 192.168.2.3
 |                     \ 192.168.2.4
eth0
 |          /192.168.1.2
192.168.1.0 -192.168.1.3
            \192.168.1.4

I have enabled a PPTP server, and Roadwarriors are getting their IP addresses in the 192.168.1.0 network. Is it possible to enable the rounting to 192.168.2.0 network for my PPTP clients? If yes, how would I do that? Right now the only packets to be routed into the VPN connection are the ones with destination 192.168.1.x

Forgive my naiveness in some of this. I'm a relative newb [:)]

Thanx a lot!

[size="1"][ 07 October 2002, 22:12: Message edited by: Silencerr ][/size]

This thread was automatically locked due to age.

Parents

0 Silencerr over 22 years ago

Forgot to mention that I have unchecked the use default gateway in the properties of the TCP/IP of the VPN connection on the client box. I don't want all their traffic to be routed through the VPN. But I do want the traffic to all internal networks to go through, not just the one that it gets assigned the IP from.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Silencerr over 22 years ago

Forgot to mention that I have unchecked the use default gateway in the properties of the TCP/IP of the VPN connection on the client box. I don't want all their traffic to be routed through the VPN. But I do want the traffic to all internal networks to go through, not just the one that it gets assigned the IP from.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Rayzor over 22 years ago in reply to Silencerr

Silencerr

I think you could try two options

1: Since you message states your remote clients are recieving 192.168.1.x addresses, they are already a member of the eth0 network. therfore you can just set up two packet filters saying

eth0 network>>>>any>>>eth1 network>>>> allow
eth1 network>>>>any>>>eth0 network>>>> allow

2: you could also try defining your PPTP pool in the Network definitions...once this is done you could set up filters likw this

pptp pool>>>>any>>>eth1 network>>>> allow
eth1 network>>>>any>>>pptp pool>>>> allow

remember....order of your packet filters are important

Hope this helps

Rayzor
Cancel
Vote Up 0 Vote Down

Cancel
0 Andy_01 over 22 years ago in reply to Rayzor

Silencerr, i think the best solution is to have a PPTP-Pool different to the internal addresses like 10.X.Y.0/24 and set the packet filter rules according to this:

PPTP-Pool --> Any --> eth0_Network__ Allow
PPTP-Pool --> Any --> eth1_Network__ Allow

If you don't want to use the remote gateway, well than you have to set routes on the roadwarrior like 'route add 192.168.1.0 MASK 255.255.255.0 10.X.Y.1' and 'route 192.168.2.0 MASK 255.255.255.0 10.X.Y.1'
Cancel
Vote Up 0 Vote Down

Cancel
0 Silencerr over 22 years ago in reply to Andy_01

First of all thanks for all the replies!

Here's what I did to make it work:
Instead of creating three different networks 192.168.0.0/32, 192.168.1.0/32, 192.168.2.0/32 I made 3 subnets for 192.168.1.0 (255.255.255.192), so what happens now is PPTP clients get additional route for 192.168.0.0/255.255.255.0, so my firewall gets all the packets destined for any of those networks from my vpn clients and I am free to do anything I want to with them.
Cancel
Vote Up 0 Vote Down

Cancel