Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » need help with server-to-server VPN
  •  
yoyo

Messages: 5
Karma: 0
Send a private message to this user
hello, first sorry my poor english, still keep trying ...

i need a (little ?) help with the kerio server-to-server VPN:

location A)
kerio wrf 6.0.9
tunnel to location B established
lan interface use more than on ip adress !!!
first (or regular) ip: 192.168.0.1
second ip: 194.64.200.10

location B)
kerio wrf 6.0.9
tunnel to location A established
lan interface not in use (cable disconnected)
at the moment only the (public) WAN interface is online

and here my problems:
this is working:
ping from winroute computer at location B to winroute computer at loacation A: ping 192.168.0.1 works fine, min: 16ms, average: 74 ms, max:247ms
BUT
ping from winroute computer at location B to a computer BEHIND the winroute computer at location A: does NOT work:
ping 192.168.0.2 timeout

i checked to ping 192.168.0.2 from the local winroute computer (192.168.0.1): no problem, in local network it works

also, the same problem is on the 194.64.200.10 network:
if i ping this host (alpha server) from the local winroute server, everything is fine, if i ping the alpha_server from location B (the winroute server at the other end of the VPN tunnel): timeout

what is wrong?

by the way:
i've created some temporory rules (at the top of the rule sets) on each winroute firewall VPN server:

src: VPN tunnel
dst: any
srv: any icmp
act: allow
log: connection

src: any
dst: VPN tunnel
srv: any icmp
act: allow
log: connection

if i loog at the connection logs i can see the connections (VPN in / VPN out)

and here are the results from a trace route
(issued at winroute firewall at loc B, destination is the alpha server at loaction A)

>tracert band_alpha

Routenverfolgung zu band_alpha [194.64.200.20] über maximal 30 Abschnitte:

1 231 ms 235 ms 26 ms 10.189.73.2
2 * * * Zeitüberschreitung der Anforderung.


well, i'm not sure but may it be possible (<-- is that english --> Cool ) that there is a need for some manual routes for the way "back to home" ???

for me it looks like in the header of the ping/tracert packets there is the ip from the vpn-server (10.189.73.2 and 10.189.73.1).

ok, when issuing the command, kerio vpn server knows that the destination (194.64.200.20) can be reached via the vpn which uses internal the 10.189.73.1 and 10.189.73.2. But the responding clients (e.g. a windows server 2003 at 192.168.0.2 or the above alpha server at 194.64.200.20) do have no imagination how to reach the 10.189.73.1/2 hosts (the kerio vpn adapters ip).

so what do i have to do?

when studing the kerio vpn manual i thought the routing between the lans will be done by kerio automatically, but not for icmp traffic?

i'm to confused now, if anyone knows what to do please help!

thx for your interest,
hubert
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
At the two extra rules also select logging of packets. Try ping agian and look in the filter log what is happening.

Feite
Previous Topic: Problem of NAT for https pages.
Next Topic: User statistics, which services/protocols are included in Other?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 15:14:03 CET 2017

Total time taken to generate the page: 0.00396 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.