Hi.

Is it possible to connect to the router via a VPN, and then communicate to a LAN than is connected via the Lan2Lan connection?

For example, client A connects in, then client B connects via a Lan2Lan connection.

Can client A see machines on client B's network?

Is it just a matter of setting a route on client A's machine? Or does the router even support this?

Regards,
Andrew

If you're dialling in as a teleworker, then yes, because your allocated IP address is on the host's subnet.

If it's two LAN-to-LANs then I think you can but settings are needed.

What are those stings LAN to LAN!

I have a 2960 as a dial in to remote dial in users. That 2960 has a lan2lan ipsec tunnel with a draytek 3200 (dial-out), and my remote dial-in users (they connect to 2960) can access to the lan of the 3200 without problems... my config:

2960 lan config:
network subnet: 192.168.1.0/24
draytek 2960 lan ip: 192.168.1.150/24

3200 lan config:
network subnet: 10.0.0.0/24
draytek 3200 lan ip: 10.0.0.100/24

You must set all vpn parameters (ike phase protocols and negotiations) with the same options at both drayteks... mine has:
ike phase 1: main mode
Preshared key: ***** (it must be the same of course)
Security protocol: esp
ike phase 2: 3DES with auth
Perfect forward secrecy status: disable
route/nat mode: route

You must set as remote host the public ip of the other draytek.
Don't use gre config. That's for vpn trunking.
Set your local ip/subnet with the right data and the same with the remote ip/subnet. In my case:
In 2960 (dial in) -> local ip/subnet 192.168.1.0/24 and remote ip/subnet 10.0.0.0/24
In 3200 (dial out) -> local ip/subnet 10.0.0.0/24 and remote ip/subnet 192.168.1.0/24

Voilá... you don't need to set static routes because the draytek's route table has the other lan subnet range.

Hope it helps.