DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

LAN to LAN, can only see some IPs

  • sheltons
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
24 Mar 2020 17:20 #1 by sheltons
LAN to LAN, can only see some IPs was created by sheltons
Hi,
I have setup an SSL LAN to LAN from home to work and all seemed well, I could RDP into server and see shares. However, when i wanted to RDP into my work PC it failed to connect. I tried RDP from server to work PC - success.

I opened a cmd window on home laptop and cannot pin work PC but can ping server. If I ping workpc@work.local it translates to the correct IP but no ping. From a little experimentation it appears there are holes in the IP subnet I cannot see, where as i should be able to see the whole Subnet.

Home 2860n 3.8.9.7_BT
Work Vigor2862Lac 3.9.2_BT

I used this article to setup the SSL LAN-LAN
https://www.draytek.co.uk/support/guides/kb-lantolan-ssl

I've checked my config against the article a number of times and cannot see that I have made an error.

John.

Please Log in or Create an account to join the conversation.

  • hornbyp
  • User
  • User
More
24 Mar 2020 17:32 #2 by hornbyp
Replied by hornbyp on topic Re: LAN to LAN, can only see some IPs

Sheltons wrote:
I opened a cmd window on home laptop and cannot ping work PC but can ping server. If I ping workpc@work.local it translates to the correct IP but no ping.



This could be the Default Gateway setting on the Work PC. If it doesn't have one, or it's not the 2862Lac, you would get this effect. If you double-hop on to the work PC, via the server, you can try a 'Tracert -d' back to your home PC and see how far it gets.

Please Log in or Create an account to join the conversation.

  • sheltons
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
24 Mar 2020 17:46 #3 by sheltons
Replied by sheltons on topic Re: LAN to LAN, can only see some IPs

hornbyp wrote:

Sheltons wrote:
I opened a cmd window on home laptop and cannot ping work PC but can ping server. If I ping workpc@work.local it translates to the correct IP but no ping.



This could be the Default Gateway setting on the Work PC. If it doesn't have one, or it's not the 2862Lac, you would get this effect. If you double-hop on to the work PC, via the server, you can try a 'Tracert -d' back to your home PC and see how far it gets.



It's a domain PC so all setting got from DHCP of the Domain Controller (Server I can RDP).
I did the Tracert -d on the server and the workstation, the Server traces back but the workstation fails as 192.168.x.200 which is the IP given to the LANtoLAN on the work router.

So it does seem to be a routing problem on the router - bug?
John

Please Log in or Create an account to join the conversation.

  • hornbyp
  • User
  • User
More
24 Mar 2020 18:17 #4 by hornbyp
Replied by hornbyp on topic Re: LAN to LAN, can only see some IPs

Sheltons wrote:
I did the Tracert -d on the server and the workstation, the Server traces back but the workstation fails as 192.168.x.200 which is the IP given to the LANtoLAN on the work router.

So it does seem to be a routing problem on the router - bug?


I'm not convinced ... not if one node on the Remote LAN (the server) works and another one doesn't...

Could it be the Windows Firewall, on the 'Work PC'?

(I'm wondering if Active Directory needs to be made aware of this new network as well? - I know there are related settings, but don't ask me where I saw them! It would probably depend on whether Window Firewall is centrally managed - and if it is indeed the problem)

Please Log in or Create an account to join the conversation.

  • sheltons
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
24 Mar 2020 19:28 #5 by sheltons
Replied by sheltons on topic Re: LAN to LAN, can only see some IPs

hornbyp wrote:

Sheltons wrote:
I did the Tracert -d on the server and the workstation, the Server traces back but the workstation fails as 192.168.x.200 which is the IP given to the LANtoLAN on the work router.

So it does seem to be a routing problem on the router - bug?


I'm not convinced ... not if one node on the Remote LAN (the server) works and another one doesn't...

Could it be the Windows Firewall, on the 'Work PC'?

(I'm wondering if Active Directory needs to be made aware of this new network as well? - I know there are related settings, but don't ask me where I saw them! It would probably depend on whether Window Firewall is centrally managed - and if it is indeed the problem)


Wow, little embarrassing, it's working. I was looking at the Firewall policy in Group Policy, that's fine for the server but the rest had Sophos Firewall Installed. Added a secondary policy for my home subnet and its now allowing me to remote in.

Thanks for your replies, they led me to the fix.

Please Log in or Create an account to join the conversation.

  • hornbyp
  • User
  • User
More
25 Mar 2020 00:43 #6 by hornbyp
Replied by hornbyp on topic Re: LAN to LAN, can only see some IPs

Sheltons wrote:
it's working.


Good.

Just a thought ...
...with a LAN-to-LAN VPN, rather than a "Remote Dial-in User", everyone/everything on the work LAN potentially has access to everything on your home LAN. Firewall rules on your 2860 are probably in order, if you've not already set them up.

Please Log in or Create an account to join the conversation.