Hi All,

I have a problem with setting up routing between two sites. One site (Main/LAN1) has two ISPs and one of them is used for VPN. Remote site has only one ISP for everything. Remote site Draytek router is dialing in using PPTP without any problems.

Problem is that clients from remote site can ping/access Main/LAN1 site resources (DNS etc.) but when Main site client is trying to ping Remote site client on LAN2, it fails.

There is a replica DC (DC03) working on remote site without problems. It does get DNS and AD replication/updates from the main DC.

Main Office – LAN1 has two Internet connections.

BT ISP used for VPN
-> VPN 2950 router/fw -> ISP BT -> Internet -> ISP router/Cisco -> Vigor VPN Remote (2820) -> LAN2

Another ISP all other traffic
-> Cisco router / default GW- > Another ISP -> Internet

Default GW is 10.24.0.5 – all traffic but not VPN

Vigor IP for routing VPN is 10.24.0.210.

Main site DC 01 on LAN1 is unable to ping DC 03. DC 01 has default route set to another ISP, which is causing this problem.

Question 1
How to enable correct routing for clients in main office without changing default gateway for internet/email traffic.

Question 2
Another problem is that the VPN link is incredibly slow. It takes about 5 secs to transfer 100KB file.
Main site ISP speed: symetric DSL 2Mbit
Remote site has asymetric DSL 100Mbit down and 20Mbit upload.
How can I increase/troubleshoot VPN link speed?

Below are routing tables for both VPN routers.

I would really appreciate any pointers/tips.

Thanks

Konrad

Draytek configuration for Main Office:


IP: 10.24.0.210 – ROUTING
IP: 10.25.0.254 – NAT

Code:

Key: C - connected, S - static, R - RIP, * - default, ~ - private * 0.0.0.0/ 0.0.0.0 via 81.139.128.1, WAN1 C 10.24.0.0/ 255.255.255.0 is directly connected, LAN C~ 10.25.0.0/ 255.255.255.0 is directly connected, LAN * Public BT IP GW/ 255.255.255.255 via public BT IP GW, WAN1 S public BT IP / 255.255.255.255 via public BT IP, WAN1

Draytek configuration for Remote Office:

Code:

Key: C - connected, S - static, R - RIP, * - default, ~ - private * 0.0.0.0/ 0.0.0.0 via 192.168.0.1 WAN2 C~ 10.25.0.254/ 255.255.255.255 directly connected VPN-1 S~ 10.24.0.0/ 255.255.255.0 via 10.25.0.254 VPN-1 C~ 10.25.0.0/ 255.255.255.0 directly connected LAN1 C 192.168.0.0/ 255.255.255.0 directly connected WAN2

I take it the routing table have both remote subnets in them so each knows the route back.

What happens when you do a trace from each LAN to the opposite one, do both take the expected route?

I have seen a similar issue with Windows Server RAS and it was a route back that was needed in the end

Hi sicon,

Traceroute from LAN2/remote -> LAN1/Main is fine since there is only GW.

LAN1->LAN2 traceroute is going via default GW which is another ISP hence my question is who to enable LAN1 clients routing to go via VPN endpoint (GW) instead of default.

Main office Draytek has following LAN config:

nat usage:
1st IP: 10.25.0.254/255.255.255.0

I am not sure about this setting because this is LAN2/remote office network

IP routing
2nd IP: 10.24.0.210/255.255.255.0

When I add a new route on a LAN1 client (Windows 2003) to point to 2nd IP for routing using

Code:

route add 10.25.0.0 mask 255.255.255.0 10.24.0.210

tracert goes 10.24.0.210 then it times out.
Ping to LAN2 does not work either.

Another problem: on LAN1/10.24.0.0 Draytek, I am unable to add static routes using GUI.
I go to LAN->>Static route setup. Click on Index 2 to create a new route. Type the following but it does not accept them and revert to previous ones.

Code:

Destination address: 10.25.0.20 Subnet: 255.255.255.0 gateway IP: 10.25.0.1 - remote/LAN2 GW Network interface:WAN1

I would appreciate any ideas.

Thanks

Can't help on the routing issues, but with the speed problem try turning off "Enable DOS Defense" under Firewall settings at both ends. I found that some of these settings throttling ICMP packets were the culprits with a very slow VPN.

cheers, Steve

Thanks. I will try that.