File Sharing stopped working between 2 diff. subnets

[morkman100]

Basically, my office network is comprised of 20 or so PC's (XP) connected to each other via 2 Netgear switches (all the PC's use static IPs). A Linksys wireless router connects our 6000/608 DSL line to the network (using 192.168.0.X ips). We use a Cisco VPN 3002 Hardware Client to connect our office network to our corporate network (AS400). In order for pc's to access the corporate network, the Cisco client needs to routes ip's using 192.168.3.X. ip's The Cisco VPN connects to the Linksys router, uses an IP from the Linksys router as a WAN IP, then routes the 192.168.3.X ip's. In this config, file sharing and network printer access (between the 2 diff. subnets) would work fine (i.e. 192.168.0.2 could print to printer at 192.168.3.11)

I wanted the Cisco VPN/network to have it's own dedicated connection (to improve performance), so I added a 2nd DSL line. So now the Cisco VPN plugs directly into the new DSL modem (instead of into the Linksys router). But now, file sharing and network printer access between the different subnets stopped working.

From what I've found, it seems that the file sharing would work since the VPN Router was behind the wireless router. Seems like a firewall issue, but that is just a stab in the dark.

Am I missing someting obvious? Any ideas?

Pics:
Network Layout (Before)
Network Layout (After)

Note: We are using WinXP on all of these machines, and use WinXP file sharing for the file share. All computers are on the same network Workgroup.

Thanks in advance.

morkman

 

[spidey07]

You'll need to fix your network.

All machines need to be in the same IP subnet. They could all be 192.168.3.0 or 192.168.1.0. But NOT both.

 

[morkman100]

"All machines need to be in the same IP subnet. They could all be 192.168.3.0 or 192.168.1.0. But NOT both."

But that wouldn't work for my network, since the client access software for the VPN requires that all TCP/IP traffic to flow through the VPN router. If I reconfigured all my pc's to use the 3.X ip, then all that Internet traffic would be flowing through the VPN hardware (defeating the purpose of the 2nd DSL connection).

Thanks.

morkman

 

[spidey07]

You'll need to fix your network and get all the IPs in the same subnet. This is a requirement for TCP/IP and a network to function properly.

If you want to get it working add a route to the 3002 for 192.168.0.0 and point it to it's ethernet interface.

What are the masks and default gateways for the client machines?

What you're doing is called multi-netting and can lead to all sorts of weird problems and is generally considered "a very bad idea"

What you could do...

1) get all machines on the same subnet
2) plug new DSL line into 3002, then plug 3002 into linksys router
3) add routes on the linksys router for the remote subnets you need to reach at HQ

 

[morkman100]

What are the masks and default gateways for the client machines?

The VPN client machines use 192.168.3.X ip's, 255.255.255.0 mask and 192.168.3.1 gateway.

The rest of the network uses 192.168.0.X ip's, 255.255.255.0 mask and 192.168.0.1 gateway.

The IP for the hq server is 192.168.2.4.

What you're doing is called multi-netting and can lead to all sorts of weird problems and is generally considered "a very bad idea"

But it worked...

3) add routes on the linksys router for the remote subnets you need to reach at HQ

So, I would add a route to 192.168.2.4?

Thanks for your help, Spidey.

 

[morkman100]

FYI... the wireless router is a Linksys WRT54G.

 

[spidey07]

yes. If the only remote network that you need to reach is on the 192.168.2.0 network with a mask of 255.255.255.0...

then add a route on the linksys box for that network, its next hop will be the internal address of the VPN box.

It worked before because you had an invalid configuration. But the VPN box had a route to the 192.168.1.0 network and routed it out its interface with a 192.168.1. address.

 

[morkman100]

I'm afraid networking is not my forte...

Linksys Routes Config Page

I've used 192.168.2.4 as the name.

Destination IP is 192.168.2.4
mask is 255.255.255.0
Gateway is 192.168.3.1
Interface is LAN/WIRELESS

I get the error: "Gateway not directly reachable through that interface"

The VPN box is hooked up to the wireless router via a LAN port.

What am I missing?


Thanks.

morkman

 

[spidey07]

the route on the linksys should be for a 192.168.1.0 next hop.

the internal address of the 3002 should be a 192.168.1.0 address (since it is attached to the linksys)

so make sure what linksys calls gateway (next hop) is pointing to the internal address of the 3002.

 

[nweaver]

Really, hire a network engineer as a consultant for a few hours to get this working. There is a reason Spidey07 makes lots of cash. It's worth it in the long run to have a pro do the setup on this.

 

[morkman100]

Got it working. You pushed me in the right direction. Just took a bit of time to figure out the details.

On my router, I put 192.168.2.0 as the destination IP and 192.168.0.254 as the gateway (I assigned 192.168.0.254 to the IP for the VPN). Switched all the 3.X ips to 0.X ips and now everything is working great. The VPN connection works perfectly and the printers & file sharing are working again.

I'm guesing that this is exactly what you were telling me to do too.

Thanks again for your help Spidey.

 

[spidey07]

Good deal.

Now that was about 3 hours of work. you owe me 660 dollars.

Please PM me the address and contact for invoicing.

 

[morkman100]

Originally posted by: spidey07
Good deal.

Now that was about 3 hours of work. you owe me 660 dollars.

Please PM me the address and contact for invoicing.

Sure, just call me... 555-1234.



Really, thanks again.

 

[BornStar]

Originally posted by: spidey07
Good deal.

Now that was about 3 hours of work. you owe me 660 dollars.

Please PM me the address and contact for invoicing.

:Q

Is that what you normally charge? I need to ditch this small company Systems Admin gig.

 

[nweaver]

(not that I get it...but) when consulting for my company, my bill rate is between $140-$300 an hour. Spent almost a year (40 hour weeks) onsite for one customer at $180 an hour.