BM 3.6 + VPN Client 3.7 + NAT + private ipaddress

Hallo,

i've a new vodaphone D2 PCMCIA Data Connect Card ( Germany ) to dial
into 
Internet over VPN-Client to my BM server. It work, but i cannot ping
hosts 
in my private network. Over the provider i became also private
ipaddresses 
( 10.x.x.x ), so this addresses could not route over the BM !!! Had
anyone 
an idea, if it is possible to route private ip addresses in VPN-Client
to 
private ip addresses to bm ? Or, is it possible to give the vpn-client
a 
second ipaddress from my private network ? How is the way to configure
my 
bm + vpn client to get it to work ??? Or is there no way (
reglimentation 
NAT over vpn - client ) ?

Had anyone an idea ?

Regards,
Norbert



0
NSuttner
4/2/2003 6:27:29 PM
novell.bordermanager.vpn 2677 articles. 0 followers. Follow

9 Replies
466 Views

Similar Articles

[PageSpeed] 59
Get it on Google Play
Get it on Apple App Store

1.  Make sure the internal hosts have their default gateways set to
the
private address of the BM server.

2.  Make sure the ip address you receive from your isp is not on the
same subnet as the one behind BM and the vptunnel address.  All 3
should be on different ip subnets.

3.  In NWAdmin > BM server details > Bordermanager setup > VPN >
Client
to site details > specify the encrypted networks and add the internal
subnet behind BM.

4.  SET NAT DYNAMIC MODE TO PASS THRU=ON - make sure setting is in
effect on the BM server.


-- 
Lance Reynolds, CNE
Using XanaNews 1.14.3.2



0
Lance
4/3/2003 3:53:13 AM
> 1.  Make sure the internal hosts have their default gateways set to
the
> private address of the BM server.

Ok, my config is so
> 
> 2.  Make sure the ip address you receive from your isp is not on the

> same subnet as the one behind BM and the vptunnel address.  All 3
> should be on different ip subnets.

ISP -> 10.225.255.203 255.255.255.255
private -> 95.0.0.0 255.0.0.0
BM -> 213.221.117.114 255.255.255.240
> 
> 3.  In NWAdmin > BM server details > Bordermanager setup > VPN >
Client
> to site details > specify the encrypted networks and add the
internal
> subnet behind BM.

encrypted network 95.0.0.0 255.0.0.0
IP encyption is set to all networks ? is it right or is it to set to
encrypt only networks listed below ?
 
> 4.  SET NAT DYNAMIC MODE TO PASS THRU=ON - make sure setting is in
> effect on the BM server.

is active
But i cannot ping any host in my private network after making this 
changes. Any other idea ? Directory agent list ?

Thanks,
Norbert
> 
> 
> -- 
> Lance Reynolds, CNE
> Using XanaNews 1.14.3.2




0
NSuttner
4/3/2003 11:21:41 AM
> ISP -> 10.225.255.203 255.255.255.255
> private -> 95.0.0.0 255.0.0.0
> BM -> 213.221.117.114 255.255.255.240

What is your vptunnel address?  Also, I'm not exactly sure how the vpn

will act when using routable ip addressing on the private network.  I
always use 10.x.x.x or 192.168.x.x.  Is it possible for you to change
your private side to one of these ranges?

> encrypted network 95.0.0.0 255.0.0.0
> IP encyption is set to all networks ? is it right or is it to set to

> encrypt only networks listed below ?

Encrypt only networks listed below.
-- 
Lance Reynolds, CNE
Using XanaNews 1.14.3.2



0
Lance
4/3/2003 11:34:54 AM
Hallo,

> 
> > ISP -> 10.225.255.203 255.255.255.255
> > private -> 95.0.0.0 255.0.0.0
> > BM -> 213.221.117.114 255.255.255.240
> 
> What is your vptunnel address?  Also, I'm not exactly sure how the
vpn
> will act when using routable ip addressing on the private network. 
I
> always use 10.x.x.x or 192.168.x.x.  Is it possible for you to
change
> your private side to one of these ranges?

Where can i find the vptunnel address ? I can't change my private ip
side. 
Qur network is too big ( many routers and so on ) to change it. But,
with 
your changes i can ping the private ip adress from my BM server - 
95.0.0.3 !!!!! So, i think i am inside my network !!! But i cannot
ping 
other hosts - citrix server 95.0.0.40 !!!!

Regards,
Norbert
> 
> > encrypted network 95.0.0.0 255.0.0.0
> > IP encyption is set to all networks ? is it right or is it to set
to
> > encrypt only networks listed below ?
> 
> Encrypt only networks listed below.
> -- 
> Lance Reynolds, CNE
> Using XanaNews 1.14.3.2




0
NSuttner
4/3/2003 2:42:49 PM
NSuttner@mse-gmbh.de,

> Where can i find the vptunnel address ?

Type CONFIG at the server.

> But i cannot ping other hosts - citrix server 95.0.0.40 !!!!

What version of Netware?  If you're running 5.0, you might try LOAD
PIM.
 
-- 
Lance Reynolds, CNE
Using XanaNews 1.14.3.2



0
Lance
4/3/2003 8:37:54 PM
Hallo Lance,

what is PIM ? My BM runs on Netware 5.0 !! If i load PIM, the
following 
error occurs -> IPRegister for PIM tunneling failed - the module is
dated 
from 8Dec99 ver 4.22c ??

Regards,
Norbert


> NSuttner@mse-gmbh.de,
> 
> > Where can i find the vptunnel address ?
> 
> Type CONFIG at the server.
> 
> > But i cannot ping other hosts - citrix server 95.0.0.40 !!!!
> 
> What version of Netware?  If you're running 5.0, you might try LOAD
PIM.
>  
> -- 
> Lance Reynolds, CNE
> Using XanaNews 1.14.3.2




0
NSuttner
4/7/2003 8:45:46 AM
NSuttner@mse-gmbh.de wrote:

> what is PIM ?

PIM is a multicast routing protocol. See here.
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10070872.htm

> IPRegister for PIM tunneling failed - the
> module is dated from 8Dec99 ver 4.22c ??

Just ignore that error.  Can you ping with PIM loaded?
-- 
Lance Reynolds, CNE
Using XanaNews 1.14.3.3



0
Lance
4/7/2003 10:58:35 AM
Hi Lance,

i cannot ping when pim loaded, i take an data connect card from german
t-
d1 with public ip-adresses and it works fine !!! Thanks for your help
!!!

Norbert Suttner
netware 5 cne
germany

> NSuttner@mse-gmbh.de wrote:
> 
> > what is PIM ?
> 
> PIM is a multicast routing protocol. See here.
> http://support.novell.com/cgi-bin/search/searchtid.cgi?/10070872.htm

> 
> > IPRegister for PIM tunneling failed - the
> > module is dated from 8Dec99 ver 4.22c ??
> 
> Just ignore that error.  Can you ping with PIM loaded?
> -- 
> Lance Reynolds, CNE
> Using XanaNews 1.14.3.3




0
NSuttner
4/12/2003 11:01:52 AM
Does it work if you disable all access rules and UNLOAD IPFLT at the
server?


-- 
Lance Reynolds, CNE
Using XanaNews 1.14.3.6



0
Lance
4/14/2003 11:00:27 AM
Reply: