Demand Dial Routing

Code:

---

I am having problems with routing from a client which is connected to a server which uses "Demand Dialing" to gain access to

a specific subnet.

Here is the routing table of the server BEFORE the Demand Dial connection is created:
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway      Interface  Metric        Additional Information
          0.0.0.0          0.0.0.0    217.34.225.78    217.34.225.75    30        Out onto the internet
        10.0.0.0        255.0.0.0        10.1.0.30      10.1.255.30      1       
        10.1.0.0      255.255.0.0      10.1.255.30      10.1.255.30    20       
      10.1.250.10  255.255.255.255        127.0.0.1        127.0.0.1    50        VPN [IN] STUFF (old connection)
      10.1.255.30  255.255.255.255        127.0.0.1        127.0.0.1    20        Company Network
  10.255.255.255  255.255.255.255      10.1.255.30      10.1.255.30    20       
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      172.18.0.0      255.255.0.0    172.18.0.200    172.18.0.200    20       
    172.18.0.200  255.255.255.255        127.0.0.1        127.0.0.1    20        RIS Network
  172.18.255.255  255.255.255.255    172.18.0.200    172.18.0.200    20
    217.34.225.72  255.255.255.248    217.34.225.75    217.34.225.75    30
    217.34.225.75  255.255.255.255        127.0.0.1        127.0.0.1    30
  217.34.225.255  255.255.255.255    217.34.225.75    217.34.225.75    30
        224.0.0.0        240.0.0.0      10.1.255.30      10.1.255.30    20
        224.0.0.0        240.0.0.0    172.18.0.200    172.18.0.200    20
        224.0.0.0        240.0.0.0    217.34.225.75    217.34.225.75    30
  255.255.255.255  255.255.255.255      10.1.255.30      10.1.255.30      1
  255.255.255.255  255.255.255.255    172.18.0.200    172.18.0.200      1
  255.255.255.255  255.255.255.255    217.34.225.75    217.34.225.75      1
Default Gateway:    217.34.225.78
===========================================================================

So I have 3 interfaces as you can see, 217 - Internet NIC, 10 - Internal Company network and 172 - Internal RIS network.

Routing a remote access/NAT is setup and everything works fine, 172 can ping 10 network, 10 can access internet, 172 can

access internet. Now the problem is when I setup "Demand Dialing".
Setup:
Demand Dial 192.168.0.0/16 access via VPN 82.152.32.72 PERSISTENT

Now here is new routing table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway      Interface  Metric
          0.0.0.0          0.0.0.0    217.34.225.78    217.34.225.75    30
        10.0.0.0        255.0.0.0        10.1.0.30      10.1.255.30      1
        10.1.0.0      255.255.0.0      10.1.255.30      10.1.255.30    20
      10.1.250.10  255.255.255.255        127.0.0.1        127.0.0.1    50
      10.1.255.30  255.255.255.255        127.0.0.1        127.0.0.1    20
  10.255.255.255  255.255.255.255      10.1.255.30      10.1.255.30    20
    82.152.32.72  255.255.255.255    217.34.225.78    217.34.225.75    30
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      172.18.0.0      255.255.0.0    172.18.0.200    172.18.0.200    20
    172.18.0.200  255.255.255.255        127.0.0.1        127.0.0.1    20
  172.18.255.255  255.255.255.255    172.18.0.200    172.18.0.200    20
      192.168.0.0      255.255.0.0          0.0.0.0    192.168.1.17      1
      192.168.0.0      255.255.0.0    192.168.1.19    192.168.1.17      1
    192.168.1.17  255.255.255.255        127.0.0.1        127.0.0.1    50
    192.168.1.19  255.255.255.255    192.168.1.17    192.168.1.17      1
    192.168.1.255  255.255.255.255    192.168.1.17    192.168.1.17    50
    217.34.225.72  255.255.255.248    217.34.225.75    217.34.225.75    30
    217.34.225.75  255.255.255.255        127.0.0.1        127.0.0.1    30
  217.34.225.255  255.255.255.255    217.34.225.75    217.34.225.75    30
        224.0.0.0        240.0.0.0      10.1.255.30      10.1.255.30    20
        224.0.0.0        240.0.0.0    172.18.0.200    172.18.0.200    20
        224.0.0.0        240.0.0.0    192.168.1.17    192.168.1.17    50
        224.0.0.0        240.0.0.0    217.34.225.75    217.34.225.75    30
  255.255.255.255  255.255.255.255      10.1.255.30      10.1.255.30      1
  255.255.255.255  255.255.255.255    172.18.0.200    172.18.0.200      1
  255.255.255.255  255.255.255.255    217.34.225.75    217.34.225.75      1
Default Gateway:    217.34.225.78
===========================================================================

Now the Demand Dial server can ping 192.168.1.1 which is the internal IP of 82.152.32.72
Reply from 192.168.1.1: bytes=32 time=66ms TTL=128
Reply from 192.168.1.1: bytes=32 time=71ms TTL=128
Reply from 192.168.1.1: bytes=32 time=72ms TTL=128
Reply from 192.168.1.1: bytes=32 time=90ms TTL=128

but the clients, for example them on the 10 network cannot.
Tracing route to 192.168.1.1 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  DC1-2003 [10.1.255.30]
  2    *        *        *    Request timed out.
  3    *        *        *    Request timed out.
  4    *        *        *    Request timed out.
  5    *            ETC

Why not? The clinet can ping everything else. All the following options are turned on on the server:
Routing and Remote access: LAN and demand dial routing
Routing and Remote access: IP: Enable IP Routing
Routing and Remote access: IP: Allow IP based remote access and demand dial connection
Routing and Remote access: IP Routing: General: Demand Dial connection: Enable IP router manager

No filtering is setup anywhere.
What gets me is the fact all other routing works apart from the demand dial up one. All the clients have the server set as

its default gateway and its dns (although dns does not apply here)

thanks if anyone can help

---

Honest answer is I've no clue how to fix this, as I've no experience with RAS, but I can offer conjecture as to the possible cause of the problem...

The remote end of the VPN is aware of the 192.168.x.x networks but is either unaware of how to route to the other networks, so chances are it is receiving the ping request but unable to know where to send the reply.
(Asymmetric routing.)

Alternatively it might be a firewall at the other end which is only expecting to see 192.168.x.x traffic and so anti-spoofing is kicking in and dropping the inbound request.


It might be possible to employ (hide mode) NAT on the server to get round this problem, as all clients will then appear to come from one IP in the 192.168.x.x range (most likely the server itself), but I can't help with that.


Might be way off-base, but it's where I would start.

GL!

thanks very much for your input, I've just got back from lunch and have a few things to do, then I'll put on my techy head and look into it, looks like you may have a point with Asymmetric routing, scene as it would NOT be using NAT (nat only used for internet request), meaning the remote 192 machine wont know how to route back to the 10 box as it's (the 192 box) default gateway is that of the internet.

cheers again
I'll let you know how I get on

edit: well i've just managed to kill my computer at home so I cant connect from work, ill have a look when i get home

I've sorted it, it was a biggie, if anyone wants to know how mail me rick1_11@hotmail.com