I have setup on a BM-Slave-Server VPN-Client-Access.
I setup the Role therefore, i open all ip-filters from VPN-Internal
and 
vice versa. I can connect with the VPN-Client , but i can't ping any 
internal device, also not the BM internal adapater.
The site-to-Site-Link is working fine.

Does anybody have a idea ?

Beat Brunner

hi Beat,

> I have setup on a BM-Slave-Server VPN-Client-Access.
> I setup the Role therefore, i open all ip-filters from VPN-Internal
and
> vice versa. I can connect with the VPN-Client , but i can't ping any

> internal device, also not the BM internal adapater.
> The site-to-Site-Link is working fine.

you don't have to open any special filters if you can establish the
VPN
already.
This looks like a routing issue.
Is the Bm server private IP address the def. gateway of the servers
(inside
your LAN), that you are trying to reach through the client?
Second, what version of BM are you using? Is your client behind NAT?
If it
is, what IP address does your client have, and what is the PRIVATE IP
address of your BM server?


--
Cat
Novell Support Connection Volunteer Sysop

The BM is the only sever in the network. 
I was dialin in via a provider.
With this Laptop and this provider, i can dial-in to other BM-Servers.

The BM is 3.6 (with newest Sp).
The clients in the network are pointing to this BM-Server.

so, wath else could wrong now ?

Beat

> hi Beat,
> 
> > I have setup on a BM-Slave-Server VPN-Client-Access.
> > I setup the Role therefore, i open all ip-filters from
VPN-Internal and
> > vice versa. I can connect with the VPN-Client , but i can't ping
any
> > internal device, also not the BM internal adapater.
> > The site-to-Site-Link is working fine.
> 
> you don't have to open any special filters if you can establish the
VPN
> already.
> This looks like a routing issue.
> Is the Bm server private IP address the def. gateway of the servers 

(inside
> your LAN), that you are trying to reach through the client?
> Second, what version of BM are you using? Is your client behind NAT?
If 
it
> is, what IP address does your client have, and what is the PRIVATE
IP
> address of your BM server?
> 
> 
> --
> Cat
> Novell Support Connection Volunteer Sysop
> 
> 

hi Beat,

ahhhh, this makes the difference :-)
It's a NAT issue.
in inetcfg/bindings/select the public binding, go to the advanced
binding options and network address translation.
Change the dynamic only mode to static and dynamic, and add a NAT
association between the private IP address of the BM server and
*itself*. You will get a warning message, but don't worry about it.
This should fix your issue.

--
Cat
Novell Support Connection Volunteer Sysop

> hi Beat,
> 
> ahhhh, this makes the difference :-)
> It's a NAT issue.
> in inetcfg/bindings/select the public binding, go to the advanced
> binding options and network address translation.
> Change the dynamic only mode to static and dynamic, and add a NAT
> association between the private IP address of the BM server and
> *itself*. You will get a warning message, but don't worry about it.
> This should fix your issue.
> 
> --
> Cat
> Novell Support Connection Volunteer Sysop
> 
> 
this was the solution. Thanks a lot!
Beat