Home > IT Answers > Mobile > No Gateway Given on VPN Connection
Help

Question

  Asked: May 24 2005   0:35 AM GMT
  Asked by: stevesz

No Gateway Given on VPN Connection


Remote users, Tech support, Networking

I am trying to connect a Windows 2000 server that is on another network to our main network via VPN. The firewall does the authentication. I am using the Microsoft VPN client. When I have connected, I am not able to see any of the network. I run IPCONFIG, and it shows me an IP address, but no gateway. When I use the Microsoft client from a workstation, I do get a gateway taht allows me access. I have used, also, an IPsec client provided by the firewall vendor with the same result, no gateway. I have not tried this from a workstation yet.

I thought that prior to my using up a support incident with the vendor, I'd check here for ideas. I am suspecting that the path through the two firewalls is causing the problem (both are WatchGuard Firebos III--a 70 and a 1000), but I have not been able to see anything that would prevent a gateway from being established. This problem exists whether or not the "Use the remote gateway" or whatever the exact wording is, is checked or not. I do have some server addresses listed in the HOSTS file. We are not using WINS.

Any suggestions would be welcome.

Thanks.

\Steve//

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
Last Answered: May 24 2005  3:22 AM GMT  by Whitecap




I am making an assumption that there is NAT on both firewalls. If this is the case not all firewalls can support MS L2TP over NAT, you will need to check with your firewall vendor on this point. It may be a better approach to set up a point to point IPSec tunnel between the 2 firewalls and run your server traffic through that or alternatively remove NAT from the equation.
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Mobile and Networking.

Looking for relevant Mobile Whitepapers? Visit the SearchMobileComputing.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

stevesz  |   May 24 2005  6:49AM GMT

I’m sorry, I menat to mention that in my query. The originating network is not NATted, while the recieving network is. The problem is evident in both IPsec and PPTP. I had tried the tunnel between the two firewalls, but I did have a problem with that also, and it is a bit foggy right now as to what that problem was. I have been working on this project for some time, but it keeps getting pushed into the background by other, more immediate needs.

 

PhilReed  |   May 24 2005  7:24AM GMT

Is your real problem that you cannot “see” the network ? This is common on Microsoft VPN’s if WINS is not available. You may not be able to browse the network but you should be able to ping devices on the network. The gateway entry is not important as you do not need to access outside of the VPN network. Check that you can ping first - if that does not work then check your routing. If you can ping then the problem is name resolution which can be solved via DNS, WINS or HOSTS/LMHOSTS - depending on how you want to access resources.

 

nitindixit  |   May 24 2005  10:01AM GMT

Hi,
If am not wrong you r not able to access the local network after connecting to VPN. If this is so, we can resolve it by adding a persistent IP route to the system with metric 1. This can be done thru cmd prompt by gibing a command syntax of which is as under:
route ADD 157.0.0.0 MASK 255.0.0.0 157.55.80.1 METRIC 1
destination^ ^mask ^gateway metric^

 

nerdking  |   May 24 2005  10:25AM GMT

We are also using Watchguard Fireboxes at both our locations and have users connect via VPN. We tried using the MS VPN client but had no luck. Contacted Watchguard who told us that they would only guarantee successful VPN using their Mobile User VPN application.

 

stevesz  |   May 24 2005  2:23PM GMT

Phil,

Cannot ping, cannot locate machines on the network, just have a connection, period. If I log in from another outside network, using a variety of firewalls, I have not problem making the connections I need to make.

Steve//

 

stevesz  |   May 24 2005  2:26PM GMT

nitindixit,

I was thinking about the persistant route, but had not gotten around to trying it yet. I’e been tied up all day working on another problem, but hope to get that out of the way so I can get back to this, and will try the persistent route.

 

stevesz  |   May 24 2005  2:30PM GMT

nerdking,

Please note that the same problem exists with the MUVPN client provided. We successfully use the MS client on those we allow to have access, simply because it is a lot easier for them to use that. At anothe sie where the machines connect via VPN, and are connected from the time they are turned on to the time the are turned off, I use the MUVPN, again with great success. The latter case seems to be the type of client that MUVPN is programmed for, not the I need to access my e-mail and some files, and then go off and do something else type of user, where that user does not need a connection to the internal network except for short periods of time while they are in a hotel room or somewhere else.

 

PeterMac  |   May 25 2005  5:26AM GMT

Stevez:
Your problem essentially is due to difference between logging on to security gateway, for VPN connection, but not actually logging on to the remote Network. Some routers have ability to redirect a network logon to an external server, but will need to be setup to do this. Also VPN Client needs to have ability to process the second logon. Can also be done using Microsoft VPN service, and handling everything on Server rather than router, but this involves opening up firewall to allow VPN connection to the Server. Long time since I worked on this sort of thing, and am not familiar with either of the routers you are using, so can’t help much at a detail level.

 

stevesz  |   May 25 2005  7:09AM GMT

PeterMac,

Please reread the post. I have no problem using VPN coming out of any other firewall, just this particular combination. Once I am connected, I can navigate to whereever I need by IP address or via name, if it is in the originating machine’s HOSTS file. When I try this partcular combination, I cannot do anything on the network, and the problem seems to be a lack of a gateway assigned to the VPN connection.

Steve//

 

configure ping with no gateway  |   May 19 2008  8:17PM GMT

[…] … You may not be able to browse the network but you should be able to ping devices on the …http://itknowledgeexchange.techtarget.com/itanswers/no-gateway-given-on-vpn-connection/Gateway - NOVELL FORUMSFrom a windows workstation i can ping the gateway LAN interface a a … […]