DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

LAN to LAN VPN using 2820, can only Ping one way

  • candl
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
28 Aug 2010 10:56 #63578 by candl
Cheers StuC,

I was thinking about trying different network addresses. As you say it's not a good idea to use 192.168.0.x. In this case I was trying to keep things the same for the remote site, when moving from the ISDN to VPN, since they are 250 miles away and have very little IT expertise. Fortunately I left remote access enabled on their 2820 so I can reconfigure it from my end.

Anyway thanks for the ideas.
Will go and beat my head against it on Tuesday. :)

Please Log in or Create an account to join the conversation.

  • candl
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
31 Aug 2010 12:24 #63611 by candl

I'll maybe have to have a look with Wireshark to see exactly how far the ping's getting when I get back in the office on Tues.


Well that sorted it, frightened it into submission!!
Well, actually no, a reboot of the remote router seemed to solve most of the problems, I could now ping the m/c I was running Wireshark on, from the remote end. I still couldnt ping the m/c that had been moved from the ISDN link though. Flushed its ARP cache , still nothing, then I noticed on my Wireshark an ARP request 'Where is 192.168.0.11?. Turns out the ISDN router was 192.168.0.11 not 192.168.0.1 as I thought it was , doh!!!
Once I'd reset the default g/w from 0.11 to 0.1 it all worked ok.
Been working now all morning , seems ok , touch wood :)

So, basically it was down to a reboot and some finger trouble.
Anyway thanks for the interest guys. :)

Please Log in or Create an account to join the conversation.

More
19 Sep 2010 21:04 #63851 by phillb
Thanks for this post, just solved my problem for me!

I've just replaced my old Vigor 2600 routers at home and work with 2820 routers and set a pptp VPN between them over ADSL. Connection came up fine and worked fine in one direction (from the dial out router to the dial in) but couldn't connect or ping in reverse.

I had the Route/Nat setting set to Nat as the manual states "If the remote network only allows you to dial in with single IP, please choose NAT, otherwise choose Route." I only have a single static IP at each end, so selected NAT. However, changing to ROUTE both ends as you suggest has it all working fine. I guess the manual must just be wrong?

I'm not sure what the "Rip Direction" does. At the moment I have it set to disable both ends, is that correct?

Am I also correct in thinking I should have one router as dial out and one as dial in rather than both as dial in/out?

Thanks again for the help,

Phill.

Please Log in or Create an account to join the conversation.

  • candl
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
20 Sep 2010 09:39 #63860 by candl

I'm not sure what the "Rip Direction" does. At the moment I have it set to disable both ends, is that correct?


Yep, you can leave it disabled AFAIK

Am I also correct in thinking I should have one router as dial out and one as dial in rather than both as dial in/out?


It probably doesnt matter, with both as dial in/out then either end will initiate the VPN, wheras the other way only the dial out will initiate it. IME there is usually logically one end which should act as the dial out and it probably makes more sense to operate it that way.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami