"Vladimir Hirner" <vladoh,AT,microstep-mis,DOT,com>|
Mon, 14 Jul 2003 10:36:56 +0200|
i want to ask some questions about routing problems in CIPE configuration.
PC-win2k (NOD1) - NAT FW 1 - internet - NAT FW 2 (running udp redirector) -
Local IP: 0.0.0.0:1111
Peer IP: NAT 2:1111
Local PTP: 10.0.1.1
Peer PTP: 10.0.1.2
local network: 192.168.145.0
192.168.2.0 mask 255.255.255.0 10.0.1.2 using interface 10.0.1.1
10.0.1.2 through 10.0.1.1 using interface 10.0.1.1
10.0.1.0 mask 255.255.255.0 10.0.1.1 using interface 10.0.1.1
Local IP: 0.0.0.0:1111
Peer IP: NAT 1:1111 (i think, it could be also 0.0.0.0 because real peer ip
is handshaked in CIPE connection)
Local PTP: 10.0.1.2
Peer PTP: 10.0.1.1
local network: 192.168.2.0
192.168.145.0 mask 255.255.255.0 10.0.1.1 using interface 10.0.1.2
10.0.1.1 through 10.0.1.2 using interface 10.0.1.2
10.0.1.0 mask 255.255.255.0 10.0.1.2 using interface 10.0.1.2
When the connection is established from NOD1 to NOD2, i can ping both sides
of tunel and also physical IP address of PCs running CIPE devices (NOD1 and
NOD2), but i cannot ping any other PC in internal network on both sides (so
i cannot ping from NOD2 192.168.145.0 and form NOD1 i cannot ping
I think problem is this:
I checked sended packets and the ICMP echo req. is sent through tunel from
NOD2 to NOD1 and then its sent from NOD1 into local network. But its sent
with IP of NOD2s tunel endpoint. I tried changing PTP addreses to
192.168.145.0 network (so 192.168.145.253 (NOD1) and 192.168.145.254
(NOD2) - because NOD2 should have default route into tunel, so its enough to
allow access from NOD2 to NOD1s network, not from NOD1 to NOD2s network) and
then ICMP packet sent from NOD2 is forwarded into 192.168.145.0 network with
source address 192.168.145.254, but it also didn't get back.
So i think this happend:
1. PTP network 10.0.1.0
destination didn't know how to respond to packet sent from 10.0.1.0 network,
so the solution would be to add static route into destination to use
physical IP address of NOD1 (or NOD2 on the other side) to pass the packet.
Another solution would be to enable on NOD1 and NOD2 NAT (how i can use nat
on windows 2000? there is only connection sharing but dont know if it would
make the right think).
2. PTP network 192.168.145.0
packet sent from NOD2 into 192.168.145.0 network is sent with source IP
192.168.145.254 but it could not get back because the destination doesn't
know its ethernet physical address so it tries to send ARP req. with
192.168.145.254? but it seems CIPE device doesn't answers it, so destination
could not send response packet.
How should i configure CIPE to get access to whole internal network?