hello, first sorry my poor english, still keep trying ...
i need a (little ?) help with the kerio server-to-server VPN:
kerio wrf 6.0.9
tunnel to location B established
lan interface use more than on ip adress !!!
first (or regular) ip: 192.168.0.1
second ip: 220.127.116.11
kerio wrf 6.0.9
tunnel to location A established
lan interface not in use (cable disconnected)
at the moment only the (public) WAN interface is online
and here my problems:
this is working:
ping from winroute computer at location B to winroute computer at loacation A: ping 192.168.0.1 works fine, min: 16ms, average: 74 ms, max:247ms
ping from winroute computer at location B to a computer BEHIND the winroute computer at location A: does NOT work:
ping 192.168.0.2 timeout
i checked to ping 192.168.0.2 from the local winroute computer (192.168.0.1): no problem, in local network it works
also, the same problem is on the 18.104.22.168 network:
if i ping this host (alpha server) from the local winroute server, everything is fine, if i ping the alpha_server from location B (the winroute server at the other end of the VPN tunnel): timeout
what is wrong?
by the way:
i've created some temporory rules (at the top of the rule sets) on each winroute firewall VPN server:
src: VPN tunnel
srv: any icmp
dst: VPN tunnel
srv: any icmp
if i loog at the connection logs i can see the connections (VPN in / VPN out)
and here are the results from a trace route
(issued at winroute firewall at loc B, destination is the alpha server at loaction A)
Routenverfolgung zu band_alpha [22.214.171.124] über maximal 30 Abschnitte:
1 231 ms 235 ms 26 ms 10.189.73.2
2 * * * Zeitüberschreitung der Anforderung.
well, i'm not sure but may it be possible (<-- is that english --> ) that there is a need for some manual routes for the way "back to home" ???
for me it looks like in the header of the ping/tracert packets there is the ip from the vpn-server (10.189.73.2 and 10.189.73.1).
ok, when issuing the command, kerio vpn server knows that the destination (126.96.36.199) can be reached via the vpn which uses internal the 10.189.73.1 and 10.189.73.2. But the responding clients (e.g. a windows server 2003 at 192.168.0.2 or the above alpha server at 188.8.131.52) do have no imagination how to reach the 10.189.73.1/2 hosts (the kerio vpn adapters ip).
so what do i have to do?
when studing the kerio vpn manual i thought the routing between the lans will be done by kerio automatically, but not for icmp traffic?
i'm to confused now, if anyone knows what to do please help!
thx for your interest,
At the two extra rules also select logging of packets. Try ping agian and look in the filter log what is happening.
Kerio discussion forums are intended for open communication between forum
members and may contain information and material posted by members which may
be useful in learning about Kerio products. The discussion forums are not
intended to provide technical support for any specific product. Any
information implied or expressed in the discussion forums is that of the
posting member. Kerio is in no way responsible for the information posted in
the forums, or its accuracy. Kerio employees may participate in the
discussions, but their postings do not represent an offical position of the
company on any issues raised or discussed. Kerio reserves the right to
monitor and maintain the forums to promote free and accurate exchange of